Random unsolicited thought (disclaimer: I haven't been watching or participating in the spam response at all):
One of the main differences between social/activitypub spam and email spam is that contact lists are largely open, and programmable querying is possible. What does that mean?
If you see a new follow request or mention, you can check to see if anyone else you know follows that person. If not, the spam propensity is much higher. Email servers can't do this [without centralization].
With ActivityPub+Webfinger, we also know precisely who sent the message, with cryptographic signatures for verification, unlike email where From-address-level signatures have proven an elusive goal. The best you can do with SMTP in most cases is to verify that "a server that's trusted by the domain sent the message" but there are so many exceptions due to SMTP's architecture that it's really a crapshoot.
Put another way, if we get this right for the Fediverse AND upgrade our email addresses to support ActivityPub+Webfinger, a robust response to spam across the Fediverse that takes into account social connections could make [SMTP-based] email much less prone to spam and phishing attacks than centralized server- and content-filtering-focused attempts have been to date.
Add comment