Lemmy is probably hurting email spammers because users and community names look like email addresses.

henfredemars@infosec.pub to Showerthoughts@lemmy.world – 325 points –

I wonder how many thousands of spam bots have tried to connect to the servers and send email using text ripped from these pages federated across numerous domains.

And they can’t just block one website. They’d have to individually block every node if they want to crawl the web for email addresses to steal. I hope it’s a real thorn in their side.

26

One specifically for the Indian scammers

behen@chod.in

For all I know that's a real email address 🤣

😂 I never knew how that was spelled

The real way to spell it would be in the Hindi script. This is just the most common approximation in the English version of the Latin script.

You can't get a very accurate version in the Latin script because the Hindi alphabet (devanagiri) has 4 different Ds, two different CH sounds, etc.

It’s a bit of a tangent, but linguistically, that’s quite interesting. How do those “redundant” (in western comprehension) sounds differ? Or is it just that there are explicit characters for each pronunciation (e.g. “cede” vs “can”)?

Don't worry about the tangent, I'm a bit of a linguistics nerd. As you can tell by the following paragraphs.

Try making a d sound with your tongue right behind your teeth. Now try making it with it deeper in your mouth, touching the top of your mouth. There's multiple tongue positions in the mouth that can make d sound. While making the d sound you can also change the amount of air you expel to make the d sound.

This is how a lot of the multiple letters for a single Latin letter work in most indian languages. Explicit characters for each position and often two letters at each consonant position, one for low stress sound at that position and one for high stress.

Found this website for pronunciation of the Sanskrit alphabet: https://oursanskrit.com/sanskrit-grammar-reference/pronunciation-of-sanskrit-letters/

Sanskrit is an ancestor language for most Indian languages, like how Latin is a parent for most European languages. There are some differences between the modern language alphabets, similar to how German, Spanish, and English pronounce "j" differently. Umlauts and/or accents addded to vowels in some european languages, but not others, etc. But the majority of the letters are the same. South Indian (Dravidian languages, as opposed to north India's indo-European languages) have alphabets that look very different but the letters have mostly a 1 to 1 relationship with the north Indian ones.

At my instance I did setup a email wildcard (receive emails from any address on that domain which don't already have a account) and I get a lot of phishing and scam emails, most of them are send "to" /c/meta@femboys.bar, as link to this community is linked in sidebar, but I also seen emails "send to" random usernames

screenshot showing email mailbox, about 15 phishing emails

So yeah, It is happening, i wonder how bad it is on larger instances

The horror! I hope you have a good spam filter

thankfully that is a special mailbox for spam, I sometimes like to come through the emails and see where they submit the data, and maybe submit some data on my own, plus report the issue to website owner/hosting

I personally love my catch-all email domain. Anything that isn’t addressed to a specific list of addresses lands in a generic secondary inbox. So like I can have a personal inbox with the email address I give to friends, a work inbox for the address I give to clients, and an “everything else” inbox that isn’t associated with either work or personal emails.

It also allows me to easily identify which companies are selling my info. If I sign up to a Walmart membership with “Walmart@[domain]” and then start seeing a bunch of spam at that address, I know they sold my info to some ad company. I can simply burn that address; I just filter everything from that address straight into spam. And now my inbox is clean again.

I was searching for this, but how can you do a wildcard account which will just receive mails from all aliases?

it depends on your email provider/server, search under term "catch-all" or alias. I'm using a self hosted email on hestiacp, which have a option under domain email settings

Spammers don't care.. they have a list of millions of addresses and blast through them.. lots are deleted, never existed, or just garbage.

The people that run the email server they are using to send the mail care very much, but in most cases they are not the same people.

When I first started on lemmy during the great exodus and I was still trying to wrap my head around federation, I saw a hexbea(.net) account and straight up thought this dude was using some random email

They also monitor new website registrations and immediately spam info@newdomain

Would be interesting to set up email servers on some of the more popular instances and see how much traffic they're actually getting.

Wondering 💭 how many of spams have been caught.