Hmm. Just had a thought. If I’m on instance A and I have a follower on instance B, and I toot something, instance A is responsible for delivering that toot to instance B. Is there some sort of authentication or verification on B that the connection is really from A and not some impostor A?


@davewoodx @Gargron I believe they are signed with a public key on Instance A. I may be wrong, but that’s my understanding.

@davewoodx Good thought. I never would have thought of that myself unless someone else had.

@cambridgeport90 Well that's the mistake made back at the beginning of the Internet that has lead to the worlds SPAM problem. There was (and still really isn't) any authentication for sending email. Anyone can send email as anyone. We need to make sure we don't repeat past mistakes.

@davewoodx You are forgetting two important innovations in email; no. three. S-Mime, DKIM, and GPG.

@cambridgeport90 Not forgetting. Solutions added on after the fact haven't helped much because they're all optional. They provide a possible way to filter out garbage email, but they don't really prevent the garbage email from being sent. Even if the end user doesn't see them, they still use bandwidth, server cycles, and drive space.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!