Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
Regarding your edit, it can’t be that easy since spammers could just generate thousands of AI-written responses to questionnaires
Right, an instance owner has to endorse another on an ongoing basis though. So for example, if an instance owner named Bob initially trusts a spammer based on a questionnaire, and then that guy immediately generates 100 bot accounts to start spamming with, then Bob can revoke the trust and the spammers instances get defederated.
You also need to own a domain to run a Lemmy instance. The cheapest of which are only a few dollars a year, which isn’t much but it does put at least some floor on peoples ability to generate instances that’ll just get banned.
You can use subdomains, which pretty much means infinite instances on a single domain.
That’s just a software / moderation issue though right? If as an instance owner you see a request from someone at “notaspammer.lemonparty.net” but six other subdomains have already been banned from “lemonparty.net” then you’d probably be pretty unlikely to approve any application.
Could it be a subdomain, though? What if a spammer started a “Lemmy instance as a service” on “legit.ml”, and started creating instances on “lemmy.u<number>.legit.ml”? What if some of the instances were actually legitimate, while thousands of others weren’t? What if… oh well, the rabbit hole goes deep on this one.