@admin Just by the by, Mastodon, Pleroma, Friendica, GoToSocial all have allowlist options for federation as I understand it. Maybe others, maybe Bonfire?

@deutrino @admin here's what I think might be an illuminating factoid:

The IFTAS CARIAD observatory monitors the domain blocks put in place by the largest servers.

5,868 domains have been blocked by at least one of the observed sources.

Not a single one of those 5,868 instances is blocked by all of them.

Only eight domains are blocked by over 90% of the sources.

I think that speaks volumes about this network's ability to govern itself.

@deutrino @admin To your second point, I find it odd when people start leaning toward requiring - or wanting to require - others to hear them.

There are already large fractures, eg global north to SE Asia/Japan instances. You have every right to publish your content, and everyone else has every right to see or not have to see it.

This is how civil society, and our freedoms of expression and association work. Those freedoms include the freedom to not express and to not associate.

@deutrino @admin I can't personally imagine a world where large services go to allowlist, we've not seen them be overly blocky with their denylists, it would be very odd to see any large service move to allowlist.

In general the larger they are, the more permissive they are, I think that's a natural and probably desired result.

Federation is a privilege, not a right.

@arazil @deutrino @admin that is definitely a danger we need to work to avoid, and there's plenty of lessons learned we need to not ignore from email's lifecycle.

@deutrino @admin there will undoubtedly be pushback to any structural changes, but as the network grows, so do the vectors for harm and conflict.

It's a messy network and we all only see the parts of it we're aware of. As more and more companies, people, services join, some communities will likely seek to shrink their visibility or exposure, I think this is a natural outcome.

@deutrino @admin I think the point would be that no-one will force /you/ to do it, but some (mostly smaller) communities seem to want it, and that's their choice, just as much as your choice is yours.

@admin thanks for the feedback!

I think as with all things global, some things will work for some, other things for others. A mix of denylist, greylist, and allowlist options would let every community pick what's best for them.

And, even with allowlist, one probable outcome would be "allow what these other servers I trust allow" and greylist everything else - the possibilities are pretty wide.

The 2025 Social Web Trust & Safety Needs Assessment Report is now available.

Volunteer moderators are burning out. Spam is rising. Legal threats are growing.

The 2025 Report reveals where things stand, and what must change.

Read it now: https://about.iftas.org/2026/01/08/the-2025-social-web-trust-safety-report-is-here/

#TrustAndSafety #Moderation #FediAdmin #MastoAdmin #Moderators #FediMods #MastoMods

@liaizon domains are sometimes added as a catch-all for numerous subdomains.

This domain is blocked for spam and DDOS issues; separately CARIAD shows 87.5% of observed sources blocking the domain at this level.

️ SW-ISAC Advisory

The IFTAS Do Not Interact domain denylist has been updated.

This newly added domains are identified as serving illegal content, based on human review.

If you are a user of the IFTAS DNI denylist, please update accordingly.

https://about.iftas.org/library/iftas-dni-list/

#SW_ISAC_ADVISORY #CSAM

This domain is an ad farm along the lines of other known fediverse spam servers, with 45 accounts creating 6,500 posts per day leading to ad-laden web pages using content scraped and repurposed as news articles or blog posts.

The Mastodon service in use has hidden any local feeds, profiles, admin contact details, and exists purely to inundate feeds with posts that might lead to ad clicks.

A list of known spam services that federate their content is available at https://about.iftas.org/library/known-spam-fediverse-services/

The IFTAS CARIAD Domain Observatory monitors the domains blocked by 51% or more of the observed sources.

Mastodon administrators can browse the database (and compare their blocked domains to the CARIAD database) at https://cariad.fedicheck.iftas.org

Three lists are publicly available in JSON format:

Blocked by 51% or more: https://cariad.fedicheck.iftas.org/api/v1/denylist/domains/by-threshold?threshold=51&api_key=2f8189cc6dbeeb15908c189eb58f4b9450c00b0be85e4a1d52de6be2f0d84f91

Blocked by 66% or more: https://cariad.fedicheck.iftas.org/api/v1/denylist/domains/by-threshold?threshold=66&api_key=2f8189cc6dbeeb15908c189eb58f4b9450c00b0be85e4a1d52de6be2f0d84f91

Blocked by 80% or more: https://cariad.fedicheck.iftas.org/api/v1/denylist/domains/by-threshold?threshold=80&api_key=2f8189cc6dbeeb15908c189eb58f4b9450c00b0be85e4a1d52de6be2f0d84f91

️ SW-ISAC Advisory

The following domain(s) have been added to the IFTAS Abandoned/Unmanaged List

channels dot im

https://about.iftas.org/library/iftas-abandoned-and-unmanaged-domain-list/

#SW_ISAC_ADVISORY #Spam