cross-posted from: https://lemmy.cat/post/6385
It is currently possible, through Lemmy's API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I'd advise you to activate one or both of them NOW!
After registering x number of accounts (currently I could do thousands), all you have to do is list all the existing communities for each of the account to publishes one new post per community, or more. I'll leave you to picture the mess.
(I apologise to the administrators of sh.itjust.works, I should have done the test with my own server.)
Not sure how email verification should help. Just add a couple of line to role a email address and then open the verification link.
If you don't have your own domain, it's hard to generate mass email addresses, at least with large providers.
So if someone uses his custom domain to mass-generate emails, it's easier to delete all accounts that use this same email provider.
https://duckduckgo.com/?q=10+min+mail+api&t=fpas&ia=web
There are enough options out there. No need selfhost.
True, but if it's from a known provider, you can block those as well (and they probably have their own mechanisms to deal with service abuse).