One of my users complained that they received spam from @firstname.lastname@example.org, whose timeline currently looks like:
It turns out this whole instance is screaming with spam red flags:
- It doesn’t verify email addresses1,
- The site that the spambot is advertising, MastodonUserMatching.tk, is a redirect to vinayaka.distsn.org (which is on the same domain as the Mastodon instance2), and
- The bot’s source has the same name (“vinayaka”) as the subdomain it’s spamming ads for.
I conclude that this instance is specifically deployed to allow and assist spamming, and as such, I’m suspending the 2.distsn.org domain effective immediately.