Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
He explained it already. It looks for a ratio of number of users to posts. If your “small” instance has 5000 users and 2 posts, it would probably assume a lot of those users would be spam bots. If your instance has 2 users and 3 posts, it would assume your users are real. There’s a ratio, and the admin of each server that utilizes it can control the level at which it assumes a server is overrun by spam accounts.
Okay, so how do you bootstrap a new server in that system?
What do you do when you just created a server and can’t get new users because you aren’t whitelisted yet?
But what if you do handful of users to start out, or just yourself? How do become ‘active’ without being able to federate with any other servers? Talk with yourself?
The issue is that it could still be abused against small instances.
For example, I had a bit less than 10 bots trying to signup to my instance today (I had registration with approval on) and those account are reported as instance users even though I refused their registration. Because of this my comment/post ratio per user got a big hit with me being unable to do anything (other than delete those accounts directly from the db).
So even if you don’t allow spam accounts to get into your instance, you can easily get blacklisted from that list because creating a few dozen thousands account registration requests isn’t that hard even against an instance protected by captcha.