My understanding of federation is that it’s like email. If one server is misbehaving, then they get defederated.
So how come email spam still exists - why don’t spammer domains get defederated? It seems like we’ve got the worst of both worlds, where it’s hard to get your emails relayed when you run a small email server, and easy to get them relayed if you’re a spammer.
Is there anything about Lemmy’s architecture that will prevent this problem?
We were really naive back when email was invented.
While Lemmy versions maintain some backwards compatibility, Lemmy is designed to move forward, and allow incremental security improvements. And it is possible to apply significant security updates to individual servers without losing access to the out of date ones.
Email really doesn’t have an equivalent way to improve security, Incrementally, without dropping large legitimate parts of the network.
DMARC and DKIM are making finally progress for email security- by dropping large legitimate parts of the network.