Registrations should require a valid email address and temporary/disposable (e.g. temp-mail.org ) email services should be rejected.
Note this should not be implemented as a whitelist; “obscure” email services such as Protonmail, Tutanota and personal email servers should be allowed.
Pros:
- Cuts down on the number of trolls attempting to register, reducing load on mods and admins.
- Improves our standing with other instances.
- Ensures users have the ability to reset their password.
Cons:
- Has privacy concerns - people may not want to associate their email address with everything.
- Users may not (and perhaps should not have to) trust the admins of this instance with their email.
- May not be supported well by Lemmy, and/or require a blacklist that needs updating.
Aye and nay in the comments, please.
Nay. Too many of our members are here with one of the driving reasons being that we do not have an email requirement. The privacy concerns alone in the Cons list is enough to warrant extreme caution.
Nay
I’d rather Lemmy reimplement a captcha system or something more effective. Like others have said, it’s just too easy to circumvent a blacklist, not to mention using email aliases. Hopefully the API gets locked down so there won’t be any way to create an new account through it, but until those things happen the only ways to safeguard the signup process are manually reviewing user signups, which is unrealistic at scale, or whitelisting email domains, which is also problematic to put it mildly.
+1 for captcha. Are there any open source captcha providers?