Honestly, whoever has an idea for a spam detection measure for Mastodon, and by that I do mean an implementation, get in touch with me, I'll pay for it.
I've been thinking about solutions for the past few days but the more I think about them the more they appear pointless.
Defining an account as suspicious when it has no local followers can be circumvented by just pre-following them, using account age can be circumvented with sleeper accounts, blacklisting URLs does nothing when the spam does not include URLs, checking for duplicate messages sent to different recipients can be circumvented by randomizing parts of the message...
@Gargron Actually Discourse does some basic prevention here by having different user levels which are bound to rate-limits and the ability to post external links.
Not perfect of course, but maybe also worth to think about.
In general I guess the answer is: Small instances because that tends to increases the number of moderators per user. And hope that the community can take care of it.
