A Guide to Reporting on Infosec.Exchange: Spam

You've seen something bad in the Fediverse. Now you want to let someone know about it. Start here.

A handy graphical flow-chart of this process is also available.

What do you want to report?

First off, take a look at this definition of spam. It will be helpful.

Before you report, please answer these questions:

  1. How many messages did you see that look like spam?
  2. What makes these messages spam?


It didn't spam yet but it surely will

Mod stance

If the account's very existence violates a rule, then that takes priority and we will take action.

If the account doesn't violate any of the rules (including Rule #7) then there's probably nothing to report. Making zero posts while breaking no rules isn't a violation of the spam policy, so we won't take action.

Your options


This one message is clearly spam

Mod stance

One post is not spam. It might break other rules, but it's not spam. Check out the Internet Society's definition of spam.

A single spam post might not be seen by many people. Look at the account's number of followers. Is it single digits? That means this post went to our public timeline and a handful of other accounts.

One post does not violate the spam rule, but it could violate other rules.

Your options

More than one


Mod stance

OK, maybe we're talking about spam.

Your options

  • Before reporting, determine what makes these messages spam.

What makes these messages spam?

How many of these factors apply?

How many of the following are true?

  1. The posts have nothing to do with Information Security.
  2. The posts are identical or nearly identical.
  3. The posts tag lots of unrelated users or try to get their attention.
  4. The posts are asking people to do something for the poster e.g., give money, boost the post, buy a thing.
  5. The posts are more than one per day.
  6. The poster is not creating discussion and/or not responding to replies on the posts.
  7. The posts have lots of unrelated hashtags.

Only one spam factor

Spam is usually bad in lots of ways

Mod stance

If it's not matching up with at least two attributes on this list, it's probably not spam.

Your options

  • If it's not many posts, and only 1 of the listed criteria for spam applies, this activity doesn't meet the threshold for reporting. Please do not report almost-spam to the moderators.
  • Wait until the account has actually violated the spam rule and then submit a report.

Two or more spam factor

I know what spam is and this is spam

Mod stance

Spam is bad. It steals attention, wastes resources, and enables fraud. Infosec.Exchange actively rejects spam.

We don't promise that we will always take action on a few posts that have a few of these things in common. The more posts there are, and the more of these attributes are true, the more likely we are to conclude it is spam and take action.

Your options

  • Since two or more of the listed factors apply, this activity qualifies as spam.
  • Please report spam to the moderators.