In the last few days we received reports from Cloudmark, Yandex, Microsoft that they are flooded with Codeberg activation emails users flag as spam. We see in our logs many accounts with random usernames that never active, so the reports seem to have a foundation. It seems to work like this:
- evil guy get some lists with email accounts,
- evil guy tries to register (manually or even semi-automated) codeberg.org accounts with these addresses,
- email address owners get unsolicited activation email and hit the spam button.
Question: As we are not involved in the loop, what can we do to stop this problem?