Reader Mail: Webmention Spam
I received an email yesterday from Eli Mellen, and with Eli's consent thought I am replying publicly.
The email in question:
No worries about this, but I wanted to let you know that something may be going awry with your website's implementation of webmentions -- you 'liked' one of my posts a while ago (https://eli.li/entry/20180314144847) and I've received 1 or 2 webmentions every day since. No big deal, but wanted to let you know in case that wasn't intentional.
All the best, Eli
Thanks for getting in touch.
Yes this is expected, but thanks for letting me know. Is this an issue for you? Ie are you getting a push notification each time and I need to stop that?
I remember having this conversation at the time I released my functionality and Aaron Parecki asked me to limit the number I sent to IndieWeb.org as it wasn't being handled right, but that technically I wasn't doing anything wrong as a webmention receiver should handle repeated notifications and de-duplicate them as required.
I do have some work on my backlog to send them more intelligently but I've not got round to that yet.
But as I say, if it is causing an issue for you please let me know.
Would you be OK me publishing both your email and my reply on my website, so others have a record of it if they want to ask the same thing?
And Eli's final reply:
Groovy! No issue on my end. I only noticed because I get a push with every one. I can mute those pretty easily, though.
I think the worry, as Aaron pointed out, is that a high volume of webmentions sent in this manner could quickly turn into something like a DDOS attack by accident. The volume is fairly low across the indieweb, but central hubs -- sites with more traffic -- could be susceptible.
If you're seeing lots of webmentions from me, I'm sorry but until I have put in the work to intelligently send the webmentions, this will happen for a while! It's been on my TODO list for a while, it turns out I hadn't raised the issue yet.