This is wild to me. Tested it out myself and I couldn't send an SMS with a spot.xyz link to/from Google Voice <-> T-Mobile. And no "failed delivery" notice either, just a silent failure. And yet I still get so many texts that are obviously spam or phishing attempts.
Doing so silently and without a valid and case-specific reason should not be legally allowed.
Edit: Added "street/town" to analogy, and "case-specific" before reason
I will have to look up how this works in the EU and here in The Netherlands. Something to do for the weekend.
I'm glad that Twilio fought for Title II governance: https://ecfsapi.fcc.gov/file/60001324418.pdf
Where was everyone else?
As far as the sanctity of the U.S. Mail, it only applies to sealed envelopes/packages, and Congress can ban items from the mail (e.g. lottery pamphlets, spurious tokens, gasoline, etc.)
Telecom spam filtering seems to be a ridiculously primitive and wide net. I can't imagine a valid use case for dropping a text sent to a number when that number just sent you a text a few seconds before.
I don't understand why SMS spam has such a big issue with false positives compared to email spam when emails are practically free to send but SMS is much more costly.
(Yes, I know there are a lot of false positives on email too ... but we run into false positive SMS spam issues a lot even though it feels like it should be a much simpler problem to solve).
But if the sender is a bad actor, they can just keep testing until they succeed, which will make fraud worse.
Basically there are tons of VOIP companies, with varying levels of give-a-shit and spam detection capabilities.
Generally they are incentivized to let people self-serve on their platform - spin up quickly and start running traffic, or blasting spam, whatever. Especially if you're a small company, you're probably more likely to look the other way for a bit if someone is spending money on your platform, until regulators call, and you can be like "ok we looked into it and shut them down".
Also you don't want to be overly aggressive, because what if a great customer comes onto your platform, loves the ease of setup, and starts running legitimate traffic, then you shut them down because they were triggered by whatever crappy spam heuristics your small company came up with, and the customer is gone to another platform where they don't have to deal with that.
Then the company/group running the traffic moves onto other VOIP providers until they get a bad enough name or push the envelope so much that no one will take them.
Then they just create a new "company" that no one recognizes the name of, and start again.
Honestly I think an open sourcing of spam detection heuristics and algorithms would be a massive help, but companies that are good at this obviously see it as a competitive advantage, just like the email space - for example if Twilio is great at keeping spam off their platform (no idea if they are, but they would have the most resources to do so), then all numbers registered with Twilio are less likely to get flagged/blocked downstream - all Twilio customers benefit.
Twilio can say "any number you buy with us will be considered clean by downstream parties, no need to worry about getting flagged/blocked, then having to change the numbers you use for your business to communicate with customers, which could be saved in their phone already, etc."
The patterns spam takes vary wildly, often being specific to telecom laws and practices in specific jurisdictions, so it really is a tough problem. If an algorithm flags spam, you often want to then reach out to the customer and try to understand if there's a legitimate reason for the traffic patterns, etc. So there's a layer of customer relations beyond the algorithms that's also tough to scale.
Are those actually spam messages or messages "detected" as spam.
Enable me to be the judge and get out of the way.
If I had a spam texts folder that showed me everything I was being blocked from, I'd both appreciate it and not feel this massive breach of trust that things being sent to me are being completely ignored by a third party system.
The system that does this is absolutely primed for censorship, and we have no way to know it's not being used.
1) Neither the SMS protocol nor any phone I've ever seen has any mechanism to file messages in "folders".
2) Processing SMS messages and delivering them to subscribers has a cost. Doing so for high-volume junk messages would place a significant burden on carriers.
3) Most carriers used to charge subscribers for receiving SMS messages. Some still do! Charging subscribers to receive spam SMS messages would be, quite rightly, called out as inappropriate.
My phone (ROG Phone 3 w/ Android 11) automatically flags spammy texts into a "Spam & Blocked" folder, I assumed this was a stock Android feature - is it not?
Or let me view it through some other means.
I'm not opposed to spam filtration as a user default, but doing so silently without any indication of what is being filtered or ability to verify it is working is not acceptable for such a vital messaging system.
Providers should be legally prohibited from intercepting and dropping messages.
(Most of my SMS spam comes from .info domains.)
Do you mean that the SMS messages contain links to .info domains?
It’s a bit obtuse, as you’d expect from the bureaus, but I am thankful for this bit of regulation: https://www.consumer.ftc.gov/articles/prescreened-credit-and...
I mean, going back to the postal service - even the weekly pile of "here, throw this away for me." dead trees we receive (in the US) is mildly irritating. Imagine THAT x 1000!
I'm grateful for the silent block in this case. I mean, my social security number is being canceled, I'm about to be arrested by the IRS, the FBI found a suspicious package with my personal information in it and my car warranty (didn't know I had one) is up for renewal. And that's just this morning. What more can I stand? One of these days I'll press 1 out of desperation...
Also I hate govt/big-corp censorship as much as the next person, but none of this seems remotely political or ideological. And consider the alternative.
That's not the issue - the issue is not alerting the sender that the message has failed.
It's not a big deal if the receiver never receives the message - we can find a different way of reaching out or fix the content problem or whatever. But we never find out. As far as the sender is concerned, the message succeeded.
This is a problem and the very bad spam heuristics employed by even the most competent actors (gmail, for instance) mean that anyone can be impacted by this.
WE THINK THIS MESSAGE IS SPAM
_tap to read anyway_
The net-neutral solution is for ISPs/telecoms to not spam-block, but rather have spam-blocking be an optional, additional, layer that the consumer can choose at will, or not have at all. But the problem with that solution is that it requires the consumer to do extra work to obtain spam protection, and the consumer would not be protected by default. It also means extra work by all parties delivering spam messages. Unless spam ceases or things otherwise change, I think the clunky solution we currently have is fine for the most part.
Then make it set to "on" by default, and if more than 50% of customers switch it off then change the default.
I also think that this should be a requirement for social media. You should be able to opt out of separate filters for "spam", "misinformation", "breast-feeding", and whatever other reasons a social network has for banning legally protected speech.
USPS has a monopoly on first-class mail in the US and a Congressional mandate to deliver to every address.
Telecoms get a (local) monopoly on parts of the radio spectrum.
USPS has no direct competition for first-class mail and they have a monopoly over your mailbox (if you’re in the US).
They are used by large cooperations too. The Alphabet domain is abc.xyz. Science Corp's is science.xyz.
The only work around I found is to not include http://, just use the bare domain.
Personally, I find this behavior of my SMS provider reprehensible.
Cut and pasted the list and the message wouldn't send.
Narrowed it down to one. Typed just the bare domain. Wouldn't go through. (It was something incredibly benign like n17.org)
Couldn't find a history on that domain name for why it would have been filtered.
At least messenger responded with 'couldn't send message' but still no clue as to why... and it took me sending each domain name individually until I found the one that was failing the entire message.
A true hacker would have used binary search ;)
Well, from their perspective. Not from any reasonable perspective; I have a few obviously-spam emails in my gmail spam folder right now, but I've had plenty of problems with gmail refusing to deliver completely legitimate email to me.
I suspect any more than you see
They need to tune whatever they're doing down to the point that legitimate personal communication at least shows up in the spam folder. If a lot more spam shows up in the spam folder too, so what? A spam folder that contains mostly spam and also some misclassified personal messages is significantly better than a spam folder that contains nothing but spam because it automatically dropped your misclassified personal messages.
It looks like T-Mobile looks for ".xyz" within the SMS and will silent drop the SMS (though it will claim it is delivered). ".xxyz" works, "..xyz" or ".xyzz" does not. "xyz" works, so does ".xy".
I thought SMS didn’t have delivery receipts?
MMS has delivery reports too (I implimented support for it myself for mainline Linux Phones). It even has read reports, but no carrier seems to honor using it (which is why I didn't bother to impliment it).
I'm not sure if Android/iOS gives the user an option for it (which may be the source of confusion).
I'm not sure if SMS supports read reciepts, but I didn't think so. The MMS standard allows for read receipts ("MAY" not "SHALL"), I was unable to get it working, and I suspect it's due to no carrier support.
I was unable to get read receipts working at all, and I suspect it's because the carrier doesn't impliment it.
Also, Telegram seems to be much better supported on the Pinephone as of now, so that is what I generally prefer.
They basically only accept pre-approved providers. If your have your own domain and infrastructure you have to petition them to whitelist you. Totally insane.
If you can read German, this guy who runs a shop decided to block himself all of t-online emails since they basically run email out of specification.
(1st biggest spam channel being email, which surprise/surprise - Twilio also dominates via SendGrid)
Is it possible for a spammer to generate >$75 per 10,000 people spammed? I've no idea were the SMS spams I've got link to (not about to find out) but they are so obviously spam.
We use SMS for communicating with users and would be happy to more a lot more per text to escape the 'positive ROI for spammers' territory.
I'd be happy to do that for important emails too!
They just need one person in each 10k spammed on average, to click the phishing url asking them to pay a fake bill and then charge them $328 instead of the $3.28 displayed o the page.
I received (and reported to their scam Dept) a phishing SMS yesterday pretending to be from Australia Post asking for $3.28 to release a delivery package I'm waiting for, which is most people in Australia nowadays with the current slowdown in mail delivery speed.
I am only guessing that the $3.28 phishing purchase would have attempted a $328 charge on my card... but that would be wildly profitable if the input costs per successful fraud were under $100...
This is my new mini-favorite thing. It feels a bit like a redux of "Shirt without stripes" (https://news.ycombinator.com/item?id=22925087)...
Also if there was a cost per SMS on phones these days it would be the death of SMS because no other system charges.
My domain is almost marked as spam solely on TLD grounds. What's the point of a TLD if it isn't a first-party domain on the internet?
SpamAssassin Score: -0.599
Message is NOT marked as spam
-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
[***.***.***.*** listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
for more information.
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[***.***.***.*** listed in wl.mailspike.net]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: ***.xyz (xyz)]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
0.0 TVD_SPACE_RATIO No description available.
Unfortunately for the people with legitimate uses, for email admins it's just a really easy (and arguably necessary) shortcut to block a ton of spam.
It was pretty cool that I managed to buy a bunch of domains like <my last name>.<new-tld>, but to be honest I really don't see myself using my .blackfriday domain for anything. For that matter, I think that (somewhat ironically) `my-last-name.email` would not be taken very seriously for a primary email address.
I use a `.app` domain for my personal email, which has its issues, but if I owned a business, there is no way on earth that I would be using anything but .com.
Well, there's about a 1 in 7 chance that it would be the perfect domain to host your obituary. I'm sure you could make a smart watch app which detects when/whether to make the site publicly visible.
(I apologise if this dark humour offends anyone.)
I'm not sure how they could possibly enforce that, but in the purely technical sense, are you technically breaking rules?
Otherwise, deliverability-wise I haven't really experienced any issues. My mail is regularly delivered to the big email providers.
Yet I gave up on it for the same reasons mentioned in the article: It has a terrible reputation and seems to randomly be blocked here and there.
their customers are on discord, twitter, telegram and wechat so email delivery is not a factor
the entire sites and revenue drivers are entirely client side (with the "servers" being the smart contract methods stored on the nearest blockchain nodes, this has only one initial upload cost but functions similarly to lambda functions except the users pay for the computations), when the domain is down or blocked, the user can interact directly with the nearest node hosting the website's associated smart contracts, if they are interested enough
this is working really well for a lot of organizations, and it has been this way for several years now
makes lean SaaS services even leaner, and allows them to grow even faster - as long as their customer base is already a crypto native. I haven't seen any organization succeed if they have to sell their customer on some crypto browser extension.
And, yes, a lot of the new web3 projects use alternative tlds because they're cheap and catchy. They also tend to use food-related nouns as project/coin names because branding is hard and a lot of them haven't been used by companies in the past.
many of the people with the capacity to understand the primary market or revenue generating side are too busy hating that "crypto" gained an additional context that is more widely used than their enthusiast obscure cryptography interest and they use every comment section to let everyone know that when they aren't busy weeping under their Alan Turing shrines before they have flashbacks of boarding the bus at 7am to work for an ad conglomerate, a life they ironically respect more.
Then I immediately got it. The amount of spam emails from .xyz .click .faith .top is huge. And with every email comes from them, we have to run spam scanner, which isn't cheap. So we have to score those TLDs more sensitive.
https://www.spamhaus.org/statistics/tlds/ can give some insight about spam rate by tld.
Translation: We used .xyz for spamming, of course .xyz is associated with spam.
No big issues so far except for the HR department of a potential new gig which can painlessly mail email@example.com about job interviews BUT never get my replies back.
I don't who to blame more in this mess:
- Me for playing smartass instead of using a @gmail.com because they impose the rules so everybody comply to them (maybe my reluctance to encourage this broken system explain my recklessness)
- The IT department of this organization that probably didn't what to deal with modern standard and/or reasonable spam filtering and set up a blunt rule for new TLD (I mean come on it was a REPLY to a mail ADRESSED to this specific mailbox)
- The broken system that keep on inventing arbitrary new rules that everyone must implement to keep getting accepted by "the big players".
(For instance I already had to change hosting two years ago because apparently you are also responsible for bad neighbors)
Guess i'll just have to be brave and migrate to a more classical TLD and set up redirects to ease transition. But it's pretty annoying to start over with crap like that because some dudes in "the big players" teams decided to ban a whole TLD just because it's "easier".
This is a great example of a Collective Action problem. Everyone would be better off if we could break the gmail domination of email policy, but as an individual you will have zero effect on gmail's dominance and only suffer the pain of not being a part of the system.
The responsible answer should be IRL legal actions against real spamers because they'll always adapt to new arbitrary protocol rules faster than legitimate users, it's their jobs!
Even from an environmental standpoint I get tired of user-shaming articles about why you should delete your email for the planet. Maybe as engineers our duty is somewhat to propose a new version of the mail protocol that doesn't allow this much crap to fly around in the first place. Current solutions seems to revolve around the concept of "everybody should duck and cover if anything is suspicious" thus blocking some legitimate message that no sane human would reject should they be in charge instead of a basic AI.
PS: I'm not suggesting by any mean that you should punish any human being with manual moderation.
PS:PS: Maybe a NGO whitelist system is a solution, I'm just fearfull about which entity will end up with such power. But actually domain filtering is already kind of an implicit unpredictable non shared whitelist build on top of ICAAN register... So here we are already...
I got in a painfully stupid argument with a middle-age IT admin “we don’t want to our employees installing apps”
It’s not an app, you don’t install it, it’s a “WebApp”, it’s just a freaking fancy website who’s domain ends in .app - lol, this was like three years ago and just thinking about it is getting me heated
If they think that any domain that ends in .app is for installing apps, their mind is gonna be blown about some of the sites on .net and .org domains...
I have a .dev domain now and everything seems to be running smoothly, plus it's +20% cheaper.
New generic TLDs have the disadvantage of being recently unleashed. There are no venerable sites on XYZ, or its siblings. Much of what's registered there, and that word was "much" and not "all", is absolutely unworthy crap. And for those who are faced with defending either their own or their customers, clients, users, employees, or other stakeholder's security and time, wholesale blocking of the entire TLD solves a lot of problems with very little downside cost.
The obvious response is "but there's a lot of crap on legacy TLDs as well". Yes, there is, but there are also valued, venerable, and essential domains, and blocking all of them is not a viable option. (Though the prospect of whitelisting is becoming increasingly attractive.)
I've known people who are, on the one hand, Internet freedom advocates of decades-long standing --- before most people reading this were born. Who wholesale block access by all China ASNs to their webservers --- because all they see from such networks is malicious traffic. Again: effect-to-effort ratio here is high.
No, it's not "fair". Yes, there's collateral damage. But you're absolutely fighting not merely human nature but all of control theory in trying to combat this.
Register on XYZ and you'll be increasingly fighting a common practice of default-deny, whitelist-by-request. For every user you're trying to reach.
And you should ask yourself if it's really worth it.
XYZ, meantime, are mining and arbiraging short-term cashflow for long-term reputation at the specific expense of its legitimate customers. Those with the least bit of sense will abandon the registrar, leading to an ever-accelerating reputational death spiral.
Can anyone try `abc.xyz`? and see if that fails to send? It would be very typical for our corporate overlords to be omitted from our spam censorship filters.
>Ironically, Google Voice also has the same behavior with abc.xyz.
There (was?) even a semi-parody site called Domains For the Rest of Us that generates .COM domains that you can use for side projects (or startups?).
The new gTLDs are a godsend since all the domain hacks have been largely exhausted. E.G: `del.icio.us`.
I like the new avalanche of gTLDs since it reduces domain squatting, domain hacks, and stops people snapping up short .COMs as if they were some digital gold to be mined.
Not to mention the hassle of having a really obscure ccTLD like .SO and having to battle to get that domain back if it was seized by pirates, yarr
building one product at a time.
It's dead, Jim.
Oh, you mean delicious.com?
I had a .xyz domain. I thought it was easier, the domain was short to type.
I was completely wrong. I asked a few non-technical friends. They said they would never use my site because of the .xyz, it felt like a spam site. I redid the site on .net with a longer domain name - much better results.
Luckily, they could still book me in but at a different time slot...
I know this is common knowledge, but it still really creeps me out that companies can track this.
Unfortunately, this often times leads to direct phone calls along the lines of, "Hey taftster, did you get my email? It shows that you haven't opened it yet."
This side-effect is also very annoying.
Roll your eyes all you want, but get the dotcom.
I get that the people here want more control over their devices, but to be fair, anyone posting here is at the extreme end of the tech spectrum when compared to your average phone user. Those phone users want someone else to help them. It's why I have spam assassin crancked super tight on the mail server that my parents use. They would rather miss a few legit emails and texts than get flooded with spam.
The .co.cc discussion was here on HN https://news.ycombinator.com/item?id=2733352
- no DKIM/DMARC verification headers that make sense, just a default ~all
- wonders why emails are classified as spam
Well, yeah. Maybe use an email spam rating tool next time, like mail tester ?
However, your (correct) evaluation of their weird DKIM/DMARC/MX values notwithstanding, I currently have 10/10 totally perfect score from mail-tester.com and gmail marks my email to my wife as spam.
As in, a 15 year history of my email address having multi conversations per day to her email address and some of my emails (which are responses to her emails) get marked as spam by gmail.
I think I am going to sue google.
(Edit: I work at Notion)
This means you're subject to the politics of whatever country's TLD you're using. If the country's lawmakers suddenly decide that their TLD should only be for use by local entities, or that owners of popular domains should pay more, or that certain types of content is banned, you have no recourse.
(Not that ICANN policies always help you. Some of the new TLDs have contracts with ICANN that allow them to arbitrarily jack up prices, which they've done: https://domainnamewire.com/2017/03/07/yikes-death-spiral-new...)
What specific network blocks it?
There isn't any indication the blocking is worse than most other TLDs.
Not surprising at all to me, who has used the Internet for over two decades --- to be honest, all these new and unusual TLDs, whenever they show up in search results, are almost entirely sites filled with SEO spam and similarly useless content. It's nearly an instinct to ignore them at this point.
(As for the company, it's too bad virtualspot.com and virtual-spot.com were already taken; spotvirtual.com looks weird, but at least doesn't have the negative connotations of an even weirder TLD.)
I suspect I'm either lucky, or something.
Sometimes I send reminders from my xyz domain to my corporate email accounts (which tend to have a rather aggressive filtering) and everything seems to work fine.
SOCs, web filter, email filter teams and vendors all need to catch up to the 2010-era idea that carpet-blocking TLDs is not the first tool to reach for when securing a network, especially when you have a good URL filter in place.
* “Do you mean ‘biz’” on web forms
* other forms just refusing to validate unless I disable the client-side validation
* other systems ostensibly accepting it and just never sending me anything, because it fails to validate silently in their backend
* having to put whatever I am trying to get done on hold for a few minutes when I need to read it to a human, because they’ve “never heard that one before”
That said, I've got a 'clever' .pictures I use to share images and a totally appropriate .fun that has no need to have positive domain associations.
Google prefers to crawl and index .xyz sites over others domain endings. But they won’t rank them well in the index.
Now this is just for incoming email. I still allow web browsing and links to these domains through various systems and outgoing mail to those domains works.
The incoming mail though, I just can't allow it. It's just pure spam at ridiculous levels.
If I was owner of the .xyz TLD domain, I would be very concerned to kick out spammers because it kills the value of the .xyz TLD.
I've always felt conflicted about this. I generally support moving everything to HTTPS, and requiring it for new TLDs isn't a terrible idea because there's no chance of breaking anything legacy.
On the other hand, Google owns the TLD, controls the HSTS preload list, controls the most popular browser. The idea that an entire TLD could be added to the HSTS preload list was a completely unilateral decision by Google. It makes me uneasy.
 ...unless you were using the domain internally assuming it would never be added to the root zone, which bit some people when they did this with .dev
> Bootstrapped with <3 by @qecez.
> Our goal is to help makers find an awesome home for their project and not to help you flip.
We reserve the right to refuse, or cancel membership to anyone without explanation.
Nice, so only you're allowed to flip your parked domains.
Why are people afraid to use the real term for this?
It's called censorship.
Your provider is silently censoring your text messages. In peacetime. You can't expect it to improve when that's no longer the case.
In much the same way, propaganda is just advertising with negative connotations, and a cult is just a religion with negative connotations. Calling all advertising propaganda or all religious people cultists is not likely to win people to your cause.
So, in short, no one is afraid to call something censorship, I think they are just waiting for the right time. When it is applicable.
Let's say, so many people have set up a similar rule that the email provider offers a quick way of adding that very rule. Is that censorship?
Let's say, so many people use that "quick way" that the email provider turns it on by default. Is that censorship?
There's a very fuzzy line somewhere, on one side of which a provider is helping users get what they want, and on the other is blocking content they don't want users to receive. I'm exploring where that line is.
While you have a right to send emails to me, I have a right to sign up for a service that automatically blocks emails I don't want to receive. The line is crossed when that service starts blocking emails I would like to receive. I'd say there is a pretty competitive market of email providers, and the rules are reasonably transparent about what's being blocked. Thus, it seems that "censorship" is a rather strong accusation here.
The original comment was about text messages, of which there is certainly not a competitive market (the Ma Bell T-1000 has reassembled itself into only 3 remaining pieces), users were surprised at the behavior, and there doesn't seem to be a straightforward way to opt out of stupid rules like blocking whole TLDs. So it's a far way from being able to say that such blocking represents the will of the user.
I'd guess there are far more users like that, which is precisely why there are no major email providers offering the kind of service you talk about.
As always comes up in these conversations, while you have a right to speak, users have a right not to listen, and to use tools to help accomplish that.
I've merely put forth a straightforward definition of "censorship" - one where there is a third party censor who controls the content of speech.
To translate your scenario into an earlier time - if most people in a society don't want to hear thoughts that conflict with the teachings of the church, and they appoint someone to an office to approve play manuscripts before they're performed, is that censorship?
If merely labeling centralized user-uninvolved content filtering with the technical term of "censorship" makes you uncomfortable, then perhaps you need to revisit your own assumptions.
> censor: to prevent part or the whole of a book, film, work of art, document, or other kind of communication from being seen or made available to the public, because it is considered to be offensive or harmful, or because it contains information that someone wishes to keep secret, often for political reasons.
Miriam Webster definition:
> to examine in order to suppress or delete anything considered objectionable
If I automatically delete content merely because I think you won’t be interested in it, I don’t see how that counts as censorship under the standard dictionary definition.
That said, you are of course entitled to your own opinion of what the word means. But please don’t be surprised if I think you sound a bit melodramatic suggesting that Google is carrying out censorship by automatically deleting emails offering me cheap viagra, especially when I can still see these emails by clicking on a link or reconfiguring the rules.
I've never claimed "Google is carrying out censorship by automatically deleting emails offering me cheap viagra". You're the one that keeps invoking such hyperbolic strawmen - the original topic was the surprise blocking of text messages.
I’ve seen it termed the “All Ns are equally likely” fallacy. I.e. when programmers write code, they know that they should write different code for when N is 0, for when N is 1, but as soon as it goes higher, most programmers tend to write code which is optimized for arbitrary values of N, even though in actual practice N might almost always be, say, at most 10. This often leads to inefficient and overcomplicated code, where a simpler algorithm might be faster most of the time while still able to correctly, if more slowly, deal with non-typical values of N.
Like, without a censor actually redacting things or controlling the conversation, can it really be called censorship?
this seems like a good point, I'll have to think on it. For this particular situation I'm having a hard time seeing the argument on the basis that .xyz domains are cheap and get used for lots of attacks as stated in the article, so is it censorship or defense?
I think the question at the heart of my disagreement would be "what speech is being censored?", I don't see a compelling answer so I have a hard time seeing it as censorship at all.
What speech is being censored is harder to discover. They are blocking people from communication without any feedback, and it would take a large effort to reach them and discover who they are. Certainly most of what is blocked is spam, but that's true for whatever block you implement today, unless you spend an unreasonable amount of resources targeting it into non-spam.
Even as a free speech advocate, it's hard to see a problem with this.
You'll also find that calling this "censorship" as if it has to do with government action, or that it has to do with the content of the specific site, is ludicrous.
This is incompetence, not malice.
Over-aggressive TLD spam filtering is just bad logic from infosec employees.