Mastodon relays are designed to boost content distribution across the fediverse, but they can be weaponized to amplify spam, unwanted advertisements, or malicious posts to a much larger audience than a single account could reach. When a relay relays a post to your instance, all local subscribers of that relay see the content, even if the original poster is from a distant or unknown server. This article explains how spam amplification through relays works, why standard moderation tools may not catch it, and the specific configuration changes you can make on your Mastodon instance to block or limit relay-fed spam.
You will learn how to identify relay-sourced spam, adjust your relay subscription settings, and implement server-level filters that stop unwanted content before it reaches your users. These steps apply to Mastodon instances running version 4.0 or later, though the core concepts work on older versions as well.
Key Takeaways: Stop Relay-Borne Spam on Your Mastodon Instance
- Administration > Relays: Review and remove suspicious or untrusted relays to cut off the spam source at the network level.
- Administration > Moderation > Reports: Use the relay spam report reason to flag content as part of an amplification campaign, triggering automatic account review.
- Custom server-side filters via Moderation > Custom Filters: Block keywords, phrases, or domains commonly used in relay spam to prevent content from being stored locally.
Why Relays Can Amplify Spam to Your Instance
A Mastodon relay is a server that accepts posts from multiple instances and redistributes them to all subscribed instances. This mechanism is intended to help small instances discover content from the wider fediverse without following every user individually. However, the relay model has a structural weakness: it trusts that the sending instance has already applied its own moderation policies. If a spammer joins an instance that has weak or no spam controls, their posts are fed into the relay and then forwarded to every instance subscribed to that relay. The spam effectively reaches thousands of users in minutes, far beyond what a single spam account could achieve by directly following accounts.
The amplification effect is compounded because relay-sent posts bypass the normal follower graph. A user on your instance who has never followed the spammer or the spammer’s instance will still see the post if they have subscribed to the relay. This makes relay spam particularly hard to contain with per-user blocks or instance-level silences alone.
Steps to Protect Your Instance from Relay Spam
The following procedures assume you have administrator access to your Mastodon instance. You can perform these actions from the web interface under Administration.
- Audit your current relay subscriptions
Go to Administration > Relays. Review the list of relays your instance is subscribed to. For each relay, check the relay’s own moderation reputation by visiting its status page or searching for user complaints about that relay. Remove any relay that is known to carry spam or that you cannot verify. Click the trash icon next to the relay name to unsubscribe. - Enable relay spam reporting
When a user on your instance reports a post as spam, select the reason “Spam – relay amplification” if the post arrived through a relay. This flags the report for automatic review by your moderation team and can trigger a temporary suspension of the relay feed. Go to Administration > Moderation > Reports, open the report, and choose the appropriate reason. - Create server-wide custom filters
Navigate to Administration > Custom Filters. Click “Add new filter.” Enter a keyword or phrase commonly found in relay spam, such as “crypto give away” or a specific URL pattern. Set the filter action to “Hide completely” so the post is never stored or displayed on your instance. Apply the filter to all users. Repeat for each common spam pattern. - Block entire domains that originate relay spam
If the spam consistently originates from one or a few domains, block those domains at the instance level. Go to Administration > Moderation > Domain Blocks. Click “Add new domain block.” Enter the domain name and set the severity to “Suspend.” This stops all posts, including relayed ones, from that domain from reaching your instance. - Limit relay subscriptions to approved relays only
Consider running your own relay or subscribing only to relays run by trusted administrators. You can find lists of curated relays in the Mastodon community wiki. To subscribe to a new trusted relay, go to Administration > Relays, click “Add new relay,” and paste the relay’s URL. Test the relay by sending a test post from a throwaway account before enabling it for all users.
Common Mistakes and Limitations When Blocking Relay Spam
“I blocked the spammer’s account but the posts still appear”
Blocking an individual account does not stop relay-sent posts because the relay is the delivery mechanism, not the account itself. You must block the relay or the originating domain instead. If you block the account, the relay still forwards new posts from that account to your instance, and your instance will display them unless you have also filtered the relay or domain.
“Custom filters take too long to apply to existing posts”
Custom filters in Mastodon only apply to new posts received after the filter is created. Existing relay spam that has already been stored in your database will remain visible until you manually delete those posts or purge the relay’s cached content. To clean up old spam, use the Administration > Moderation > Reports interface to delete specific posts or use the Mastodon CLI to purge posts from a specific relay.
“I removed the relay but spam still appears from other relays”
Spammers often subscribe to multiple relays simultaneously. Removing one relay stops only that feed. You must audit all relay subscriptions and repeat the blocking steps for each relay that carries spam. Consider disabling relay subscriptions entirely if spam is persistent, and rely on direct follows and hashtag tracking instead.
Relay Spam Mitigation: Manual Blocking vs Automated Filters
| Item | Manual Relay Removal | Automated Custom Filters |
|---|---|---|
| Effectiveness | Stops all future posts from that relay | Stops only posts matching keyword or domain patterns |
| Setup time | Minutes per relay | Minutes per filter pattern |
| Maintenance | Requires ongoing monitoring of relay reputation | Requires updating filter patterns as spam tactics change |
| False positives risk | Low if relay is clearly malicious | Moderate if filter keywords are too broad |
| User impact | Users lose all content from that relay, including legitimate posts | Users only lose posts matching the filter pattern |
Manual relay removal is the most definitive method to stop relay-sourced spam, but it can also block legitimate content from that relay. Automated filters allow finer control by targeting only the spam patterns, but they require ongoing maintenance. For maximum protection, use both approaches: remove obviously malicious relays and apply custom filters to catch any spam that slips through remaining relays.
If Relay Spam Persists After Taking These Steps
If spam continues to reach your instance, inspect the relay’s activity log in Administration > Relays. Look for a sudden spike in posts from a single domain or account. That domain may have been recently added to the relay’s subscription list. Block that domain immediately using the domain block feature. Additionally, consider temporarily disabling all relay subscriptions for 24 hours to observe whether the spam stops. If it does, re-enable relays one at a time and monitor each for spam before adding the next.
For advanced protection, you can configure your Mastodon instance to reject all relayed posts that do not have a valid signature from a domain you trust. This requires editing the Mastodon source code or using a reverse proxy rule to inspect relay headers. This approach is complex and should only be attempted by administrators comfortable with server configuration.
You can now audit and secure your Mastodon instance against relay spam amplification by removing untrusted relays, enabling spam-specific reporting, and deploying custom filters. Start by checking your current relay list in Administration > Relays. As a next step, consider running your own private relay that only forwards posts from instances you explicitly approve. This gives you full control over the content that enters your instance through the relay channel.