Sometime last month a user on Wikitech wiki abused multiple accounts to send "Thank" spam to a lot of users.
The log contains a subset of it right now at https://wikitech.wikimedia.org/w/index.php?title=Special:Log/LOL890011&hide_thanks_log=0.
On the same day (May 27), the account's contributions were mass-reverted using the Nuke-feature, and the user was also blocked without expiry (indefinite).
Today (June 6) I logged-in but still had three unread notifications from "LOL890011". Now "3" is a fairly low number, but I can imagine using multiple accounts and a bit more passion, this could've easily been a lot more.
Perhaps it makes sense to integrate Echo with Special:Nuke, or with Special:Block, to also (optionally?) delete any notifications that were sent. Or at the very least the notifications currently unread (One can argue whether it is wrong to delete notifications after a user has read them, wrt user expectation - given they may not know it was an attack, and could especially confuse new users if they were unknowingly targeted).
I'm aware of two related features, but I want to emphasise this task as a separate need:
- "Mark all as read" - Not useful in this case, as I may have genuine notifications mixed in with the spam ones. Especially difficult when the number is larger.
- Personal mute/hide functionality (aka "Blacklist", T150419) - Even if this would retroactively hide everything from the user, this is still not useful here per se, since its purpose is for having activity from one user hidden by some users (those who choose to blacklist the user). The problem is that 1) in this case we want to hide it by default for all users, and 2) Automated bots may vary well create a lot of separate users names, which would be very cumbersome to individually blacklist one by one for a one-off attach where the user can't do anything after that point. Either way, the blacklist is for users that remain active, where there are some users that want to hide the other's activity. This doesn't seem suitable for dealing with vandalism. The admin who blocks the spam account and nukes their activity is in a unique position to do this once for everyone. No individual action should be required by the recipients.