ok i had my little narcolepsy blackout for the afternoon and im back.
you can put any email into the reporting form as the reporting party, whether the email is registered to tumblr or not. the Name field doesnt do anything. i just tested it. it doesnt validate for tumblr username. the only information the tumblr report form requires is an email address. so now im wondering if anyone outside tumblr has gotten these emails, and if so who, and for which reports.
i just tested this by opening a private window, reporting one of the rape threat bots from my earlier post, and filling in an email that i have not registered to tumblr. interestingly, logged-in tumblr users can one-click report spam, logged-out users have to provide a text paywall paragraph even for spam reports. everyone has to pass the textwall to report stuff other than spam. but for some reason ZenDesk doesn't seem to care if someone is reporting a tumblr TOS violation as a tumblr user or not. which seems.............like a mistake, in terms of moderation handling. but maybe they have a "reported by logged in user" flag on their backend idk
this means mass reporting, botnets, scripts, and random reporting dont even need a working tumblr account to be logged in to be reporting from. anyone can navigate their simple macro script to the reporting form and run it all day and night, reporting nonsense by pulling URLs from someone's tumblr account. so if bad actors are actually exploiting this reporting form in this way, it would certainly explain why tumblr support is swamped in bullshit reports, and why they have recently started making people fill in up to two paragraphs of explanation about how exactly something breaks TOS (paragraphs which are also trivially easy to bypass, as all users of r9k discovered exactly five minutes after that board went up)
WHY WOULD SOMEONE DO THIS?
idk, this is sort of the least mysterious part of the mystery and also the most impossible to answer. for a really popular account like pjackk, popular accounts make a lot of enemies even if they are well-liked, so that could have been personal. or it could have been because his username is just really visible and therefor easy for data validation crawlers to grab and put in a database of "known active tumblr users". garakPB and bobacupcake dont have any obvious enemies except maybe "bigots generally" and the "bigots generally" motivation could certainly be responsible for some of the banned trans woman waves also. but their reports/bands seem more like noise to me and not targeted harassment, just my own reckon. most of the traffic of the internet at this point is ads and crawlers and botnets and a lot of it is shit like this that doesnt really serve a clear purpose and isnt necessarily malicious (but could be). trying to nail down motivations is pointless because much of it is just noise, people testing scripts, people forgetting scripts are running, people selling scripts to other people, etc
if your email address has ever been public anywhere, or ever on a have-i-been-pwned list, it could be used for spoofing reports. and if you run a report-spoofing script long enough pulling random posts, eventually tumblr support will either receive a report that can be interpreted as rulebreaking if they squint, or whatever automated behavior that may happen after X number of reports on a single blog is surpassed may kick in and cause some sort of autoban that then needs to be appealed by a human and then approved by a human to get past, which takes so long (due to the support backlog) that most banned accounts just assume they were banned 1. for actual TOS violation and have no appeal or 2. by a sinister behind the scenes conspiracy that they cant fight, and have no appeal or 3. that the support backlog is so long that appealing is going to take months or years so they might as well remake (which means they are ban evading, which means they are automatically violating TOS, which means if they get reported again for ban evading they will just keep getting banned even if the initial ban was a mistake)
i havent checked if tumblr "forgot my login" form can be crawled for validation easily or not but if it cant now, it probably used to be at some point, and if you have an old tumblr account and have ever received a "forgot your password?" email then yeah some database somewhere probably knows your email is registered to your tumblr account.
one thing to keep in mind when discussing this issue and speculating on reasons, actors, and motivations, is that the current tumblr support staff are not the people making decisions about how all this is being handled. the guy who owns and runs this website and personally makes most or all decisions about this kind of thing is having a normal one to put it lightly
edit: the "we put a mature content label on this post" part of this moderation message makes me think it is a tumblr bug, specifically. that indicates there is an internal malfunction happening, not that this is a reaction to external scripting or botting attacks. because there have not been mature content labels applied to the indicated posts, tumlr T&S checked on this part of the report specifically and found it was not happening. so that indicates internal reporting system glitch
