Has this been fixed since the article came out in December?

Former Truth Social developer behind Soapbox and Rebased has come up with a sneaky workaround to how Authorized Fetch functions: if your domain is blocked for a fetch, just sign it with a different domain name instead, using an A record that points back to the receiving instance. #MastoAdmin

https://wedistribute.org/2023/12/authorized-fetch-circumvented/

Authorized Fetch Circumvented by Alt-Right Developers

We've criticized the security and privacy mechanisms of Mastodon in the past, but this new development should be eye-opening. Alex Gleason, the former Truth Social developer behind Soapbox and Rebased

^{Sean Tilley (We Distribute)}