[jdev] Wordpress plugin

jehan jehan at zemarmot.net
Tue Mar 25 08:27:06 CDT 2008


> Well, you're trying to fight pubsub spim, but that's only a very small
> part of the picture. Once your jid is out in the open, it can be used
> through any channel over XMPP (normal messages, ...). There are
> efforts to fight spim in general, so I don't think taclking this very
> specific case is very useful. 
>
> The fact remains that it is still better to avoid spim than fight it,

I don't think unfortunately that a system which will completely avoid spam 
"a priori" exists. I mean, anyway you can be as careful as you want, unless 
you really never give your jid, it will finishes to be spread with the time. 
That's sad, but that's it. 

My postal mail box also is filled with spam every days and I don't see how 
to avoid it (I tried to glue some paper saying "no advertisement", but they 
still put some and the paper finally "disappears"). If ever some day you are 
disturbed in the phone by "jokers", maybe will you call your phone provider, 
police, or simply change your phone number...
Spammers exist everywhere, for every communication mean, and there is no 
real mean to stop them, else than stopping communicate (no postal box, no 
phone, no email, no Jabber). 

That's sad, but I don't see real way to prevent totally spam, whatever form 
it takes. 

And the case I proposed is not so specific. For instance, you can configure 
your roster (I remember it is somewhere in the rfc) to block some contact, 
or simply to only accept communication from people in your roster.
Of course if you do so, there is still a mean to be spammed: spammer will 
ask to be added to your roster; so you will be spammed by this kind of 
request maybe. Of course you can also block this, then you will be the only 
one able to initiate a roster add.
This is annoying but anyway there is no real way of stopping a spammer (you 
could do filter, but I don't like all these "intelligent" filters because 
they often do errors). Yet Jabber could propose some configuration of your 
nodes like this. 

> and there's no real way to avoid it with a push system. The best you
> can do AFAICT is to do things like introduce a third-party (e.g. your
> own trusted server) to manage your subscriptions, and let it relay
> everything, but that would just be moving the problem.

That's what I proposed. But no need to have your "own" server, just "A" 
trusted server (and to change it when you lose your trust in it). If it 
implements the basic security rules, then it should only send you messages 
the way you have configured your account (for instance reject any message 
outside my roster). 

Jehan



More information about the JDev mailing list