[Operators] server reputation
Peter Saint-Andre
stpeter at stpeter.im
Mon Apr 21 16:29:06 CDT 2008
Jesse Thompson wrote:
> Jonathan Schleifer wrote:
>> Spammers are not a big deal ATM, what we need a solution for is servers
>> with broken s2s, this is hurting the Jabber network far more now.
>
> It's hard to identify other institutions that offer a federated Jabber
> service to their users. If I can't easily determine if my users can
> chat with users on X service, then how do I expect my users to figure it
> out? If those services are available, but not working, then it makes it
> even more difficult.
>
> One thing to consider is that the reason why spam isn't a big problem
> for most Jabber services is because federation isn't widely utilized.
Typically at jabber.org we have 2500+ open s2s connections. I would call
that widely utilized.
That said, there are many services which don't connect to the network. I
think that part of what we can do here is encourage folks to connect.
> The spammers might be discouraged from targeting us for the same reason
> end-users don't try to chat with their users in another domain. So, by
> that logic, improving federation might introduce a larger spam problem.
There are tradeoffs with everything. :)
> So, this ties back into Peter's original question: "define some
> parameters for measuring server reputation"... some ideas:
>
> - The service supports federation, specify the type defined in
> http://www.xmpp.org/extensions/xep-0238.html
Well sure that's a given -- we care about your service only if you federate.
> - The service has a closed user population
Closed, or protected? E.g., a service might have an open-ended user
population but protect it via invite-only policies, certificate login,
or whatever.
> - The service prevents automatic anonymous registration (captcha)
I would see that as one form of protection. But not a very good one.
> - The service's JIDs are identical to email addresses (if the email
> address/domain has a bad reputation, then the im service should too)
True.
> Those parameters would help improve use of federation and help define
> which services can be considered more trustworthy.
I'd add the following considerations as possibilities:
- service allows bidirectional communication (i.e. s2s not broken)
- service maintains proper DNS records including SRV
- service has a certificate from a trusted root
- service requires use of TLS for s2s
- service responds to email sent to xmpp at domain.tld
- service responds to abuse reports via email or phone
- service supports automated abuse reporting (XEP-0236)
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080421/b6b10a41/attachment.bin
More information about the Operators
mailing list