[Operators] Recent Google XMPP Federation problems

Blaine Cook romeda at gmail.com
Tue Feb 26 11:25:52 CST 2008


Just a note that they're doing weird things with non-google-for-apps
domains, too.

1. I've verified my blaine at twitter.com (MX and Jabber for
twitter.comhandled off-google, but no user at
xmpp:blaine at twitter.com) with GMail, associating it with my
romeda at gmail.comaddress.

2. Someone using GTalk tried add me at blaine at twitter.com, and I got the
subscription request rewritten to romeda at gmail.com

3. When I accepted, they got the response back from romeda at gmail.com.

Which means that Google leaked my private email address (in this case not a
big deal) by hijacking the twitter.com jabber domain. Thankfully, they
haven't broken it across the board, so our bot still works at
twitter at twitter.com.

Does anyone have a contact on the GTalk / Google Accounts team, or would it
be useful for me to dig one up?

b.

On Tue, Feb 26, 2008 at 8:04 AM, Pedro Melo <melo at simplicidade.org> wrote:

> Hi,
>
> On Feb 26, 2008, at 2:45 PM, David Horwitz wrote:
> > Hi  Pedro,
> >
> > This was originally started as a call logged with google 2 weeks
> > ago. Took some hunting to figure out how to do that! The address it
> > came from is apps-support at google.com
>
> I've sent an email message to that address. If the process improves
> I'll post an update.
>
> Best regards,
>
> > Pedro Melo wrote:
> >> Hi,
> >> On Feb 26, 2008, at 1:17 PM, David Horwitz wrote:
> >>> My last communication from google help basically seems to suggest
> >>> they expect us to go through the domain verification process in
> >>> order for us to get our routing back! So basically you have to
> >>> register all your domains, get admin access and switch off the
> >>> gtalk app or you risk one of your users breaking your routing
> >>> with google.  (email reproduced bellow for info).
> >> The email message requires a response to follow up on the process.
> >> Did you requested this from support at google or some more specific
> >> email address?
> >> I've been browsing and searching the Google Apps Help, and so far
> >> nothing on this.
> >>>
> >>> While I am negotiating this with the relevant sections of our IT
> >>> department, it has moved Google from my favourite suppliers of
> >>> cool new stuff to the worst. I also generally am one of the
> >>> people who argue against the network being locked down and people
> >>> to be allowed to use new service, this fiasco will seriously dent
> >>> my credibility next time I argue "you can't block that google app"
> >> yeah :(, and it is really unfortunate.
> >> Best regards,
> >>>
> >>> David
> >>>
> >>>> If you would like me to designate one of the accounts as an
> >>>> administrator
> >>>> then you can nominate one after proving your ownership:
> >>>> Verification option #1: create a special CNAME record
> >>>> Create the following CNAME record for your domain through your
> >>>> domain
> >>>> hosting provider.
> >>>> dublin points to ghs.google.com
> >>>> If your domain host is separate from your domain registrar, make
> >>>> sure
> >>>> you're modifying the CNAME record with your domain host.  For help
> >>>> creating this CNAME record, visit
> >>>> https://www.google.com/support/a/bin/answer.py?answer=47283.
> >>>> Verification option #2: uploading a special HTML file
> >>>> 1. Create an HTML file and name it gafyd.html.
> >>>> 2. Enter the following characters anywhere in the HTML file:
> >>>> dublin.
> >>>> 3. Save and upload this HTML file to your website.  Be sure to
> >>>> upload the
> >>>> file to your root directory.
> >>>> 4. Check http://your-domain.com/gafyd.html to make sure the file
> >>>> was
> >>>> uploaded properly.
> >>>> Once you've completed one of the verification options, reply to
> >>>> this
> >>>> message, and I'll review your request.
> >>>> Sincerely,
> >>>> Lucas
> >>>> The Google Apps Team
> >>>
> >>>
> >>>
> >>> Pedro Melo wrote:
> >>>> Hi,
> >>>> On Feb 26, 2008, at 9:52 AM, David Horwitz wrote:
> >>>>> An update on this post some back and forth with the google help
> >>>>> team. It seems that anyone registering to use Google apps team
> >>>>> edition on a domain causes google the assume it handles XMPP
> >>>>> for that domain - Until the admin opts out.
> >>>>>
> >>>>> So it looks like a student or staff member has registered to
> >>>>> use google apps on our domain. No admin has registered
> >>>>> (confirmed by Google) yet Google still seems to think it
> >>>>> handles XMPP.
> >>>>>
> >>>>> This is not good!
> >>>> Yeah. Not good at all. This was my biggest concern when I read
> >>>> about the team edition.
> >>>> I think the Google team in charge of this must quickly re-think
> >>>> this behavior. It is terribly irresponsible. What would people
> >>>> think if I registered my email with GMail and they decided that
> >>>> they are my preferred MX?
> >>>> I wonder if they couldn't risk legal action by disrupting
> >>>> network communications like this... Specially under US law...
> >>>> It's a terrible risk to take.
> >>>> If anybody knows where admins can opt-out, please post the link.
> >>>> I need to place some domains in there... I wonder how they check
> >>>> that I'm really the domain admin. Another problem that Admin
> >>>> Contacts for Servers would solve...
> >>>> Best regards,
> >>>
> >>> --
> >>> "It remains that, from the same principles, I now demonstrate the
> >>> frame of the System of the World." - Newton "Principia Mathematica"
> >>>
> >>> <david_horwitz.vcf>
> >
> > --
> > "It remains that, from the same principles, I now demonstrate the
> > frame of the System of the World." - Newton "Principia Mathematica"
> >
> > <david_horwitz.vcf>
>
> --
> Pedro Melo
> Blog: http://www.simplicidade.org/notes/
> XMPP ID: melo at simplicidade.org
> Use XMPP!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/operators/attachments/20080226/54ae1c6f/attachment-0001.htm 


More information about the Operators mailing list