[Operators] How-to fight with SPAM accounts

Peter Saint-Andre stpeter at stpeter.im
Wed Dec 2 09:54:04 CST 2009


On 11/25/09 11:53 AM, Jesse Thompson wrote:
> Peter Saint-Andre wrote:
>>> I think that the key for the 'right/best' anti-SPAM XMPP solution is to
>>> involve regular/polite XMPP users in any way.
>>
>> I have my doubts that normal users will bother to flag messages as spam.
>> However, given that I have only ever received a few spam messages over
>> XMPP (and even those I wasn't 100% sure about), perhaps it would not be
>> such a huge burden.
> 
> I like the idea of account level reputation.  The current, most
> troublesome, battlefront on the war against email spam is dealing
> spammer-created freemail accounts, 

Most of the large, public XMPP IM services essentially offer "freechat"
accounts. The use of CAPTCHAs at, e.g., jabber.org is a small hurdle.

> and with phished account credentials
> on closed systems.

I think we've seen less of this on the XMPP network because we don't
have very good web integration.

> You could apply an account-level reputation system at the server as well
> as the client.
> 
> An XMPP operator could set up the server to block domains whose
> trustworthy account ratio is below their tolerance level.  This would
> effectively block domains that have only spammers.  But it would not
> block domains like jabber.org or gmail that are trustworthy but have
> spammers signing up for free accounts.

Agreed.

> For spamming accounts in trustworthy domains, the server operator could
> set it up to block accounts that meet a certain untrustworthiness
> threshold.  

So when mydomain.com receives an inbound stanza from user at jabber.org, it
would check the trust score of the sender?

> Or, the users could do it at the client level.

That seems like more work. See above about user laziness. :)

> The key is to figure out how to collect and expose the data in a private
> way.

Your thoughts are welcome.

Do you mean the scores need to be private, or the source data needs to
be private?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091202/d1966bd3/attachment-0001.bin>


More information about the Operators mailing list