[Operators] Remove old unused accounts?

Michael Grigutsch migri at i-pobox.net
Wed Dec 9 09:17:52 CST 2009


Mathias Ertl wrote:

> Hi,
> I added the policy that old accounts on our XMPP-Server will be deleted
> after a year of inactivity. The CCC (jabber.ccc.de) seems to practice
> the same, and I *think* jabber.org also deletes unused accounts.
> But some of your Users complained that such a practice is questionable,
> at least if you allow the usernames to be reregistered: Somebody could
> reuse your ID, and if someone else used your ID before, you could
> unwillingly inherit what the one before you posted on the internet.
> So what is your practice on deleting unused accounts? Do you block
> reregistering? And if yes: how do you implement this with ejabberd?

We are deleting all accounts without any login at the day after the 
registration and all accounts that are unused for over a year. That works 
wonderful in a cron-script using ejabberdctl. We wrote this handling in the 
terms of use. 
For security reasons ejabberd automatically unsubscribes the deleted user 
from all contacts in the roster. There is no lock on the username that was 
deleted. Everyone can (re)register thst username. I don't see a big problem 
in this, as the account either was never used or was not in use for over a 

Best regards


More information about the Operators mailing list