[Operators] How-to fight with SPAM accounts

Peter Viskup skupko.sk at gmail.com
Wed Nov 18 18:22:03 CST 2009


Hi all,
I just went trough the discussions 'How is XMPP better than SMTP for 
spam prevention?' [1] and fresh 'DNSBLs' [2] and was little bit thinking 
about the fighting against SPAM accounts.
I have one - probably not bad/well - opinion:
    - define XEP in this way (sorry for any not well formed sentences ;-) ):

1) each XMPP account have SPAM-ratio and each server is administering 
SPAM ratio's for it's accounts
2) every XMPP messsage user received can user mark as SPAM and this will 
send the 'SPAM-hit' to the XMPP server of sender JID
3) every XMPP server is calculating the number of messages sent by the 
XMPP account for last session/week/month/any-other-timeframe and 
'SPAM-hit' and the account will be blocked/removed if the threshold of 
SPAM-limit will be reached
4) it is needed to find way how to gain with not polite XMPP servers 
(servers which have not well defined this 'anti-SPAM' XEP)

This (in more sophisticated design) could be the right fighting tool 
against SPAM.

It will be:
- decentralised
- not based on bloking DNSs/IPs (the worst way to deal with SPAM on XMPP)
- all XMPP users will be involved in anti-SPAM fight (much powerful like 
any SpamAssassin)
- not using too much server resources
- not based on the list of DNSs/IPs which will be growing in time

Something similar is probably already in discussion within XMPP Working 
Group or somewhere else - I really do not know.
This was just very quick thought about anti-SPAM solution for XMPP. This 
is not final Draft of XMPP WG :-).
I do not like CAPTCHA and W/BLs - if there is any other way how to 
implement anti-SPAM and improve security of XMPP network - then do that 
in way when comfort of polite users will not be affected.

I think that the key for the 'right/best' anti-SPAM XMPP solution is to 
involve regular/polite XMPP users in any way.

Best regards,
Peter Viskup

[1] http://mail.jabber.org/pipermail/juser/2008-August/006552.html
[2] http://mail.jabber.org/pipermail/operators/2009-November/000728.html


More information about the Operators mailing list