[Operators] How-to fight with SPAM accounts

Sean Dilda sean at duke.edu
Wed Nov 18 19:40:41 CST 2009


I like the sound of this.  But its worth remembering that this is only 
one piece of the puzzle.  Your solution makes the assumption that 
everyone who runs an XMPP server is benevolent.  Unfortunately, that's 
not something we can assume.  As such, a multi-pronged approach is 
needed.   Something like yours that can work with sites with benevolent 
admins.  And something like DNSBL will be needed to handle sites/domains 
that are known to not handle the first method.


Peter Viskup wrote:
> Hi all,
> I just went trough the discussions 'How is XMPP better than SMTP for 
> spam prevention?' [1] and fresh 'DNSBLs' [2] and was little bit thinking 
> about the fighting against SPAM accounts.
> I have one - probably not bad/well - opinion:
>     - define XEP in this way (sorry for any not well formed sentences ;-) ):
> 
> 1) each XMPP account have SPAM-ratio and each server is administering 
> SPAM ratio's for it's accounts
> 2) every XMPP messsage user received can user mark as SPAM and this will 
> send the 'SPAM-hit' to the XMPP server of sender JID
> 3) every XMPP server is calculating the number of messages sent by the 
> XMPP account for last session/week/month/any-other-timeframe and 
> 'SPAM-hit' and the account will be blocked/removed if the threshold of 
> SPAM-limit will be reached
> 4) it is needed to find way how to gain with not polite XMPP servers 
> (servers which have not well defined this 'anti-SPAM' XEP)
> 
> This (in more sophisticated design) could be the right fighting tool 
> against SPAM.
> 
> It will be:
> - decentralised
> - not based on bloking DNSs/IPs (the worst way to deal with SPAM on XMPP)
> - all XMPP users will be involved in anti-SPAM fight (much powerful like 
> any SpamAssassin)
> - not using too much server resources
> - not based on the list of DNSs/IPs which will be growing in time
> 
> Something similar is probably already in discussion within XMPP Working 
> Group or somewhere else - I really do not know.
> This was just very quick thought about anti-SPAM solution for XMPP. This 
> is not final Draft of XMPP WG :-).
> I do not like CAPTCHA and W/BLs - if there is any other way how to 
> implement anti-SPAM and improve security of XMPP network - then do that 
> in way when comfort of polite users will not be affected.
> 
> I think that the key for the 'right/best' anti-SPAM XMPP solution is to 
> involve regular/polite XMPP users in any way.
> 
> Best regards,
> Peter Viskup
> 
> [1] http://mail.jabber.org/pipermail/juser/2008-August/006552.html
> [2] http://mail.jabber.org/pipermail/operators/2009-November/000728.html



More information about the Operators mailing list