[Operators] How-to fight with SPAM accounts

Peter Saint-Andre stpeter at stpeter.im
Thu Nov 19 10:24:09 CST 2009


On 11/18/09 6:40 PM, Sean Dilda wrote:
> I like the sound of this.  But its worth remembering that this is only
> one piece of the puzzle.  Your solution makes the assumption that
> everyone who runs an XMPP server is benevolent.  Unfortunately, that's
> not something we can assume.  As such, a multi-pronged approach is
> needed.   Something like yours that can work with sites with benevolent
> admins.  And something like DNSBL will be needed to handle sites/domains
> that are known to not handle the first method.

As I always say, we don't need to be perfect, just more difficult to
attack than other networks. Part of raising the cost (mostly the cost in
time) would involve requiring TLS with CA-issued certificates for s2s
(perhaps we can get there eventually!). But as you say there is no magic
solution, and we'll need to consider many different approaches. A while
back I worked a bit on the concept of server reputations, and that might
feed into DNSBLs -- e.g., your server starts out at zero points when it
first comes on the network, and it gets more points for proper DNS SRV
records, a CA-issued certificate, requiring TLS, support for XEP-0268,
lack of open registration (IBR without CAPTCHAs), and other things we
think are important. I would prefer something objective like that,
rather than personalized DNSBLs with no standards.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091119/d3776cf6/attachment.bin>


More information about the Operators mailing list