[Operators] How-to fight with SPAM accounts

Jesse Thompson jesse.thompson at doit.wisc.edu
Wed Nov 25 12:53:41 CST 2009


Peter Saint-Andre wrote:
>> I think that the key for the 'right/best' anti-SPAM XMPP solution is to
>> involve regular/polite XMPP users in any way.
> 
> I have my doubts that normal users will bother to flag messages as spam.
> However, given that I have only ever received a few spam messages over
> XMPP (and even those I wasn't 100% sure about), perhaps it would not be
> such a huge burden.

I like the idea of account level reputation.  The current, most 
troublesome, battlefront on the war against email spam is dealing 
spammer-created freemail accounts, and with phished account credentials 
on closed systems.

You could apply an account-level reputation system at the server as well 
as the client.

An XMPP operator could set up the server to block domains whose 
trustworthy account ratio is below their tolerance level.  This would 
effectively block domains that have only spammers.  But it would not 
block domains like jabber.org or gmail that are trustworthy but have 
spammers signing up for free accounts.

For spamming accounts in trustworthy domains, the server operator could 
set it up to block accounts that meet a certain untrustworthiness 
threshold.  Or, the users could do it at the client level.

The key is to figure out how to collect and expose the data in a private 
way.

Jesse

-- 
   Jesse Thompson
   Division of Information Technology, University of Wisconsin-Madison
   Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091125/8c8412ad/attachment.bin>


More information about the Operators mailing list