[Operators] Rosters flood
jesse.thompson at doit.wisc.edu
Wed Sep 8 10:52:08 CST 2010
On 09/08/2010 11:29 AM, Evgeniy Khramtsov wrote:
> 09.09.2010 02:19, Jesse Thompson wrote:
>> Do you mean that spammers could flood users with subscription
>> requests? I suppose that would be difficult to deal with. Could it be
>> solved with UI improvements? e.g., a queue listing of pending
>> requests, as opposed to a pop-up for each request.
> Currently, we have mixed flood: subscriptions and messages. Flooders are
> aware of protocol weakness: they are not idiots after all ;)
Right, they aren't idiots.
My original point was that it might be beneficial to find a solution
other than re-hashing the email spam war. We can go through the hassle
of blocking the IPs of servers that don't limit registrations, so the
spammers will start setting up their own servers on zombies. We can
then go through the hassle of blocking zombie servers, so the spammers
will start creating accounts on trustworthy services (captchas might
help, but it hasn't stopped email spammers.) We can go through the
hassle of blocking the JIDs of users on trusted services, so the
spammers will just start phishing for credentials of trusted users on
We already know the end game, because email has already gone through the
process. I was just wondering if we can skip ahead to the point where
we have to figure out how to deal with the fact that you can't really
trust any user on any service.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3403 bytes
Desc: S/MIME Cryptographic Signature
More information about the Operators