[Operators] Spammy servers
Marco Cirillo
maranda at lightwitch.org
Fri Mar 1 21:59:16 UTC 2013
Frankly as usual when there's a convo going on about spamming, public
services and IBR I tend getting puzzled/amused several times in a row...
But what caught my eye in a special manner was Peter's statement: <<I
think that was important in 1999 when we were trying to get end users to
adopt Jabber. These days I think it is much less valuable, and maybe
even harmful.>>;
good, that was a noble initiative, but yet 13 / 14 years "in the future"
whenever I say something like << I tend working a lot with xmpp... >>
the frequent _ritual_ answer I get back is << What's xmpp? >> even into
mid IT professional environments. Granted... that situation doesn't get
_any better_ when we get to the real end-users.
So maybe that "list" still could have a *practical* use... Now on the
second point spamming and public services...
I'll re-propose a question I did already somewhere in the past to public
services' holders... expecially to the "high usage" ones (possibly more,
those with unprotected IBR)... Did you actually ever make a census of
how many of your concurrent users are actual human beings..?
...
*Will wait for replies on this, out of curiousity*
...
Finally, moving forward on the "how to protect account registration",
there're several very effective measures one of which is CAPTCHA (and
that needs to be done right, implementations like ejabberd's .. just
aren't appropriate ..) but alone that doesn't do it obviously, you
should put some more verification layers after that. I personally employ
a long-strict captcha on the site form, plus an additional e-mail token
verification and several timeframe checks (e.g. the user has to verify
the account within 5 minutes and has to do some copy & pasting...).
Of course, this is not flawless (nothing is in computing after all) and
it's potentially possible to craft adhoc tools to counter the challenges
but still that takes time, and timeframe checks should give admins
enough to still "shut the door on someone's face".
This for what regards my service has cut down automated submissions to a
value very near to 0% (... and also some non-automated ones but "c'est
la vie") and it's not terribly complex to achieve.
Best regards,
Marco.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4512 bytes
Desc: Firma crittografica S/MIME
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130301/7beab744/attachment-0001.bin>
More information about the Operators
mailing list