[Operators] Update on spammy invites

Dave Cridland dave at cridland.net
Wed Mar 20 23:22:06 UTC 2013


On 20 Mar 2013 23:09, "Peter Viskup" <skupko.sk at gmail.com> wrote:
>
> On 03/20/2013 07:03 PM, Dave Cridland wrote:
>>
>> Peter mentioned ensuring that open registration is blocked - I think
that open registration has proved itself our equivalent of open relaying in
SMTP, and we need to campaign strongly against this. The majority of
servers have no need to support IBR; I think we have to declare this
seriously harmful at this point.
>
>
> Please stop spread this myth. IBR isn't nothing like open relay in SMTP.
Any web-form based registration isn't solution to this situation. I am
seeing a lot of automated registrations on my Drupal sites for example.
> Did anybody performed some investigation and proved which servers are
used for these attacks and if all of them are IBR-enabled? I'm not aware of
anybody - didn't see list of the servers.
>

I said open registration, actually. IBR seems particularly harmful, though.

But fundamentally, open registration allows spammers to use a server to
host their spam bots. This is a close parallel to SMTP open relays, in my
opinion.

>
>> Finally, I'd note that clients themselves can mitigate against
subscription request spamming by ensuring that their UIs handle requests in
such a way that won't promote spam.
>
>
> Agree - for example Gajim client has 'Anti-Spam' extension which probably
can be used as an protection against this (I don't use it/not sure about
it).
>
> --
> Peter Viskup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130320/28e73b9d/attachment.html>


More information about the Operators mailing list