[Operators] spam resistance (was: Re: google abandoning XMPP??)

Dave Cridland dave at cridland.net
Thu May 23 09:20:47 UTC 2013


On Thu, May 23, 2013 at 12:35 AM, Justin Uberti <juberti at google.com> wrote:

> That seems like an overly cynical assessment of the situation. Speaking as
> an individual, it is sad that spammers were more willing to adopt XMPP than
> other IM networks, but so it goes.
>

I'm not sure sufficient information exists in one place to make a statement
like that. If it does, I've certainly never seen it.

MSN, AOL, and various other networks all have had, or do have, spam
problems, without having open federation. I'd hesitate to suggest that the
spam problem on Google Talk's XMPP service was worse at its peak than MSN
or AOLs at theirs, without a lot more data to base that statement upon.

Google's was exasperated not by simply allowing federation, but by allowing
largely unauthenticated federation, making it by far the weakest point. Had
Google deployed TLS, and required X.509 authentication (even whilst handing
out a single certificate for all its thousands of domains), then I think
the bar would have been raised significantly - possibly even enough to make
the spammers use user accounts instead (as they now will). Moreover, it
would have helped the community as a whole.

As I've said previously, other esoteric behaviours of the service won't
have helped, either.

Still, we're now free to put a lot of this into place - Google Talk's low
security stance was demonstrably reducing the security stance of the entire
network, and moreover, it was also an attractive target for spammers, so
we'll have a lot of the pressure reduced.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130523/775ef54c/attachment.html>


More information about the Operators mailing list