[Operators] spam resistance

Peter Saint-Andre stpeter at stpeter.im
Thu May 23 15:07:12 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/23/13 3:20 AM, Dave Cridland wrote:

> Google's was exasperated

Exacerbated? But our Google friends were probably exasperated, too.

> not by simply allowing federation, but by allowing largely
> unauthenticated federation, making it by far the weakest point. Had
> Google deployed TLS, and required X.509 authentication (even whilst
> handing out a single certificate for all its thousands of domains),
> then I think the bar would have been raised significantly -
> possibly even enough to make the spammers use user accounts instead
> (as they now will). Moreover, it would have helped the community as
> a whole.

As Jesse pointed out, it's not clear that this would have helped all
that much. It might have helped to prevent some rogue servers (but we
don't have any stats on how many such servers there are or were). It
would not have helped to prevent spam from spammy users at otherwise
legitimate servers (and as far as I know the bulk of the spammy
invites came from users at legitimate servers).

> Still, we're now free to put a lot of this into place - Google
> Talk's low security stance was demonstrably reducing the security
> stance of the entire network, and moreover, it was also an
> attractive target for spammers, so we'll have a lot of the pressure
> reduced.

Right, so let's get to work. :-)

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRnjCgAAoJEOoGpJErxa2peL0P/jXAtlDqfGdITvpWaHDxeT6o
B8qzHB2lriLG3ngN0qQjruyC0mM6lV/ixpWCljt+cR1wMUFrTylmtQbZlH4T1ucK
HjmR+IC9CRpjIMLA9hx9/twvRX+4U4dLYRByUN82HC6Uv9vhwHpj8unckCmnegsM
CsMlLnQeAEx9+v1s7egi8AjsLLgJwEte64OLMq5Bk0UL0p4DJVotU8IWG2pTMKr+
6NmIiW3Vs+RrcXOZQkAd+n9AD5pFMsYYqtPa5r+w6WzsTKCOHwGJX+4gNQ87EysE
PSCyODu7McKS7EX+S5rF1zEFxp3iYPtZMnH6Tia3YxPmIgk6MOa6geRpiFBsPo5T
mxd/hpo33NG7JwHBCSISu1Yk0BG3gKe1fzKFc+FhlACfoD/JD5f4NbUvje75b+MJ
/1CRBghbD/K6yXS0SPM1LP1Gg7puJnKHUQnlLlRBKo77l8czmZxQzfwe4ZDH7YwG
Keq/5jOOWnsPK+B54lsXibG4fPMNGGID7PdmX7OpRWkZHUaDSIZX4TqMu4apPRtb
cZ+/LfSM/0U1WVOSAHYU8d3YzCJlCwLChnOOMFLzR4827DHTf+FSvBbvsQFhRG3Q
jYQ7tRvkl3qvPeLJ62GfFyWN4xY2I6ADnw9wKtdsNPFTKB7VoNoX63MwfHfaoM+a
6RjPzEstQL2hjIf2Pw8v
=CXOU
-----END PGP SIGNATURE-----


More information about the Operators mailing list