[Operators] Prosody vs. spammers - security measures?

Kevin Smith kevin at kismith.co.uk
Mon Feb 3 18:13:20 UTC 2014


On Mon, Feb 3, 2014 at 6:03 PM, Marco Cirillo <maranda at lightwitch.org> wrote:
> Registration form with a long complex captcha + DEA filter + ip address
> based throttling, E-Mail verification + 1 Mail Address associated per XMPP
> account.

Some of these (IP throttling, limit per email address) help multiple
registrations on a single server, but not farming registrations across
the network (not that this makes them bad things).

> Wards off 99% of Spam Registrations on lightwitch.org alone.

Ah, this is good - I don't think anyone else is collecting statistics
on how this stuff works (if they are, please share). Do you have a
breakdown of how the different preventions contribute to the 99%, and
how do you detect the remaining 1% (and gain confidence that there are
none not detected)?

/K


More information about the Operators mailing list