[Operators] Prosody vs. spammers - security measures?

Evgeny Khramtsov xramtsov at gmail.com
Mon Feb 3 19:57:12 UTC 2014


Mon, 03 Feb 2014 19:45:21 +0100
Marco Cirillo <maranda at lightwitch.org> wrote:

> Long captcha - around 50%, mainly 70% of automated bot registrations
> E-Mail verification - Mainly 30%, This wards off the remaining bots 
> which manage to OCR the captcha but can't deal with verifying E-Mails.
> DSA Filters + IP Throttling - By 19%, this mainly deals with Human 
> solvers attempting to use DEAs to register spammy addresses.
> 
> The remaining 1% usually it's still human solvers either using mail 
> providers e.g. yahoo or gmail, or DEA Services I don't have the 
> "fingerprint of" but it's usually easy enough to catch 'em with
> periodic log checks and zap 'em therefore.

Nowadays email verification is bypassed easily by creating tons of
fake emails on many servers or within single poorly protected server.
We're thinking to switch to SMS-based verification for
jabber.ru: we have it currently and it works fine and is pretty cheap,
just need to disable email verification completely.


More information about the Operators mailing list