[Operators] Annoying spam

Peter Saint-Andre peter at andyet.net
Tue Nov 10 17:02:52 UTC 2015


On 11/10/15 8:30 AM, Simon Josefsson wrote:
> Sam Whited <sam at samwhited.com> writes:
>
>> This doesn't answer the question directly, but I've been keeping a
>> list of JIDs that I've seen sending spam:
>>
>> https://bitbucket.org/snippets/SamWhited/rLqKB/spammy-jids
>>
>> Feel free to add to it (I think you can do that with snippets? If not
>> I'll move it to a wiki page). I'm probably just going to start
>> blocking any server that has open registration which doesn't require
>> at least a captcha.
>
> Thank you.  Inspired by your page I created the following page (on
> gitlab as I don't want to rely on a non-free service like bitbucket) to
> document the JIDs that spammed me.
>
>    https://gitlab.com/snippets/10433
>
> Has anyone documented how to use a list like this to ban certain
> JIDs/servers?  Doing that is probably server-dependent, but still it
> might be possible to discuss it generally.  There may be opportunity to
> create a DNS-based blacklist out of this as well.

Hi Simon,

First, I'm sorry that you (and others) are experiencing spam. On the 
Free-RTC list you wrote:

    I'm operating my own xmpp/jabber server since a few months ago,
    and I have began receiving spam.  This seems like a generic
    problem affecting anyone operating open/federated xmpp/jabber
    servers.

In fact this problem is quite recent - we had essentially no spam on the 
XMPP network for 15+ years.

I wonder why this has changed recently (aside from the usual story about 
the economics of spam). How are these XMPP addresses being gathered? Are 
they merely being guessed at, or is there something more nefarious going 
on? For example, although this is pure speculation: are there servers on 
the network that are leaking JIDs?

Peter



More information about the Operators mailing list