[Operators] Annoying spam

Florian Schmaus flo at geekplace.eu
Sun Nov 15 08:34:54 UTC 2015


On 10.11.2015 20:25, Simon Josefsson wrote:
> Stepping back a bit, why is it even possible to send messages to
> arbitrary people without prior authorization?  I naïvely thought that
> the anti-spam property in XMPP was based on having to authorize a
> presence subscription for other people before they can send me a
> messages.

You authorize entities to view your presence via the subscription
mechanism, not to send you stanzas. You can't really want to first need
people to go through some sort of (multi-step) authorization process
prior being able to send you messages. Imagine what would happen to
E-Mail if this where the case.

The Spam problem is solved in E-Mail, not efficiently but sufficient. I
put my E-Mail address(es) everywhere on the web without any obfuscation
for more then 8 years now and have zero problems with SPAM. We just need
to adopt the SPAM solutions to XMPP while also improving these. Yes, I
know that IM is a bit different than E-Mail, but I still think there is
much we can learn from how Spam is fought in E-Mail.

But requiring people to authorize others so that they can send you
messages is a big step backwards.

> Wouldn't that work?  Yes, of course, spammers can spam me
> with request to add them, but that is a low-signal channel and I'm not
> likely to accept by random, and if I accidentally do I can remove them
> later on.  At least then I don't get 25 lines of spam garbage displayed
> on my cell phone.

No it wouldn't work. Nothing prevents spammers to send you 25 lines via
a presence stanza to your cell phone (unless there is a server policy in
place).

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20151115/0570dfdd/attachment.sig>


More information about the Operators mailing list