[Operators] Spam Problem And Its Simple Solution

A a at creep.im
Fri Dec 2 20:05:36 UTC 2016


Hello.

Well, there is no working server-side solution forXMPP as of now, and 
today was a first day I used the "doomed to fail" client-side solution: 
a simple yet effective CAPTCHA-plugin for Gajim. Today was a first day 
for a long time I haven't received a single spam message. Even 
Conversations today haven't produced a single spam notification, since 
Gajim worked all day with a higher resource value and effectively 
filtered all messages.

Client-side filtering simply works.

Lots and lots of people are talking about the innovative counter-spam 
techhiques, greylisting and complex reputation systems for example, but 
I can't understand clearly how anything server-side can work without 
disrupting the openness of the XMPP. In XMPP world, you can register an 
account and start communicate with people, using just a client 
application. You can even route traffic through Tor, if anonymity 
matters. The account can be set up in a matter of minutes, and if you 
know exactly how it is done, you can do it in less than one minute.

Spammers also did like this simplicity. The registration captcha is 
easy, and the process of creating accounts can be automated. If it is 
required, spammers can create a separate unique account for sending just 
a single spam message for a distinct user. Technically this is very much 
doable, and doesn't require any serious expertise.

And if there will be systems deployed on XMPP servers, which will 
analyze account reputation or any other user patterns, what can they do 
for newly created accounts without any prior activity and history? For 
such accounts, spammers' or regular users', there will be absolutely no 
information available. How anything can be determined about those 
without reading the messages? Should we treat them as spammers by default?

On 12/02/2016 01:04 PM, Tomasz Sterna wrote:
> Any solution that puts the burden of fighting SMAP on the users and
> keeps the SPAM sending cost at zero is doomed to fail.



More information about the Operators mailing list