[Operators] Announce: Jabber Spam Fighting Manifesto (for public servers)

Hanno Böck hanno at hboeck.de
Sun Feb 11 09:53:38 UTC 2018


Hi,

On Thu, 8 Feb 2018 09:31:51 +0100
Georg Lukas <georg at op-co.de> wrote:

> I have prepared a Jabber Spam Fighting Manifesto, available at
> https://github.com/ge0rg/jabber-spam-fighting-manifesto

I have lots of problems with XMPP spam so I'm happy for any initiative,
yet I think for this to be a success it should be more specific.
I.e. it should be very clear for every server operator how to comply
with the manifesto.

For me I feel there isn't much to do, as I don't allow open
registration on my server, but if I operated an open server I'd be
worried.


I.e. look at the rule:
"Monitor and review registrations from IP addresses with bad reputation
(open proxy servers, Tor exit nodes), or enforce additional checks on
those users, like a CAPTCHA or a valid phone number."

If I should implement this I have plenty of questions:
* Where do I get a list of IPs with bad reputation? Is there an
  authoritative one that is easily accessible that I can take? Is it
  updated regularly?
* Is there an easy way to configure this with all common XMPP server
  implementations? Are these also available in widely used distribution
  packages? I.e. it gets impractical if plenty of people use XMPP
  server xyz on debian stable, but the feature is only available in the
  very latest version of xyz that is not in any distro yet.

I think there needs to be some kind of easy and clear step by step
guide how server operators can comply with this manifesto, and that
should work in all commonly used server settings.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20180211/0f41daed/attachment.sig>


More information about the Operators mailing list