[Standards] pubsub whitelists
Jonathan Chayce Dickinson
chayce.za at gmail.com
Mon Aug 27 20:22:15 UTC 2007
Peter Saint-Andre wrote:
> Fabio Forno wrote:
>> Peter Saint-Andre wrote:
>>> What Joe and Matt pointed out is that the whitelist is a list of people
>>> who are *allowed* to subscribe (or retrieve items), not a list of people
>>> who *are* subscribed.
>> Yep I agree, but that's only a better qualification of the configuration
> I think it is proper definition of the whitelist access model, which we
> didn't really have before.
>> If there is concern about possible spam it's still there,
>> though I don't feel it (in order to use it you need to know the jids of
>> the subscribers, and it's easier to send the spam directly them)
> Probably, yes. :)
Granted, spammers aren't really on the trail of Jabber yet. And there is
little to differentiate it if you don't include the resource because it
looks exactly like an email, but by maintaining a list of Jabber servers
they could probably get at them pretty easily. There is also the
guessing model, i.e.
dickinson.jonathan at gmail.com
jonathan.dickinson at gmail.com
dickinson.jonathan at jabber.org (used to exist, but j.o won't work for me
jonathan.dickinson at jabber.org
Even a simple regex like:
Would harvest jabber addresses. (e.g. look at my signature). Try this
link, and you will S**T yourself.
So it isn't a non-issue. Is there a server black-listing protocol
around? You would have to be rather foolish to send spam off an account
on j.o for example. Maybe once a server takes action, it could notify
other servers that the server that is spamming is up to no good, and
they in turn could notify all the servers that they know...
And I hate to say it, but people like Peter would probably be hit first:
if all else fails, use humans to gather the addresses, and he is jabber
account is on hundreds of XEPs.
jonathan chayce dickinson
email: chayce.za at gmail.com
jabber: moitoi at inflecto.org
<some profound piece of wisdom>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6974 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards