[Standards] Expected behavior when blocking all unknown JIDs

Goffi goffi at goffi.org
Mon Jan 16 16:22:49 UTC 2017

Le lundi 16 janvier 2017, 17:03:51 CET W. Martin Borgert a écrit :
> Quoting Goffi <goffi at goffi.org>:
> > Instead of blocking unconditionally unknown users (which is not an option
> > for me), would not it make sense to use some kind of challenge (e.g.
> > captcha or computational challenge) ? This would not block everything,
> > but probably a good amount of SPAM/SPIM.
> For email, there is greylisting. IIRC, the receiving server says
> "try again later" on the first contact. This will be done by any
> legitimate server, but for spammers holding the message for e.g.
> one hour is too expensive. Any further messages will be delivered
> immediately. Neither sender nor receiver notice anything, only a
> one hour delay of the first message. In my experience, this
> method doesn't prevent all email spam, but a large part of it.
> Would this SMTP error 450/451 be applicable to XMPP?
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________

I was not thinking about greylisting (because the delay can be annoying), but 
about a challenge, either simple captcha (but would be possible to defeat for 
advanced spam software) or a computational challenge (i.e. the sender has to 
do some resource costly computational challenge, but the result is easy to 
check). In the captcha case the good point is that we can use a text fallback.

Greylisting could be an option too, not sure how efficient it would be in XMPP 
case, and if we could implement it without breaking backward compatibility.

More information about the Standards mailing list