Of course, the weakness with these whitelist systems is that a spammer could spoof the address of someone in your whitelist. This is not possible with Jabber, as there is no whitelist. Every s2s connection is authenticated.True, but it's dead easy to make a new s2s connection. The only thing you need
is a domainname that resolves to the address of your (temporary) server. They can just get rid of that domainname afterwards.
Ok, it will be fairly difficult to abuse the Jabber equivalent of open relays, they'll have to setup dedicated jabber servers or they have to create a lot of accounts on public servers and use them to send bulk messages. Almost all public servers are open to any registration at the moment. It's dead easy to create 20.000 accounts and then sends lots and lots of messages without having to worry about karma settings. Especially if you use several different servers.
-- Bart
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
