Re: [Operators] How-to fight with SPAM accounts

Wed, 18 Nov 2009 17:40:50 -0800

I like the sound of this. But its worth remembering that this is only one piece of the puzzle. Your solution makes the assumption that everyone who runs an XMPP server is benevolent. Unfortunately, that's not something we can assume. As such, a multi-pronged approach is needed. Something like yours that can work with sites with benevolent admins. And something like DNSBL will be needed to handle sites/domains that are known to not handle the first method. 

Peter Viskup wrote:

Hi all,

I just went trough the discussions 'How is XMPP better than SMTP for 
spam prevention?' [1] and fresh 'DNSBLs' [2] and was little bit thinking 
about the fighting against SPAM accounts.

I have one - probably not bad/well - opinion:
    - define XEP in this way (sorry for any not well formed sentences ;-) ):


1) each XMPP account have SPAM-ratio and each server is administering 
SPAM ratio's for it's accounts
2) every XMPP messsage user received can user mark as SPAM and this will 
send the 'SPAM-hit' to the XMPP server of sender JID
3) every XMPP server is calculating the number of messages sent by the 
XMPP account for last session/week/month/any-other-timeframe and 
'SPAM-hit' and the account will be blocked/removed if the threshold of 
SPAM-limit will be reached
4) it is needed to find way how to gain with not polite XMPP servers 
(servers which have not well defined this 'anti-SPAM' XEP)



This (in more sophisticated design) could be the right fighting tool 
against SPAM.


It will be:
- decentralised
- not based on bloking DNSs/IPs (the worst way to deal with SPAM on XMPP)

- all XMPP users will be involved in anti-SPAM fight (much powerful like 
any SpamAssassin)

- not using too much server resources
- not based on the list of DNSs/IPs which will be growing in time


Something similar is probably already in discussion within XMPP Working 
Group or somewhere else - I really do not know.
This was just very quick thought about anti-SPAM solution for XMPP. This 
is not final Draft of XMPP WG :-).
I do not like CAPTCHA and W/BLs - if there is any other way how to 
implement anti-SPAM and improve security of XMPP network - then do that 
in way when comfort of polite users will not be affected.



I think that the key for the 'right/best' anti-SPAM XMPP solution is to 
involve regular/polite XMPP users in any way.


Best regards,
Peter Viskup

[1] http://mail.jabber.org/pipermail/juser/2008-August/006552.html
[2] http://mail.jabber.org/pipermail/operators/2009-November/000728.html
























					Reply via email to