On 11/18/09 5:22 PM, Peter Viskup wrote: > Hi all, > I just went trough the discussions 'How is XMPP better than SMTP for > spam prevention?' [1] and fresh 'DNSBLs' [2] and was little bit thinking > about the fighting against SPAM accounts. > I have one - probably not bad/well - opinion: > - define XEP in this way (sorry for any not well formed sentences ;-) ): > > 1) each XMPP account have SPAM-ratio and each server is administering > SPAM ratio's for it's accounts
That works for benevolent servers. > 2) every XMPP messsage user received can user mark as SPAM and this will > send the 'SPAM-hit' to the XMPP server of sender JID Will any user ever flag messages as spam? What about attacks on this process? You can be sure that any reputation system like this will be subject to attacks (I flag all your messages as spam because I don't like you). > 3) every XMPP server is calculating the number of messages sent by the > XMPP account for last session/week/month/any-other-timeframe and > 'SPAM-hit' and the account will be blocked/removed if the threshold of > SPAM-limit will be reached > 4) it is needed to find way how to gain with not polite XMPP servers > (servers which have not well defined this 'anti-SPAM' XEP) > > This (in more sophisticated design) could be the right fighting tool > against SPAM. We had a proposal like this -- probably the early versions of XEP-0161. > It will be: > - decentralised > - not based on bloking DNSs/IPs (the worst way to deal with SPAM on XMPP) > - all XMPP users will be involved in anti-SPAM fight (much powerful like > any SpamAssassin) > - not using too much server resources > - not based on the list of DNSs/IPs which will be growing in time > > Something similar is probably already in discussion within XMPP Working > Group or somewhere else - I really do not know. > This was just very quick thought about anti-SPAM solution for XMPP. This > is not final Draft of XMPP WG :-). > I do not like CAPTCHA and W/BLs - if there is any other way how to > implement anti-SPAM and improve security of XMPP network - then do that > in way when comfort of polite users will not be affected. CAPTCHAs are good for account registration. They might also be good for joining chatrooms. They might in the future also be good for adding someone to your Buddy List[tm]. We'll see. > I think that the key for the 'right/best' anti-SPAM XMPP solution is to > involve regular/polite XMPP users in any way. I have my doubts that normal users will bother to flag messages as spam. However, given that I have only ever received a few spam messages over XMPP (and even those I wasn't 100% sure about), perhaps it would not be such a huge burden. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
