On 11/25/09 11:53 AM, Jesse Thompson wrote: > Peter Saint-Andre wrote: >>> I think that the key for the 'right/best' anti-SPAM XMPP solution is to >>> involve regular/polite XMPP users in any way. >> >> I have my doubts that normal users will bother to flag messages as spam. >> However, given that I have only ever received a few spam messages over >> XMPP (and even those I wasn't 100% sure about), perhaps it would not be >> such a huge burden. > > I like the idea of account level reputation. The current, most > troublesome, battlefront on the war against email spam is dealing > spammer-created freemail accounts,
Most of the large, public XMPP IM services essentially offer "freechat" accounts. The use of CAPTCHAs at, e.g., jabber.org is a small hurdle. > and with phished account credentials > on closed systems. I think we've seen less of this on the XMPP network because we don't have very good web integration. > You could apply an account-level reputation system at the server as well > as the client. > > An XMPP operator could set up the server to block domains whose > trustworthy account ratio is below their tolerance level. This would > effectively block domains that have only spammers. But it would not > block domains like jabber.org or gmail that are trustworthy but have > spammers signing up for free accounts. Agreed. > For spamming accounts in trustworthy domains, the server operator could > set it up to block accounts that meet a certain untrustworthiness > threshold. So when mydomain.com receives an inbound stanza from [email protected], it would check the trust score of the sender? > Or, the users could do it at the client level. That seems like more work. See above about user laziness. :) > The key is to figure out how to collect and expose the data in a private > way. Your thoughts are welcome. Do you mean the scores need to be private, or the source data needs to be private? Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
