On 09/08/2010 11:29 AM, Evgeniy Khramtsov wrote:
09.09.2010 02:19, Jesse Thompson wrote:Do you mean that spammers could flood users with subscription requests? I suppose that would be difficult to deal with. Could it be solved with UI improvements? e.g., a queue listing of pending requests, as opposed to a pop-up for each request.Currently, we have mixed flood: subscriptions and messages. Flooders are aware of protocol weakness: they are not idiots after all ;)
Right, they aren't idiots.My original point was that it might be beneficial to find a solution other than re-hashing the email spam war. We can go through the hassle of blocking the IPs of servers that don't limit registrations, so the spammers will start setting up their own servers on zombies. We can then go through the hassle of blocking zombie servers, so the spammers will start creating accounts on trustworthy services (captchas might help, but it hasn't stopped email spammers.) We can go through the hassle of blocking the JIDs of users on trusted services, so the spammers will just start phishing for credentials of trusted users on trusted services.
We already know the end game, because email has already gone through the process. I was just wondering if we can skip ahead to the point where we have to figure out how to deal with the fact that you can't really trust any user on any service.
Jesse
smime.p7s
Description: S/MIME Cryptographic Signature
