If you have concrete suggestions for what the XSF should be doing, and/or how servers could defend themselves against spam and DDoS, I'd be interested in hearing them.
My understanding is that they're both difficult problems to tackle without a lot of data processing and analysis, but that a key issue is that freely available old-school IBR means that - I'll quote something Philip Hancke told me this morning - '"public server" means "open relay" most of the time.' Whilst it's possible to mount an XMPP-based DDoS without IBR, it's much harder, and forcing people to manually create each account *will* slow them down. The other thing would be to set up central services for verification of the usage of email addresses, which we could do. I'm thinking loosely in terms of a Bloom table for email address hashes. Needn't even do more than Bloom, actually, which makes it quite cheap, in terms of resources - since if there's a collision, we can either reset the bloom, or the admins could manually accept. But I'm thinking aloud, and somewhat pre-empting your comments. Dave.
