On Wed, Feb 13, 2013 at 09:48:59AM +0100, Per Gustafsson wrote: > I work with Google's chat service, and we are seeing lots of spammy invites > from users on various federated domains, including jabberes.org, jabber.se, > jabber-hosting.com and jabber.org. Have you noted an elevated amount of > sccount creation etc., and is there anything you can do about it in that > case, otherwise we will have to institute very tight limits of invites per > day being sent from federated domains.
Here I've got the same problems as well (aszlig.net, headcounter.org, no-icq.org, noicq.org - not yet listed at xmpp.net since the rework) and i'm going to disable new registrations as soon as the load is low enough. The main target of these massive spammy subscribes is gmail.com and it's quite hard to track them down without "accidentally" locking out real users. My second step would be to reenable registrations and only allow verified users to use S2S. But I'm not sure about how to do this for every single user (maybe some kind of WoT within the local network?). So, any idea about how to mitigate this without forcing too much restrictions on real users (like for example I'd want to avoid captchas)? a! -- aszlig
signature.asc
Description: Digital signature
