But what caught my eye in a special manner was Peter's statement: <<I think that was important in 1999 when we were trying to get end users to adopt Jabber. These days I think it is much less valuable, and maybe even harmful.>>;
good, that was a noble initiative, but yet 13 / 14 years "in the future" whenever I say something like << I tend working a lot with xmpp... >> the frequent _ritual_ answer I get back is << What's xmpp? >> even into mid IT professional environments. Granted... that situation doesn't get _any better_ when we get to the real end-users.
So maybe that "list" still could have a *practical* use... Now on the second point spamming and public services... I'll re-propose a question I did already somewhere in the past to public services' holders... expecially to the "high usage" ones (possibly more, those with unprotected IBR)... Did you actually ever make a census of how many of your concurrent users are actual human beings..?
... *Will wait for replies on this, out of curiousity* ...Finally, moving forward on the "how to protect account registration", there're several very effective measures one of which is CAPTCHA (and that needs to be done right, implementations like ejabberd's .. just aren't appropriate ..) but alone that doesn't do it obviously, you should put some more verification layers after that. I personally employ a long-strict captcha on the site form, plus an additional e-mail token verification and several timeframe checks (e.g. the user has to verify the account within 5 minutes and has to do some copy & pasting...).
Of course, this is not flawless (nothing is in computing after all) and it's potentially possible to craft adhoc tools to counter the challenges but still that takes time, and timeframe checks should give admins enough to still "shut the door on someone's face".
This for what regards my service has cut down automated submissions to a value very near to 0% (... and also some non-automated ones but "c'est la vie") and it's not terribly complex to achieve.
Best regards, Marco.
smime.p7s
Description: Firma crittografica S/MIME
