On 20 Mar 2013 23:09, "Peter Viskup" <[email protected]> wrote: > > On 03/20/2013 07:03 PM, Dave Cridland wrote: >> >> Peter mentioned ensuring that open registration is blocked - I think that open registration has proved itself our equivalent of open relaying in SMTP, and we need to campaign strongly against this. The majority of servers have no need to support IBR; I think we have to declare this seriously harmful at this point. > > > Please stop spread this myth. IBR isn't nothing like open relay in SMTP. Any web-form based registration isn't solution to this situation. I am seeing a lot of automated registrations on my Drupal sites for example. > Did anybody performed some investigation and proved which servers are used for these attacks and if all of them are IBR-enabled? I'm not aware of anybody - didn't see list of the servers. >
I said open registration, actually. IBR seems particularly harmful, though. But fundamentally, open registration allows spammers to use a server to host their spam bots. This is a close parallel to SMTP open relays, in my opinion. > >> Finally, I'd note that clients themselves can mitigate against subscription request spamming by ensuring that their UIs handle requests in such a way that won't promote spam. > > > Agree - for example Gajim client has 'Anti-Spam' extension which probably can be used as an protection against this (I don't use it/not sure about it). > > -- > Peter Viskup
