Hello, > On 09 Sep 2015, at 16:45, Peter Saint-Andre - &yet <[email protected]> wrote: > > On 9/9/15 8:23 AM, Peter Saint-Andre - &yet wrote: > >> It might be time to revisit the old spam-prevention specs we started to >> define years ago. > > For the record, those were things like: > > http://xmpp.org/extensions/xep-0159.html > http://xmpp.org/extensions/xep-0267.html > http://xmpp.org/extensions/xep-0268.html > http://xmpp.org/extensions/xep-0275.html > > I haven't looked at them in a long time, so I'm not sure if I still think > they might work, if they're too complex, etc.
I agree it seems a good moment to revise the spam-prevention spec. I am willing to help. I was toying with various criteria to build local user reputation system that could be used for a server to flag possible outgoing traffic for example (XEP-0275 is a good start). It does not prevent totally bad domain to spam, but if you trust some server, you can for example flag users with good reputation to give a hint that the request could be legitimate. This could be handy for outgoing subscription requests. To build that reputation system, we need a lot of cooperation tools in place, spam reporting, etc. Anyway, probably not the best threat / ML to get into details, but I would be interested in helping out. -- Mickaël Rémond http://www.process-one.net
