[Pkg-xmpp-devel] DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure

W. Martin Borgert debacle at debian.org
Mon Jul 23 10:13:52 BST 2018

Quoting Matthew Wild <mwild1 at gmail.com>:
> Prosody's mod_firewall has the capability to filter/block anything.
> The tricky part (as with all spam) is identifying what should be
> blocked and what should not. There is very little information
> contained in a subscription request (unlike a message, which may
> contain spam URLs, etc.).

True. The best way would be a receiving server side captcha. "Before
you can contact this user, please tell me what is the airspeed
velocity of an unladen swallow?" But that would need a new XEP, right?

> The current "best" approach seems to be blocking servers that generate
> lots of outbound spam (such servers typically allow open registration
> and are not well-maintained). E.g. see here:
> https://github.com/ge0rg/jabber-spam-fighting-manifesto

Yes. As long as inline registration and anonymous accounts are still
considered OK, but only limitation on number of accounts for IP per
hour is required, this is fine.

> Any other ideas are welcome, but I don't think the issue of spam will
> ever be 100% solved. I do believe we can get a long way though - spam
> has never been solved entirely for email, but we have a lot of
> advantages in XMPP, such as stronger server identity verification
> built into the protocol.

I agree. One or the other spam message in a while (or contact request)
is not a problem. Last year it was just far too much. Some users of
the Debian XMPP server got around 10 messages a day. Do you have any
idea, why spim exploded last year and is not so much a problem now?
Did admins actually read Ge0rgs manifesto? :~)


More information about the Pkg-xmpp-devel mailing list