Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
On 19 July 2018 at 18:43, W. Martin Borgert <debacle@debian.org> wrote:
> Quoting Petter Reinholdtsen <pere@hungry.com>:
>>
>> Perhaps the state of spam protection is a topic to address?
>
>
> Yes, definetely. Just to spoil everyones eagerness:
>
> There is no firewall in place yet, but at least vogler.d.o already
> runs stretch with the stable backports of prosody and prosody-modules,
> so we *could* have a firewall. So far, nobody found the time to do the
> next step, AFAIK.
>
> My own experience is, that spam (or "spim") is not as big a problem
> as it was one year ago. No idea, why. The few spam that I get, is
> "invitation spam" (= contact requests). Unfortunately, prosody
> firewalls cannot handle this, if I'm not mistaken.
Prosody's mod_firewall has the capability to filter/block anything.
The tricky part (as with all spam) is identifying what should be
blocked and what should not. There is very little information
contained in a subscription request (unlike a message, which may
contain spam URLs, etc.).
The current "best" approach seems to be blocking servers that generate
lots of outbound spam (such servers typically allow open registration
and are not well-maintained). E.g. see here:
https://github.com/ge0rg/jabber-spam-fighting-manifesto
Any other ideas are welcome, but I don't think the issue of spam will
ever be 100% solved. I do believe we can get a long way though - spam
has never been solved entirely for email, but we have a lot of
advantages in XMPP, such as stronger server identity verification
built into the protocol.
Regards,
Matthew
Reply to: