Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure

To: Matthew Wild <mwild1@gmail.com>
Cc: Petter Reinholdtsen <pere@hungry.com>, Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org>, debian-rtc@lists.debian.org
Subject: Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
From: "W. Martin Borgert" <debacle@debian.org>
Date: Mon, 23 Jul 2018 11:13:52 +0200
Message-id: <[🔎] 20180723111352.Horde.iS4f0kWbp1cGnr6WyjxqO8X@webmail.in-berlin.de>
In-reply-to: <[🔎] CAJt9-x5Yye8QkCriRW+1TQGkqr5KxBpeU3kXXPFYO9_KVe1Pkg@mail.gmail.com>
References: <[🔎] 20180719150947.Horde.3robdjjHraf9W-QDhTUkjQW@webmail.in-berlin.de> <[🔎] sa6muunjl71.fsf@meta.reinholdtsen.name> <[🔎] 20180719194351.Horde.8BMJ0HmqHgRQgGffM5MT3kG@webmail.in-berlin.de> <[🔎] CAJt9-x5Yye8QkCriRW+1TQGkqr5KxBpeU3kXXPFYO9_KVe1Pkg@mail.gmail.com>

Quoting Matthew Wild <mwild1@gmail.com>:

Prosody's mod_firewall has the capability to filter/block anything.
The tricky part (as with all spam) is identifying what should be
blocked and what should not. There is very little information
contained in a subscription request (unlike a message, which may
contain spam URLs, etc.).


True. The best way would be a receiving server side captcha. "Before
you can contact this user, please tell me what is the airspeed
velocity of an unladen swallow?" But that would need a new XEP, right?

The current "best" approach seems to be blocking servers that generate
lots of outbound spam (such servers typically allow open registration
and are not well-maintained). E.g. see here:
https://github.com/ge0rg/jabber-spam-fighting-manifesto


Yes. As long as inline registration and anonymous accounts are still
considered OK, but only limitation on number of accounts for IP per
hour is required, this is fine.

Any other ideas are welcome, but I don't think the issue of spam will
ever be 100% solved. I do believe we can get a long way though - spam
has never been solved entirely for email, but we have a lot of
advantages in XMPP, such as stronger server identity verification
built into the protocol.


I agree. One or the other spam message in a while (or contact request)
is not a problem. Last year it was just far too much. Some users of
the Debian XMPP server got around 10 messages a day. Do you have any
idea, why spim exploded last year and is not so much a problem now?
Did admins actually read Ge0rgs manifesto? :~)

Cheers

Reply to:

Follow-Ups:
- Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
  - From: Matthew Wild <mwild1@gmail.com>

References:
- DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
  - From: "W. Martin Borgert" <debacle@debian.org>
- Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
  - From: "W. Martin Borgert" <debacle@debian.org>
- Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
  - From: Matthew Wild <mwild1@gmail.com>

Prev by Date: Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
Next by Date: Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
Previous by thread: Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
Next by thread: Re: DebConf - talk scheduled: Debian & XMPP: packaging and infrastructure
Index(es):
- Date
- Thread