[JDEV] Fighting Jabber Spam
Thomas Charron
tcharron at ductape.net
Tue Jun 26 15:52:08 CDT 2001
From: <johnston at megaepic.com>
Subject: Re: [JDEV] Fighting Jabber Spam
> Well, someone correct me if I'm wrong... but for someone to receive your
presence, you have to permit them to subscribe to your presence. Can't we
tell the server not to accept certain message types (as in not presence
subscription requests :) that come from users that don't have subscription
authorization?
Ahh, so what you're saying is you don't WANT to recieve administrative
messages? 8-)
It's actually viable that you get messages from sources you are not
subscribed to/aren't subscribed to you. Tell me, how will they actually
talk with you to get to be able to BE on your list? 'Spec when your
ignoring them..
'Bob: Hey Joe, I just got on this neato Jabber thing.. Hows it work?'
'Joes client or Server: Kiss off, your not on my list..'
'Bob: But Joe, it's your old friend Bob!!!!!'
'Joes client or Server: Kiss off, your not on my list..'
'Bob: Man, this sucks..'
Later, Joe actually gets it that Bobs trying to talk with him..
Joe sends a subscription request to John, bobs friend.
Subscription from Joe requested, reason: I'm Bobs buddy.
John wonders who the hell this is, as he knows no one named Bob..
'secretly, in a soviet covert operation, 'Robert' has been calling
himself as 'Bob' to others'
John denies subscription.
'Joe: WTF, John? Bob Johnson said to talk to you..'
'Johns client or server: Kiss off, your not on my list.'
These kind of situations are why we can't just block on the server or
client level to our hearts content. Yes, this makes spam easier. But it's
proven that if you lock something down so hard to protect users, it will
limit their freedom, and hence, acceptance of the software.
More information about the JDev
mailing list