[JDEV] Fighting Jabber Spam

johnston at megaepic.com johnston at megaepic.com
Tue Jun 26 16:19:54 CDT 2001 

Sorry for the double negative :) I meant that you would ignore all messages from users that were not subscribed EXCEPT those administrative messages for subscription, etc.

Mat

On Tue, Jun 26, 2001 at 04:52:08PM -0400, Thomas Charron wrote:
> From: <johnston at megaepic.com>
> Subject: Re: [JDEV] Fighting Jabber Spam
> > Well, someone correct me if I'm wrong... but for someone to receive your
> presence, you have to permit them to subscribe to your presence. Can't we
> tell the server not to accept certain message types (as in not presence
> subscription requests :) that come from users that don't have subscription
> authorization?
> 
>     Ahh, so what you're saying is you don't WANT to recieve administrative
> messages?   8-)
> 
>     It's actually viable that you get messages from sources you are not
> subscribed to/aren't subscribed to you.  Tell me, how will they actually
> talk with you to get to be able to BE on your list?  'Spec when your
> ignoring them..
> 
>     'Bob: Hey Joe, I just got on this neato Jabber thing..  Hows it work?'
>     'Joes client or Server: Kiss off, your not on my list..'
>     'Bob: But Joe, it's your old friend Bob!!!!!'
>     'Joes client or Server: Kiss off, your not on my list..'
>     'Bob: Man, this sucks..'
> 
>     Later, Joe actually gets it that Bobs trying to talk with him..
> 
>     Joe sends a subscription request to John, bobs friend.
> 
>     Subscription from Joe requested, reason: I'm Bobs buddy.
>     John wonders who the hell this is, as he knows no one named Bob..
>     'secretly, in a soviet covert operation, 'Robert' has been calling
> himself as 'Bob' to others'
>     John denies subscription.
>     'Joe: WTF, John?  Bob Johnson said to talk to you..'
>     'Johns client or server: Kiss off, your not on my list.'
> 
>     These kind of situations are why we can't just block on the server or
> client level to our hearts content.  Yes, this makes spam easier.  But it's
> proven that if you lock something down so hard to protect users, it will
> limit their freedom, and hence, acceptance of the software.
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list