[JDEV] Jabber and spam?
Bart van Bragt
jabber at vanbragt.com
Sat Jun 21 07:10:48 CDT 2003
Justin Karneges wrote:
> Of course, the weakness with these whitelist systems is that a spammer could
> spoof the address of someone in your whitelist. This is not possible with
> Jabber, as there is no whitelist. Every s2s connection is authenticated.
True, but it's dead easy to make a new s2s connection. The only thing
you need
is a domainname that resolves to the address of your (temporary) server.
They can just get rid of that domainname afterwards.
Ok, it will be fairly difficult to abuse the Jabber equivalent of open
relays, they'll have to setup dedicated jabber servers or they have to
create a lot of accounts on public servers and use them to send bulk
messages. Almost all public servers are open to any registration at the
moment. It's dead easy to create 20.000 accounts and then sends lots and
lots of messages without having to worry about karma settings.
Especially if you use several different servers.
--
Bart
More information about the JDev
mailing list