[JDEV] Jabber and spam?

[Sebastiaan Deckers]

Bart van Bragt wrote:

> I was adjusting my email spam filters, again, and that started me 
> wondering about Jabber and spam.
>
> IMO there are not many provisions to prevent spam from being 
> sent/received in the jabber protocol. The only thing you can do is:
> - block everything from anyone not in your roster except auth requests
> - blacklist specific servers (very temporary solution)
> - Filter on certain words/patterns (brrrrr, no a very clean solution)
>
> I don't know of any clients/servers that implement the first 
> 'solution'. Has this been though about? Any idea how spam can be 
> prevented or at least reduced? 


The first solution is included in most clients, I think.  RhymBox has 
supported this for over a year.
Karma protection at the S2S and C2S level is much more effective.  
However it also does not solve the real problem.
I imagine we will eventually see Bayesian filters in the server or other 
neat techniques like distributed, automated blacklists.  Spam protection 
is not something you would want in clients, long term.

Most of the spam I receive these days comes from popular transports.  
That means as XMPP grows, the spammers will come.
It is good to have basic systems already in place, which allow total 
blocking of messages.  And a more elaborate filter system at the server 
level is (relatively) trivial to implement.

Someone in this thread mentioned that S2S dialback will effectively stop 
spammers because they would need to identify.  But why should they use a 
single S2S connection when they can just launch 500 connections to a 
random server with open registration (eg. jabber.org) and start spamming 
at [karma x 500] messages per second?

-- 
Sebastiaan