[JDEV] Jabber and spam?

David 'TheRaven' Chisnall theraven at sucs.org
Sat Jun 21 10:59:16 CDT 2003 

Perhaps this approach could be used in another way.  

Allow anyone to register an account (we can't enforce registration 
conditions on every server anyway).
Accept messages from people on your roster automatically.
For anyone new, use a challenge-response mechanism as outlined by Mattias.
    - A new contact is sent a link to an image in OOB data.
    - The new contact must reply to the message with a message 
containing the contents of the image.
    - Only after the message from the new contact has been authenticated 
should the original message be delivered.  If the response is not 
authenticated then the server should generate an error.

This would prevent people from easily sending a large number of spam 
Jabber messages, although it would have a couple of  limitations:
Blind people obviously can not see an image, and so could not recognise 
it.  An alternative, such as a wave sound of someone saying a word / 
phrase or number could be used in place.  This then leaves us with the 
problem of blind and deaf people, who, presumably are using some kind of 
braille terminal.  It would be very difficult to create something which 
can be recognised by someone using a braille terminal but not a computer.
Low bandwidth devices and terminal based clients may also be unable to 
respond to this kind of identification.



Mattias Campe wrote:

> Sebastiaan Deckers wrote:
> [...]
>
>> Someone in this thread mentioned that S2S dialback will effectively 
>> stop spammers because they would need to identify.  But why should 
>> they use a single S2S connection when they can just launch 500 
>> connections to a random server with open registration (eg. 
>> jabber.org) and start spamming at [karma x 500] messages per second?
>
>
> Server admins that don't want scripts to automatically make accounts 
> might take an approach that I've seen on some boards: before you are 
> officially registered, you have to describe what you *see* on a 
> program generated picture, eg. A12K at 3!56.
>
> I don't know if this would require a new JEP? Or is there room in the 
> current registration model to provide such a service?
>
>
> Of course, as not every server admin would use this, it would still be 
> "heaven" for spammers, but then, there wouldn't be so many domainnames 
> so they would be more easy to reject.
>
>
> just my 2 cents,
> Mattias
>
>
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list