[jdev] Presence Subscription to nonexistent contact
Jonas Wielicki
xmpp-dev at sotecware.net
Sat Nov 3 12:03:21 UTC 2012
On 02.11.2012 17:02, David E. Ammouial wrote:
> To prevent spam, I think it's important that there be no way of
> detecting whether a given user exists or not.
>
> The behaviour in case of a non-existent user should be the same as if
> they exist but decide to ignore you. What do you people think?
I'm really not sure. In email, there is in theory a way to find out
whether a given user exists at a server without sending a mail – most
servers (at least freemailers, didn't try others) disable that
functionallity though.
On one hand, it is annoying that, when peering with people, they don't
get notified about a possible typo by the server. Instead, one can
quickly assume a technical failure, especially if the typo is really
non-obvious.
On the other hand, this allows spammers to find out whether an address
exists or not. I'm not sure which value that has to them. If I compare
the two situations (please correct me if I oversee a peculiar point), I
get to the following:
If the server does *not* notify the subscriber whether the account
exists, spammers may just try to send messages to the jid. These are
either received by a person (who will probably put the spammer on his
ignore list right away, and deny the subscription request) or go into
the void, being dropped by the server.
If the server *does* notify the subscriber, a spammer does not need to
send his spam to the account, effectively reducing the load on the
server. Then again it imposes social pressure to the user to which a
subscription request was sent, because he/she might not want to insult a
person who he/she does not actually want the subscriber in his/her roaster.
Thats what I think about it. Both sides have their advantages and
disadvantages. Just pushing arguments here, not sure about it myself.
cheers.
More information about the JDev
mailing list