[jdev] Presence Subscription to nonexistent contact

Daniel Dormont dan at greywallsoftware.com
Mon Nov 5 19:47:11 UTC 2012 

Reading through RFC 6121 more thoroughly, I now see that section 8.5.1
summarizes exactly what the server is supposed to do:
http://xmpp.org/rfcs/rfc6121.html#rules-localpart-nosuchuser

I guess my question is why. If a server is allowed to (and ejabberd
does) send a service-unavailable response for messages where the user
is not found, why can't it do that for presence subscriptions?

dan

On Sat, Nov 3, 2012 at 8:03 AM, Jonas Wielicki <xmpp-dev at sotecware.net> wrote:
> On 02.11.2012 17:02, David E. Ammouial wrote:
>> To prevent spam, I think it's important that there be no way of
>> detecting whether a given user exists or not.
>>
>> The behaviour in case of a non-existent user should be the same as if
>> they exist but decide to ignore you. What do you people think?
>
> I'm really not sure. In email, there is in theory a way to find out
> whether a given user exists at a server without sending a mail – most
> servers (at least freemailers, didn't try others) disable that
> functionallity though.
>
> On one hand, it is annoying that, when peering with people, they don't
> get notified about a possible typo by the server. Instead, one can
> quickly assume a technical failure, especially if the typo is really
> non-obvious.
>
> On the other hand, this allows spammers to find out whether an address
> exists or not. I'm not sure which value that has to them. If I compare
> the two situations (please correct me if I oversee a peculiar point), I
> get to the following:
>
> If the server does *not* notify the subscriber whether the account
> exists, spammers may just try to send messages to the jid. These are
> either received by a person (who will probably put the spammer on his
> ignore list right away, and deny the subscription request) or go into
> the void, being dropped by the server.
>
> If the server *does* notify the subscriber, a spammer does not need to
> send his spam to the account, effectively reducing the load on the
> server. Then again it imposes social pressure to the user to which a
> subscription request was sent, because he/she might not want to insult a
> person who he/she does not actually want the subscriber in his/her roaster.
>
> Thats what I think about it. Both sides have their advantages and
> disadvantages. Just pushing arguments here, not sure about it myself.
>
> cheers.
>
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________

More information about the JDev mailing list