Reading through RFC 6121 more thoroughly, I now see that section 8.5.1 summarizes exactly what the server is supposed to do: http://xmpp.org/rfcs/rfc6121.html#rules-localpart-nosuchuser
I guess my question is why. If a server is allowed to (and ejabberd does) send a service-unavailable response for messages where the user is not found, why can't it do that for presence subscriptions? dan On Sat, Nov 3, 2012 at 8:03 AM, Jonas Wielicki <[email protected]> wrote: > On 02.11.2012 17:02, David E. Ammouial wrote: >> To prevent spam, I think it's important that there be no way of >> detecting whether a given user exists or not. >> >> The behaviour in case of a non-existent user should be the same as if >> they exist but decide to ignore you. What do you people think? > > I'm really not sure. In email, there is in theory a way to find out > whether a given user exists at a server without sending a mail – most > servers (at least freemailers, didn't try others) disable that > functionallity though. > > On one hand, it is annoying that, when peering with people, they don't > get notified about a possible typo by the server. Instead, one can > quickly assume a technical failure, especially if the typo is really > non-obvious. > > On the other hand, this allows spammers to find out whether an address > exists or not. I'm not sure which value that has to them. If I compare > the two situations (please correct me if I oversee a peculiar point), I > get to the following: > > If the server does *not* notify the subscriber whether the account > exists, spammers may just try to send messages to the jid. These are > either received by a person (who will probably put the spammer on his > ignore list right away, and deny the subscription request) or go into > the void, being dropped by the server. > > If the server *does* notify the subscriber, a spammer does not need to > send his spam to the account, effectively reducing the load on the > server. Then again it imposes social pressure to the user to which a > subscription request was sent, because he/she might not want to insult a > person who he/she does not actually want the subscriber in his/her roaster. > > Thats what I think about it. Both sides have their advantages and > disadvantages. Just pushing arguments here, not sure about it myself. > > cheers. > > _______________________________________________ > JDev mailing list > Info: http://mail.jabber.org/mailman/listinfo/jdev > Unsubscribe: [email protected] > _______________________________________________ _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
