On Thu, May 23, 2013 at 12:35 AM, Justin Uberti <jube...@google.com> wrote:
> That seems like an overly cynical assessment of the situation. Speaking as > an individual, it is sad that spammers were more willing to adopt XMPP than > other IM networks, but so it goes. > I'm not sure sufficient information exists in one place to make a statement like that. If it does, I've certainly never seen it. MSN, AOL, and various other networks all have had, or do have, spam problems, without having open federation. I'd hesitate to suggest that the spam problem on Google Talk's XMPP service was worse at its peak than MSN or AOLs at theirs, without a lot more data to base that statement upon. Google's was exasperated not by simply allowing federation, but by allowing largely unauthenticated federation, making it by far the weakest point. Had Google deployed TLS, and required X.509 authentication (even whilst handing out a single certificate for all its thousands of domains), then I think the bar would have been raised significantly - possibly even enough to make the spammers use user accounts instead (as they now will). Moreover, it would have helped the community as a whole. As I've said previously, other esoteric behaviours of the service won't have helped, either. Still, we're now free to put a lot of this into place - Google Talk's low security stance was demonstrably reducing the security stance of the entire network, and moreover, it was also an attractive target for spammers, so we'll have a lot of the pressure reduced. Dave.
