Matthew Wild <mwi...@gmail.com> writes: >> Stepping back a bit, why is it even possible to send messages to >> arbitrary people without prior authorization? I naïvely thought that >> the anti-spam property in XMPP was based on having to authorize a >> presence subscription for other people before they can send me a >> messages. Wouldn't that work? Yes, of course, spammers can spam me >> with request to add them, but that is a low-signal channel and I'm not >> likely to accept by random, and if I accidentally do I can remove them >> later on. At least then I don't get 25 lines of spam garbage displayed >> on my cell phone. > > This is a policy, not protocol, issue. I think probably most servers > can be configured to block messages from JIDs not on your roster. E.g. > in Prosody by loading the mod_block_strangers module. > > I've a XEP in my to-write queue (if no-one beats me to it) to define a > way to allow the client the ability to control this policy per-account > however (stemming from the discussion about deprecating the old > privacy lists protocol).
This seems like a good idea, and if implemented by clients and servers would make it easy for me to enable this. Having a switch add complexity though, and if we anticipate more spam, it appears that the only reasonable setting for this would be to reject messages from JIDs not on your roster. In that case, we'd might as well suggest that this should be the default behaviour of servers. /Simon
signature.asc
Description: PGP signature
