On 6 September 2017 at 08:29, Evgeny Khramtsov <xramt...@gmail.com> wrote: > The problem is, last time I checked[1], one third of ejabberd servers > were running ancient versions, like 5 years old or more. There are also > lots of jabberd servers, not sure they have any registration protection > at all. Seems like we need to punish a lot of servers in order to > tighten things up. > > [1] > https://chatlogs.jabber.ru/ejabb...@conference.jabber.ru/2017/03/02.html#15:42:12.564438
I think if we aimed to tighten everything instantly, then it'd simply cut off half (or more) of the federated network. Is there a halfway house we could do? Like if you're on an old/insecure/whatever server, subscriptions would return a warning, perhaps? It'd be useful, I think, just to be able to collect spammer jids and run some analysis, too - my gut feeling is that the source domains will have open IBR and other "loose" security, but it's not clear that anyone has performed any real study of common factors. Dave. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________