mathieuiI mean, generally we don’t get too much spam from it
edhelasdo you have your blacklist published somewhere ?
mathieuion the other hand, they certainly are a first-class offender when it comes to registering automated accounts and then broadcasting stuff to them, either to *relay* spam, for DoS, or other stuff
mathieui(being a botnet relay is not really pleasant, so we blacklisted that)
edhelasdo you have your rules published somewhere ? I'm interested to maybe put them in my server config as welll
mathieuiwe could publish our blacklist, I suppose
mathieuifirewall rules are a bit more touchy
zuglufttierWouldn't some kind of trusted network be nice?
zuglufttierThe whitelist approach ;)
mathieuia whitelist approach is bad for the federation, I would rather not do that
edhelaszuglufttier I got ~160 s2s connections on my server
mathieuiwe have 2500 s2s connections onr our server
Ge0rGMy main issues with such a blacklist are:
- who is trustworthy to add entries?
- where do you put the line?
- how can people get off the list?
mathieuiwell, exploit.im being a vanity badge for black hats, I don’t think they will get off my list
edhelasis there other servers like this ?
Ge0rGedhelas: xmpp.jp seems popular among spammers as well
Ge0rGbut I don't think they are shady per-se
zuglufttierI think the main problem are servers that are not up to date and have no real administrator.
Ge0rGif you blacklist exploit.im, you might offend some kiddies there and get a nice little DDoS.
zuglufttierOtherwise, you could use the whitelist approach. Everybody does trust one or two servers in the beginning and so the network will grow quickly.
Ge0rGzuglufttier: that's "web of trust" and it doesn't work for PGP already
zuglufttierAnd after that: Use a democratic approach. Malicious server can be blacklisted on your server and you could flag them as bad in the whitelist. If the server gets too much bad reputation, it could be removed from the whitelist.
zuglufttierBut it really needs active administrators.
zuglufttierAnd it's problematic in other scenarios :D
mathieuiand yes, xmpp.jp is kind of unmaintained
zuglufttierWe could introduce blockchains to remove the need for a central withelist server. But again, this is not a perfect solution...
edhelasplease dont bring blockchain in the discussion…
Ge0rGzuglufttier: we can just store our messages in the blockchain. Problem solved.
Ge0rGI never finished the xmpp-message-proof-of-work XEP :(