SouLSo, surprisingly, I've never received any SPAM and my account is quite public. Somebody in my server got the following and I can't understand how they found the JID to SPAM:
Headline> email@example.com/Psi says: Качественная JABBER Рассылка / Good Jabber Adverts
Лучшая реклама Jabber для Вашего сервиса / Best Jabber Adverts for your service!
#1 Рассылка /1 Spam Adverts = 15$
457к JIDs Кардинг тематика! / Carding Contact List
Так же ДЕЙСТВУЕТ АКЦИЯ! / Also NOW DISCOUNT! = 5 рассылок = 50$ / 5 Spam adverts = 50$
Действуют скидки при заказе от 5 рассылок / Discount for more 5 spam adverts
Помощь подготовки рекламного текста Вашего сериса/шопа/и т.п
Так же имеются другие тематики, уточняем лично!
Food Jabber - Устранение конкурента! от 10$ в час
Jabber firstname.lastname@example.org 24/7 Online!
Приношу извинения за рассылку!
P.S так же продажа комплекта спама (Jabber Spammer + Jabber base 457k = 350$ / Also selling pack for
JIDs spam (Jabber Spammer + Jabber Base 457k JIDs) Price 350$
Licaon_KterSouL: was the JID a common name?
MattJand/or did they join MUCs or have contacts on certain remote servers?
SouLNot at all, from what he says, he joined once to the Psi+ MUC and that is all. (Only chats with friends and family, so that is why I'm kind of puzzled)
I mean, I would understand if I get SPAM but not him, wow
SouLMy Prosody setup is not ready to fight SPAM, I hope it does not become a problem
Ge0rGOh, I know that spam message.
HolgerI got it just a minute ago.
HolgerFirst spam to *this* JID of mine ...
Ge0rGSomebody got a new spam-jid list?
Ge0rGHolger: so... mod_firewall, finally?
HolgerCertainly bumps up a few positions in the to-do list :-)
MattJSouL, the Psi+ MUC is on jabber.ru?
MattJThere are many possibilities
MattJe.g. an admin of the MUC may be on a different server that is leaked/compromised/compliant with spammers
MattJConsider that server operators have all the data that spammers want (JIDs, JIDs, JIDs)
MattJBest of all... active JIDs
MattJA rogue server operator could easily sell that info to spammers
Ge0rGSouL: how much randomness is in that account name=
oliwe need temporary jids for muc
Ge0rGMattJ: that smells like a business model
MattJGe0rG, sure it is
Ge0rGHow much is a JID?
MattJIt made some of the largest companies in the world successful :)
MattJ1) get users to use your free service 2) sell some amount of the data you gather from this 3) PROFIT!!!
MattJThis is only one possibility. Server databases have been compromised in the past (so rosters were leaked, and I know my JID was in one of those)
olixmpp is doomed
MattJThe internet is doomed. Humanity is doomed :)
Ge0rGdoom is doomed
olioh yeah, there are bigger problems i forgot
edhelascan we run Doom on XMPP ? 🤔
Ge0rGXMPP is not a toaster.
olican we run xmpp on an amiga?
Link MauveMy first XMPP client was built for a significantly more limited computer than my Amiga.
olicould servers not use temporary jids for muc and translate between temp jid and my personal jid?
Ge0rGthis is how MIX is going to do it, and it's a huge pile of ~shi~ complexity
Ge0rGSpeaking of spam... https://github.com/JabberSPAM/blacklist just got its first entry.
Licaon_KterGe0rG: just one? I can scroll above and find a dozen, what gives?
MattJLicaon_Kter, a dozen where? You mean mentioned in this MUC?
MattJMaybe you didn't read the content at https://github.com/JabberSPAM/blacklist
Licaon_Kter> my top10 of approximately the last two weeks:
> messages bots domain
> ---------- ---------- ------------------------------------
> 5630 1748 jabber.tcpreset.net
> 3917 1111 otr.chat
> 3318 2776 blackjabber.com
> 2918 2419 jabberes.org
> 2628 571 jabber.crans.org
> 2574 874 jabber.ozerki.net
> 2561 2109 xmpp.re
> 2086 1592 unstable.nl
> 1866 1548 deshalbfrei.org
> 1862 1483 xabber.de
MattJLicaon_Kter, those servers are used by normal users
MattJso if you block them, you can prevent ordinary users from communicating
Licaon_KterAnd you can vouch that otr.chat is not?
Licaon_KterAnyway... A good start :)
MattJEfforts have been made to contact the admin of otr.chat to resolve the spam issue with their server
MattJHave you made any effort to contact the admins of the servers in that list?
Link MauveLicaon_Kter, how are you keeping track of which servers fixed their outgoing spam issues?
edhelasMattJ at one moment you need to end up with those kind of decisions, if your mail server is spamming the whole planet, don't be surprised that your legit users cannot send mails to the other servers
Link MauveI can see some in your list which fixed it, for instance.
Licaon_KterLink Mauve: I'm not...having this issue
Link MauveLicaon_Kter, you are.
Licaon_KterLink Mauve: not my lists, search this MUC history
Link MauveLicaon_Kter, the list you just posted, anyway.
Licaon_Kteri quoted Ge0rG and Neustradamus
Ge0rGedhelas: and some RBLs are notoriously known for listing everybody and not delisting anybody.
Ge0rGI don't want to end up *there*
Ge0rGLicaon_Kter: what's your point?
Ge0rGYou can blacklist all the domains on your private server.
Ge0rGif you run a public server, you need to make a trade-off
Ge0rGif you run a public blacklist that other public server operators should have a good feeling to add, you need to have policies about addition and removal
Ge0rGI've brought down a bunch of spam servers now, by documenting and reporting the abuse.
> I've brought down a bunch of spam servers now, by documenting and reporting the abuse.
NeustradamusLicaon_Kter: I think you have not taken all the list, I have published other too ^^