yaxim

yet another XMPP instant messenger

Spam Reduction on yax.im

| Comments

Jabber spam has become a huge problem over the last one or two years. Spammers register thousands of accounts on hundreds of public servers, and then send masses of messages to real and guessed Jabber addresses. The yax.im server operators are committed to fighting XMPP spam and helping others do so as well. In the last two weeks, yax.im automatically blocked 46996 messages from 14293 different accounts registered on 282 different servers.

Measures

Many public servers have adopted a policy to silently block messages from strangers. This is problematic for two reasons: First, it breaks the expectation of communication - you can’t just send a message to somebody, you first need to ask them to become you friend (and to see their online status). Second, it is not apparent to you when you send a message - you don’t receive a response, and not even an error message. You can only guess whether the message got delivered or not.

The yax.im server is using a custom mod_firewall rule-set to detect and reject spam messages, both from and to accounts on yax.im. If you send a message that does not pass the spam filter, you will receive an error message (“Blocked due to abuse”).

The filter will flag certain automatic messages (like server monitoring notifications) as spam. If you are running a bot on yax.im, please ensure that all users who want to receive such notifications add the bot as their contact.

Furthermore, accounts registered on yax.im for the purpose of sending spam will be terminated immediately, and all accounts registered from the same IP address will be flagged and reviewed.

The rule-set is updated periodically to reflect changes in the spam transmissions. Feel free to contact the server operators to learn more.

Advice to Public Server Operators

If you run a server with public registration, please consider this advice: Don’t do it!

Seriously, running a public server is a time-consuming job, and if you don’t take the time to monitor and disable spammer accounts, you quickly become a liability for the whole XMPP ecosystem by annoying thousands of users (on other servers). It is perfectly fine to run a server for your friends and family, and to invite them individually.

If you insist on running a public server, please take the following measures:

  • Limit and monitor In-Band-Registration
  • Protect account registration with a CAPTCHA, phone number validation or other means that are hard to cheat
  • Throttle the number of messages you accept from local users, especially to non-contacts
  • Provide XEP-0157: Contact Addresses for XMPP Services so that other admins can contact you

Thank you for observing all safety precautions.

Comments