Some days ago, we have rolled out a new anti-spam measure on our public XMPP server. Accounts registered from a malware infected computer or through an open proxy (unfortunately this also includes Tor exit nodes) are flagged by default and need a manual approval from the server admins to become fully usable.
Registrations on the server already were limited to a small number of new accounts per IP address per hour, to prevent large amounts of automated registrations. However, spammers circumvented that for some time already by using open proxy servers on the Internet to create thousands of accounts.
Starting last week, we are putting accounts that use open proxy servers into quarantine, where they are limited to contacting the server support and to kindly ask to be unblocked. Users affected by the quarantine will receive a message with a link to the support chat as well as a link explaining why their IP address was blocked:
Trying to contact anyone else will result in errors shown to the user:
Behind the scenes, we are using a Real time Blackhole List to identify accounts for the quarantine, based on this prosody setup. We are aware that it will affect legitimate anonymisation proxy users, and we are very sorry about that. There might be only a dozen of actual for-hire spammers on XMPP, but their impact on our ecosystem is staggering.
As the server is operated by volunteers, we do not have a 24/7 support team, so please be patient when requesting an unblocking.