Groupchat Spam

2007-07-18

We need to figure out ways to fight spammers who join Jabber groupchat rooms to disturb the conversation. We just had an interesting discussion about that in the jdev room. I don't have time to post about it more right now, but a XEP might emerge from the discussion. Check it out if you're interested.

UPDATE: I think HMAC-SHA256 is the way to go (we already use it for dialback key generation). Your server hashes a secret of its own with your IP address (and maybe some salt), then hands that out to any other (trusted?) server that asks (rogue servers need not apply). It's stable across sessions and enables other entities to identify you if needed.

UPDATE #2: It seems that cryptopan may be a good approach (HT: isomer). Further research required.


Peter Saint-Andre > Journal