There’s no anti-spam mechanism in XMPP protocol so there’s limited options one can do to avoid spam.
Protect registration against automated spam account creation.
- disable in-band registration completely
- and create accounts different way
- or enable captcha during registration
- which may not be enough
There’s currently no more servers can do to protect users from receiving spam.
Only option is to block messages from users not in roster. This works pretty well but what matters is implementation:
- use client which can block non-roster users by feature (eg. Psi)
- it’s easy to setup, just one checkbox
- but this blocking will not work for other clients, eg. when using mobile client
- use server-side privacy lists, XEP-0016
Setting privacy lists⚓
Filtering using privacy lists is simple and works seamlessly for all clients.
This howto will describe how to setup privacy lists to block messages from contacts not in roster. Screenshots are from Gajim, but any client supporting XEP-0016 should be able to define these rules in a similar way.
Open Actions -> Advanced -> Edit Privacy Lists
Edit current privacy list (one should already exist), ensure it’s active for this session and active on each startup.
Add rules with order 0 (rules are ordered from lower to higher) for each MUC domain, otherwise group chats will not work
Add deny rule with highest order (eg. 5). Only messages are blocked, subscribe requests are still allowed