In my experience, the standard behaviour for chat systems is to filter messages from people you don't know/have not accepted yet. This is not a perfect solution, but I think it reduces unwanted messages/spam, identity theft, etc...
I believe (but can be wrong) that a good way to achieve this with XMPP is to set up every new account with a default privacy list such as :
<list>
<item action="deny" order="100" type="subscription" value="none">
<message/>
</item>
</list>
This way, advanced users (company accounts or whatnot) can still disable or enrich this policy as needed.
Unfortunately, I've not found any way to set up Openfire to do that upon registration. Unless there's a better way, I will add this feature to the "Registration" plugin, with 3 settings : one to enable the feature, a String containing the name of the list, and another containing the XML of the list itself.
Is there any better way to achieve this ? Do you think such changes are likely to make it to the released packages (in which case I'll prepare a pull-request) ?
Thanks in advance
EDIT : Branch is here. Pull request is here.
EDIT2 : XML more close to what's used in actual implementation