XMPP Jabber

Instant Messaging  Federated XMPP server on jabber.tcpreset.net. End-to-end encrypted via OMEMO. Messages are ciphertext on the wire and at rest.

Federation: how it works

XMPP (Extensible Messaging and Presence Protocol) is an open standard defined by a series of RFCs and XEPs maintained by the XMPP Standards Foundation. The protocol is federated in the same way email is: an account on jabber.tcpreset.net can exchange messages with an account on any other XMPP server on the internet, regardless of who operates it or what software it runs.

This matters because it means the network has no owner. There is no company that controls who can participate, no terms of service that can revoke interoperability, and no single point of failure. Running your own server is a first-class option, not a workaround.

Federation is handled over server-to-server (S2S) connections on port 5269 with STARTTLS mandatory. The certificate on jabber.tcpreset.net is issued by Let's Encrypt. Peer identity is verified exclusively via SASL EXTERNAL — the peer's certificate is checked against a trusted CA during the TLS handshake. Servers without a valid signed certificate cannot federate with us.

The practical result is that you can register an account here and reach the broader XMPP network — millions of users across thousands of servers — without routing your traffic through any commercial messaging platform.

Connection details

Client connections (C2S)

Server: jabber.tcpreset.net
Port: 5222 with STARTTLS (required)
Port: 5223 direct TLS (legacy clients)
Certificate: Let's Encrypt, auto-renewed.
SRV records are set — most clients will discover the server automatically.

Server-to-server (S2S)

Port: 5269 with STARTTLS (required)
Authentication: SASL EXTERNAL only. Peers must present a valid, CA-signed certificate. Dialback (XEP-0220) is not accepted.

Server info

Full service details and certificate fingerprints are at jabber.tcpreset.net.

Spam taken seriously

Open federation is only useful if the server stays clean. We apply multiple independent layers of spam control so you can communicate without noise.

  • Real-time blocklistxmppbl.org RTBL active. Known spam JIDs are blocked before they reach your client.
  • JabberSPAM community blacklist — federation with servers on the community-maintained JabberSPAM blocklist is denied at the S2S layer.
  • Strangers blocked by default — messages from contacts not on your roster are held pending approval. Unsolicited messages from unknown JIDs do not reach your inbox.
  • S2S requires valid TLS certificates — federated servers must present a CA-signed certificate. Anonymous or self-signed S2S connections are rejected.
  • Rate limiting on all inbound traffic — connection and message rates are throttled at the server level to prevent flooding and brute-force attempts.
  • Pattern-based spam filtering — message content is matched against known spam patterns. Matching messages are dropped before delivery.
Visit jabber.tcpreset.net →