One of the big problems with XMPP security was testing the server's connection. It's worth pointing out that much of this move has been supported by @xnyhps project: xmpp.net. This lets you stick in an XMPP enabled site and see the results. For example: Google - https://xmpp.net/result.php?domain=gmail.com&type=server (nothing) and prosody.im: https://xmpp.net/result.php?domain=prosody.im&type=server