[Standards-JIG] privacy2 anti-SPIM proto-JEP

Sander Devrieze s.devrieze at pandora.be
Tue Sep 6 11:51:19 CDT 2005


Op maandag 29 augustus 2005 21:58, schreef Tijl Houtbeckers:
<snip>
> By using the techniques discussed in this thread by me and others. My
> prefered model is this.
>
> 1. A subscription request (with potential extentions that could help it)
> arrives at the server.

I also like to receive messages from people not in my roster. (This will be 
also needed when XMPP replaces SMTP as a spam-proof alternative ;-) )

So my idea is this:

1) Introduction
* Receivy is the name of a receiver.
* Sendy is the name of a sender.
* Sendy might be a spimmer, but this is not known.

2) Receivy sets his privacy list (during/after registration).
a. Receivy uses his client that supports the Bot Challenge JEP.
b. Receivy sets for example a question and a set of possible good and wrong 
answers (he also can choose CAPTCHA etc if his server supports that). He sets 
the same question for for all incoming messages from people not in his roster 
(thus including subscription requests).
c. Receivy sets the small time interval between different tryings from the 
sender.
d. Receivy sets the long time interval.
e. Receivy sets the maximum number of tryings before the long time interval is 
enabled.
f. Receivy's server stores this information and generates a secret.

3) A few weeks later Sendy sends Receivy a message or subscription request.
a. Receivy's server looks to Receivy's privacy list and sees the Bot Challenge 
question.
b. Receivy's server looks if there is a secret attached to the subscription 
request or message. This is not the case.
c. Receivy's server drops Sendy's message and sends Receivy the Bot Challenge 
question (including a random set of answers defined by Sendy) from Sendy's 
privacy list.
d. Sendy answers the Bot Challenge question and sends it to Receivy.
e. Receivy's server sees Sendy answered too fast (he couldn't have read the 
question!), it drops the message, and sends the Bot Challenge question (with 
*other* random answers!) to Sendy again.
f. same as d
g. same as e
h. same as d
i. Receivy's server sees Sendy answered too fast, drops the message, and sees 
that the maximum number of tryings is exceeded. The server enables the long 
time interval for Sendy. Receivy's server sends an error to Sendy indication 
that he should try again later (with or without the time?).
j. Sendy tries again before the end of the long time interval.
k. Receivy's server sees Sendy tried again too fast, it drops his message, it 
resets the long time interval, and replies the error to Sendy.
l. Sendy tries sending again after the long time interval.
m. same as a, b, c and d
n. Receivy's server sees Sendy answered the question in a reasonable time and 
compares the message with the good answers in Receivy's privacy list.
o. It was a wrong answer! The server sends the Bot Challenge question (with 
*other* random answers!) to Sendy again.
p. same as d and n
q. It was a good answer! The server sends the secret from Receivy to Sendy.
r. Sendy sends his message again including the secret from Receivy.
s. Receivy's server do not block the message because it sees the secret (and 
compared it with the one in Receivy's privacy list of course).

Remark 1: this long scenario will be normally not used for humans. As a result 
only bots will loose *much* time. Bots should also need much computer 
resources as they should remember to not try to spim a user again before the 
long time interval (otherwise it is reset!) and they should do this for every 
user. They also should remember the previous questions and answers they tried 
(more resources! >:-) ).
Remar 2: bots also should be able to handle CAPTCHA's etc, and that this will 
result in even more resources (I love that! ;-) ).

4) Thoughs:
* Should Sendy's server or client store the secret from Receivy? Maybe it 
should be stored in some special part of his roster or privacy lists?
* What about bad servers that were setted up to get much secrets. Maybe some 
kind of encryption is needed for the secret so that server admins can't set 
up a list of secrets?
* If Receivy starts getting spim, he should block that user. If he gets spim 
from several people and blocking do not help, he should change his Bot 
Challange question (and the secret will change then too). He also can try to 
only change his secret (in case the bots do not cache his question and good 
answers).
* The client of Receivy can advice the user when he gets spim. E.g., "Your Bot 
Challenge question was probably too easy. Try to make it more difficult, add 
more answers, increase the long term interval,..."
* The long term interval also can be some kind of exponentional function. So 
Receivy can set for example to: allow three tryings, then increase the time 
interval to 10 minutes, then increase the time interval to 10^2 minutes, then 
10^3, then 10^4, then block that user and inform my server that this user was 
blocked. The server then automatically can block this user for *everyone*. 
The server also can publish the Jabber ID from this user on a web page, XML 
file,... so that other servers also will know this user.
* Receivy's server can detect if someone is DoS'ing several of his users, and 
automatically block him.

<snip>

-- 
Mvg, Sander Devrieze.

xmpp:sander at devrieze.dyndns.org ( http://jabber.tk/ )



More information about the Standards-JIG mailing list