[Standards-JIG] SPIM reporting proposal

Ian Paterson ian.paterson at clientside.co.uk
Wed Sep 28 18:29:21 CDT 2005


This is very good for "a rough first draft" :-)

1. I'm not convinced the SPIM reporter really needs to receive a
confirmation that the report was processed. Using <message/> instead of
<iq/> would halve the number of stanzas involved. This could be very
important. Otherwise during an attack there would be more more SPIM
reporting than SPIM stanzas circulating.

2. Does reporting a spimmer allow a whole (zombie) server (or domain) to
be reported (not just a single account)? (The easiest way to send SPIM
is via infinite virtual accounts on zombie servers.) Perhaps we also
need server IP (or IP range) reporting too? (If DNS is poisoned then
each zombie might end up with an enourmous number of domains.)

- Ian




More information about the Standards-JIG mailing list