[Standards-JIG] SPIM reporting proposal

Ian Paterson ian.paterson at clientside.co.uk
Wed Sep 28 23:29:21 UTC 2005

This is very good for "a rough first draft" :-)

1. I'm not convinced the SPIM reporter really needs to receive a
confirmation that the report was processed. Using <message/> instead of
<iq/> would halve the number of stanzas involved. This could be very
important. Otherwise during an attack there would be more more SPIM
reporting than SPIM stanzas circulating.

2. Does reporting a spimmer allow a whole (zombie) server (or domain) to
be reported (not just a single account)? (The easiest way to send SPIM
is via infinite virtual accounts on zombie servers.) Perhaps we also
need server IP (or IP range) reporting too? (If DNS is poisoned then
each zombie might end up with an enourmous number of domains.)

- Ian

More information about the Standards mailing list