[Juser] Why there's no spam

Peter Saint-Andre stpeter at jabber.org
Tue Sep 5 15:24:23 CDT 2006


Zenon Kuder jr. wrote:
> Hi there... I have read Peter's blogpost "No spam or viruses here" some time 
> ago.
> http://www.saint-andre.com/blog/2006-01.html#2006-01-10T12:29
> 
> But today one Jabber newbie told me he thinks Jabber is ideal place for spam - 
> he can have plenty of accounts on different servers so he cannot be blocked 
> via privacy lists nor via blocking IP on some server...

Most server deployments have "karma" limits, i.e., rate limiting. So to
send high volumes of spam you would need a lot of accounts on a lott of
different servers. And you can't easily just run a rogue server, since
you would quickly be discovered (hey, all the spam is coming from
spim.example.com). Plus, many Jabber clients can be configured to
discard or reject messages from people who are not in your roster. So
clients would need to send subscription request spam, not message spam.

Also, what kind of spam would you send? Just plain text? Or maybe plain
text with a link? Or XHTML-IM (JEP-0071) formatted messages? Many
clients don't support XHTML-IM so it is relatively difficult to send the
kind of phishing links that exist in HTML email (the client ecosystem is
much more diverse in Jabber than email). And you can't send XHTML-IM
formatting in subscription requests, so that reduces your possibilities
further.

And don't forget that in Jabber/XMPP we don't enable you to attach a
file to a message (cf. MIME email), so the unholy alliance between
spammers and virus writers (so common in the email world) will probably
not arise in the Jabber world.

> The problem was I couldn't find anything to prove him he's not right... Have I 
> overlooked something?

You can't prove a negative. But we have someting of an existence proof,
since we do we not have spam on the Jabber network now. If it were so
easy, you figure we'd have some spam by now. I'm not saying that we will
never have a problem with spam over Jabber. But give that I have never
received a spam message over Jabber in the almost 7 years I've been on
the network, I'm not particularly worried. And if the problem does
arise, we will implement the JEPs we've written to address the problem
(158, 159, 161).

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20060905/c70e655e/attachment-0001.bin>


More information about the JUser mailing list