[Standards-JIG] SPAM Filtering JEP
thomas at thomasbarker.com
Wed Apr 14 12:17:24 UTC 2004
That is true. The spammer would pretty much have to control the user's PC -
and then trickle the messages out without being spotted. Far harder than
I suppose its something more of a worry for me, since my app might become
unusable quite quickly if there are a lot of fake messages floating around.
You could insert things like "yes, mr spam's house of fish is a great fish
shop". But that's a whole new set of problems.
----- Original Message -----
>From: "Richard Dobson" <richard at dobson-i.net>
To: "Jabber protocol discussion list" <standards-jig at jabber.org>
Sent: Wednesday, April 14, 2004 12:52 PM
Subject: Re: [Standards-JIG] SPAM Filtering JEP
> > I think your both right, and I agree that Jabber spam is easier to trace
> > than email. But I think the biggest problem with spam is likely to come
> > from spam zombies. When Jabber becomes popular, it will have many
> > of clients running on insecure machines.
> I would think it would be unlikely that this scenario would happen, as the
> trojan that gets onto the users pc would have to discover the users jabber
> server and username and password from the computer to be able to disguse
> spam traffic as legitimate, and if clients use encryption to protect the
> users jabber login details then it will be very hard to trojans to get
> of this info.
> > That's going to be hard to stop because of message volume that
> > jabber accounts can have. A small business might have a Jabber account
> > sends out payment notifications, etc. It wouldn't be hard to sneak out
> > with all of that traffic.
> I expect if a trojan did manage to login as the user that the user could
> notice it as either they would keep getting logged off when the trojan
> logged in as them or an unfamiliar resource will appear as logged in at
> same time, overall a very unlikely scenario IMO.
> > Having a Baysian filter that tagged spam might be quite useful as a
> > rogue or zombie clients. Each message could be run through a set of
> > filters, the filters would append a spam flag.
> > Something like ...
> > < spam namespace="jabber:x:spam:flag" probability=0.5 / >
> > The number of flagged messages for each account could be added-up. The
> > admins could then deal with potential problem accounts. The RBL could
> > as a check on servers where the admins had failed to deal with clients
> > sending spam.
> Yup spam content processing is an option, but another way of determining
> automatically if an account is likely being used for spamming is
> how often a user is reaching the karma limit set on a public server, if
> reach it lots then they should get automatically blocked from connecting
> a certain period of time or simply completely blocked until an admin
> re-enables their account.
> > Server blacklisting can't work on its own if we have clients going bad.
> > Some public server have thousands of legitimate accounts, and it would
> > very blunt instrument to just blacklist the whole server.
> True but it will give the admins a good kick up the behind to get them to
> sort out their server, there are ways of limiting the amount of spam
> accounts that get created on public servers, also spam shouldnt be too
> of a problem as karma can slow it right down on client connections. I
> think server blacklisting would be mainly used for blacklisting rogue
> servers that have been setup specifically to send out spam, and for
> where there is massive amounts of spam originating from it compared to
> legitimate traffic.
> Standards-JIG mailing list
> Standards-JIG at jabber.org
More information about the Standards