[Standards-JIG] SPAM Filtering JEP

Thomas Barker thomas at thomasbarker.com
Wed Apr 14 12:17:24 UTC 2004


That is true.  The spammer would pretty much have to control the user's PC -
and then trickle the messages out without being spotted.  Far harder than
SMTP spam.

I suppose its something more of a worry for me, since my app might become
unusable quite quickly if there are a lot of fake messages floating around.
You could insert things like "yes, mr spam's house of fish is a great fish
shop".  But that's a whole new set of problems.

Tom


----- Original Message -----
>From: "Richard Dobson" <richard at dobson-i.net>
To: "Jabber protocol discussion list" <standards-jig at jabber.org>
Sent: Wednesday, April 14, 2004 12:52 PM
Subject: Re: [Standards-JIG] SPAM Filtering JEP


> > I think your both right, and I agree that Jabber spam is easier to trace
> > than email.  But I think the biggest problem with spam is likely to come
> > from spam zombies.  When Jabber becomes popular, it will have many
> thousands
> > of clients running on insecure machines.
>
> I would think it would be unlikely that this scenario would happen, as the
> trojan that gets onto the users pc would have to discover the users jabber
> server and username and password from the computer to be able to disguse
the
> spam traffic as legitimate, and if clients use encryption to protect the
> users jabber login details then it will be very hard to trojans to get
hold
> of this info.
>
> > That's going to be hard to stop because of message volume that
legitimate
> > jabber accounts can have.  A small business might have a Jabber account
> that
> > sends out payment notifications, etc.  It wouldn't be hard to sneak out
> spam
> > with all of that traffic.
>
> I expect if a trojan did manage to login as the user that the user could
> notice it as either they would keep getting logged off when the trojan
> logged in as them or an unfamiliar resource will appear as logged in at
the
> same time, overall a very unlikely scenario IMO.
>
> > Having a Baysian filter that tagged spam might be quite useful as a
check
> on
> > rogue or zombie clients.  Each message could be run through a set of
> > filters, the filters would append a spam flag.
> >
> > Something like ...
> > < spam namespace="jabber:x:spam:flag" probability=0.5 / >
> >
> > The number of flagged messages for each account could be added-up.  The
> > admins could then deal with potential problem accounts.  The RBL could
act
> > as a check on servers where the admins had failed to deal with clients
> > sending spam.
>
> Yup spam content processing is an option, but another way of determining
> automatically if an account is likely being used for spamming is
monitoring
> how often a user is reaching the karma limit set on a public server, if
they
> reach it lots then they should get automatically blocked from connecting
for
> a certain period of time or simply completely blocked until an admin
> re-enables their account.
>
> > Server blacklisting can't work on its own if we have clients going bad.
> > Some public server have thousands of legitimate accounts, and it would
be
> a
> > very blunt instrument to just blacklist the whole server.
>
> True but it will give the admins a good kick up the behind to get them to
> sort out their server, there are ways of limiting the amount of spam
> accounts that get created on public servers, also spam shouldnt be too
much
> of a problem as karma can slow it right down on client connections. I
would
> think server blacklisting would be mainly used for blacklisting rogue
> servers that have been setup specifically to send out spam, and for
servers
> where there is massive amounts of spam originating from it compared to
> legitimate traffic.
>
> Richard
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> https://jabberstudio.org/mailman/listinfo/standards-jig




More information about the Standards mailing list