[Standards-JIG] SPAM Filtering JEP

Peter Saint-Andre stpeter at jabber.org
Thu Apr 15 22:39:27 UTC 2004


+1 on JEP-0076. ;-)

There's a wiki discussion here:

http://www.jabber.org/wiki/index.php/spim

Some other quick thoughts....

The only spam bots I am aware of the Jabber network have been using
Jabber as a way to send spam to the consumer IM services (e.g., a 
spambot that sent messages only to Yahoo users).

I agree that rogue servers are probably more of a problem than rogue
user accounts. Improved s2s communication (SASL/TLS) and perhaps more of
an opt-in network or directory of known bad domains might help.

I'm interested in what x-virge means by a trust metric (see wiki page).
Would that apply to users or servers or both?

Obviously, getting servers and clients to implement the privacy lists
protocol is of major importance.

BTW, I think the diverse client base helps us guard against worm-like 
attacks. We don't have a client monoculture here, which is a big part 
of the problem in the email world. Plus the pure XML basis of XMPP (and
the lack of MIME-style attachments) helps protect against buffer
overflows and such. So the point of spam over Jabber would most likely
be to try to get the user to click some links rather than accept some
kind of malicious content. This somewhat breaks the unholy alliance
that seems to have formed between virus writers and spammers.

In sum, we have not really seen spam on the Jabber network yet (unless 
you count all those messages I receive from newbies), but it's good 
for us to think ahead and not get complacent.

/psa

On Thu, Apr 15, 2004 at 01:55:25PM -0600, Joe Hildebrand wrote:
> Check out JEP 76: http://www.jabber.org/jeps/jep-0076.html
> 
> More seriously, we also have privacy lists:
> http://www.jabber.org/ietf/draft-ietf-xmpp-im-22.html#privacy
> 
> which should probably be integrated in, in some way.
> 
> -- 
> Joe Hildebrand
> 
>  
> 
> > -----Original Message-----
> > From: Mark Derricutt [mailto:mark at talios.com] 
> > Sent: Wednesday, April 14, 2004 2:57 AM
> > To: standards-jig at jabber.org
> > Subject: [Standards-JIG] SPAM Filtering JEP
> > 
> > 'lo all, this is just a short note to intro myself and 
> > mention a JEP proposal I'm starting ( hopefully I'll have 
> > something fleshed out enough to post to the list as an early 
> > early draft soon ).
> > 
> > Anyway, who am I?  I'm Mark Derricutt, 29, developer/coder 
> > geek living in Auckland New Zealand, currently doing Java 
> > based SMS messaging systems, and advocating Jabber as much as 
> > can whereever I go.
> > 
> > So whats the JEP I'm formulating in my head?  SPAM / SPAM Filtering.
> > 
> > I've not seen spam much on Jabber myself, but had ALOT of it 
> > on ICQ years ago, and recently a series of articles have been 
> > published talking on the rise of IM based spam, which got me 
> > thinking...
> > 
> > So far I'm touching any XML messaging details such as <x> 
> > element here or there untill I've got a more clearer idea of 
> > what I actually think should be doable.
> > 
> > The basics so far for a first step:
> > 
> >   - a standard way for a client to be told that an IM may be spam
> >   - a standard way for a client to tell a server that an IM 
> > was/was not spam
> > 
> > Is there an interest in this JEP out there?
> > 
> > Mark
> > 
> > 
> > 
> > 
> > --
> > Always code as if the guy who ends up maintaining your code 
> > will be a violent psychopath who knows where you live.
> > 
> > Mark Derricutt   ---   mark@ talios.com   ---   http://www.talios.com
> > 



More information about the Standards mailing list