[Standards-JIG] Contact address for abuse

Jacek Konieczny jajcus at jajcus.net
Thu Aug 25 19:53:58 UTC 2005


I have been thinking about that for some time, but now, when google is
afraid of SPIM, I finally decided to write about it.

SMTP specification defines a "postmaster" address for contact with the
server administrator, DNS specification provides a place in DNS zone
metadata (SOA record) for a contact address. And we have XMPP and XMPP
specification gives no hints how to contact a server administrator or
abuse team. This is very wrong, especially for one who wants to open his
server to other servers. XMPP is better then SMTP, because it is much
harder to fake XMPP sender domain than SMTP domain. And that means, that
an abuse address corresponding to the sender JID domain will usually be
the right one (no need to trace IP addresses).

There is the RFC2142, which defines most of the "well known" addresses,
including the generic "abuse at domain", which is usefull for XMPP. But
these are e-mail addresses, and e-mail is not necessarily the best way
Jabber server admins would like to be contacted.

IMHO at least equivalent of postmaster/abuse address should be defined
in XMPP specs. It isn't but that doesn't mean we cannot agree on such
address and use it before the next XMPP RFC version. The sooner (before
large providers set up their own, different procedures) the better. I
guess it may be useful to make contact information discoverable, so here
is my proposition:

Write a JEP describing protocol for abuse and administrator contact
discovery. It should be a _simple_, disco-based or dataforms-based
protocol. The protocol would provide not only contact JID, but other
contact URIs (eg. mailto: and http:) as well. And the JEP should also
define one, default address, that will be later included in the XMPP

Or maybe the one, well known address is enough?

The default address could be just the JID of the server, or JID with
some well-known node part ("abuse").


More information about the Standards mailing list