[Standards-JIG] anti-spim techniques

Bart van Bragt jabber at vanbragt.com
Mon Aug 29 12:06:25 UTC 2005

Tomasz Sterna wrote:
> Oh. How reliable is a zombie machine?
> It's usable for putting UBE to as many mailboxes as it can, but for
> keeping them available for download? With the client/ISP firewalls on
> the way? I don't really think so.
True (as long as the zombie machine is used as an XMPP server). But 
http://cr.yp.to/im2000.html is nice as a mental exercise but it's very 
incompatible with how XMPP works and it's design philosophy.

Besides that I don't agree with the statement that storing mail at the 
sender is going to cause a huge burden for the sender. All the spammer 
has to do is send LOT of 'you have mail waiting' announcements messages. 
When someone wants to pick up his/her message you just generate it on 
the fly, send it to the recipient and don't even store it. Just generate 
it again if the user requests the message again.

> And think of the administrative burden of keeping a DNS A record for
> every zombie you have in the network (as soon as we change the "SHOULD
> be a fully qualified domain name" in RFC3920 3.2 to a requirement and
> remove the MAY).
Lots of ISPs already took care of that. Most broadband connections have 
some kind of A record (most of the time something like 
a81-94-45-123.provider.com ).


More information about the Standards mailing list