[Standards-JIG] privacy2 anti-SPIM proto-JEP
stpeter at jabber.org
Mon Aug 29 18:54:27 UTC 2005
Tijl Houtbeckers wrote:
> 80% of all SPIM I ever received was in either one of these
> (subscription request or profile information).
Interesting. The only spim I've ever received was through the ICQ
gateway back when I used it (circa 2000). So I don't have enough
first-hand experience of the problem.
Perhaps it would be valuable for us to study real-life spim before we
start jumping to conclusions and designing protocols or changing RFCs.
I've been assuming that spim would come in <message/> stanzas from
people outside my roster (since that is what I experienced through the
ICQ gateway), but your experience is quite different.
> It seems a lot more logical to me that the server, and then the client,
> try to weed out spimmers without bothering the user. When it comes to
> this scenario, it's already too late, so it's pretty much irrelevant to
> talk about this in the context of of trying to prevent spim.
If most spim comes in subscription requests and profiles, then what does
a server need to do in order to identify spimmers? I suppose it could
look for malicious content in vCards / profiles. Not sure how to handle
the subscription requests, though.
Jabber Software Foundation
More information about the Standards