[Standards-JIG] privacy2 anti-SPIM proto-JEP

Peter Saint-Andre stpeter at jabber.org
Mon Aug 29 18:54:27 UTC 2005

Tijl Houtbeckers wrote:

> About 
> 80%  of all SPIM I ever received was in either one of these 
> (subscription  request or profile information).

Interesting. The only spim I've ever received was through the ICQ 
gateway back when I used it (circa 2000). So I don't have enough 
first-hand experience of the problem.

Perhaps it would be valuable for us to study real-life spim before we 
start jumping to conclusions and designing protocols or changing RFCs. 
I've been assuming that spim would come in <message/> stanzas from 
people outside my roster (since that is what I experienced through the 
ICQ gateway), but your experience is quite different.

> It seems a lot more logical to me that the server, and then the client,  
> try to weed out spimmers without bothering the user. When it comes to 
> this  scenario, it's already too late, so it's pretty much irrelevant to 
> talk  about this in the context of of trying to prevent spim.

If most spim comes in subscription requests and profiles, then what does 
  a server need to do in order to identify spimmers? I suppose it could 
look for malicious content in vCards / profiles. Not sure how to handle 
the subscription requests, though.


Peter Saint-Andre
Jabber Software Foundation

More information about the Standards mailing list