[Standards-JIG] privacy2 anti-SPIM proto-JEP
stpeter at jabber.org
Mon Aug 29 19:15:35 UTC 2005
Bart van Bragt wrote:
> Peter Saint-Andre wrote:
>> 1. I set my privacy lists to disallow messages from people not in my
>> roster but allow subscription requests. I also tell my server to send a
> IMO this is not desired behavior. I would love to see mail clients that
> use XMPP instead of SMTP but that would be close to impossible if I
> could only send XMPP-mail to people that are in my roster.
> Furthermore I agree with Tijl. The SPIM that I saw on ICQ (years ago)
> was first in the messages but people started blocking messages from
> people not on their contact list. Quickly after that the SPIM arrived in
> the subscription requests.
Sure, the spimmers will always find the weakest link.
I just chatted with Ian Paterson about it over IM (what a concept!) and
now that he has walked me through the reasoning, I think we probably do
need something like his "challenge" action for privacy lists.
Of course, the spimmers will try to find weaknesses in the challenges
too, but that may be harder to do.
It's no fun being in the middle of an arms race. <sigh/>
Jabber Software Foundation
More information about the Standards