[Standards-JIG] privacy2 anti-SPIM proto-JEP

Peter Saint-Andre stpeter at jabber.org
Mon Aug 29 19:15:35 UTC 2005


Bart van Bragt wrote:
> Peter Saint-Andre wrote:
> 
>> 1. I set my privacy lists to disallow messages from people not in my 
>> roster but allow subscription requests. I also tell my server to send a 
> 
> 
> IMO this is not desired behavior. I would love to see mail clients that 
> use XMPP instead of SMTP but that would be close to impossible if I 
> could only send XMPP-mail to people that are in my roster.
> 
> Furthermore I agree with Tijl. The SPIM that I saw on ICQ (years ago) 
> was first in the messages but people started blocking messages from 
> people not on their contact list. Quickly after that the SPIM arrived in 
> the subscription requests.

Sure, the spimmers will always find the weakest link.

I just chatted with Ian Paterson about it over IM (what a concept!) and 
now that he has walked me through the reasoning, I think we probably do 
need something like his "challenge" action for privacy lists.

Of course, the spimmers will try to find weaknesses in the challenges 
too, but that may be harder to do.

It's no fun being in the middle of an arms race. <sigh/>

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml


More information about the Standards mailing list