[Standards-JIG] privacy2 anti-SPIM proto-JEP

Bart van Bragt jabber at vanbragt.com
Mon Aug 29 19:55:08 UTC 2005


Peter Saint-Andre wrote:
> I just chatted with Ian Paterson about it over IM (what a concept!) and 
> now that he has walked me through the reasoning, I think we probably do 
> need something like his "challenge" action for privacy lists.
About this challenge system; what if I have a very useful service of 
XMPP that happens to be automated (i.e. a legitimate bot). Asking users 
to manually add my bot to their privacy (white)list doesn't sound very 
appealing to me.

There is quite a bit of info about SPIM on 
www.instantmessagingplanet.com Most of it is corporate blabla but maybe 
we could ask companies like Akonix, FaceTime and IM Logic if they have 
idea's as to how we can make the XMPP world a better place. Not sure if 
they want to help in putting them out of business though :)

Doesn't anyone here have connections with some of the (email) spam 
fighters out there? They should know how the average spammer thinks and 
what they are capable of (and if raising the costs of sending spam a bit 
will really stop them or slow them down).

One big advantage that we have is that we don't have a homogeneous 
network with 95% of the users using the same client. Lots of SPIM on the 
other networks is sent by worms that send their spam (+worm) to everyone 
in your contactlist (and that appears to come from one of your buddies). 
The chances of a worm propagating really quickly are smaller on the 
Jabber network.

> It's no fun being in the middle of an arms race. <sigh/>
I know. Check this out:
http://sam.zoy.org/pwntcha/

Bart



More information about the Standards mailing list