[Standards-JIG] privacy2 anti-SPIM proto-JEP
Bart van Bragt
jabber at vanbragt.com
Mon Aug 29 20:20:47 UTC 2005
Tijl Houtbeckers wrote:
> 2. Server asseses the probability that the request is SPIM. There can be
> many ways of doing this, that are left undefined for now, besides the
> obvious (is it in the roster or whitelisted in the privacy list). These
> could include looking at the server it came from (is it trusted, does it
> have a good reputation, is it blacklisted by some etc), looking at who
> the user is (eg. is the user in the roster of any other users on this
> server, including in that of users who are in the roster of the target
> user, user reputation system, etc.), and possible sending a challenge or
> registration request etc. to sender.
Maybe there's an opportunity here to incorporate the e2e web of trust in
this? Or use something like http://www.advogato.org/trust-metric.html
(yes, there it is again. Has been discussed on these lists since 2000 :D).
This way people not on my roster could still send me a message without
subscribing if they are trusted by my server (of by my web of trust).
BTW regarding email-xmpp and disallowing messages from people not in my
privacy lists. Is it an idea to differentiate between chats and messages
in the privacy lists? IMO SPIM is far more annoying/intrusive than SPAM.
SPAM just accumulates in your inbox, SPIM is something that keeps you
from your work. So I wouldn't mind blocking IM chats from people not in
my roster but I would like to keep my messages inbox as open as possible
(of course I would like to keep my IM traffic as open as possible too).
Something else that popped into my mind. If everyone would block
messages from other people not in their roster it would be pretty
difficult to create a function on a website to quickly send a message to
another Jabber user because you would first need to do the whole
Besides that blocking messages by default just doesn't work at the
moment because of the RFC requirement of silently dropping messages that
are matched by a 'deny' rule. This way I have no clue if the recipient
has blocked me, is too busy, has a crappy connection or just thinks that
I'm an annoying pest.
More information about the Standards