[Standards-JIG] privacy2 anti-SPIM proto-JEP

Bart van Bragt jabber at vanbragt.com
Mon Aug 29 20:20:47 UTC 2005


Tijl Houtbeckers wrote:
> 2. Server asseses the probability that the request is SPIM. There can be 
> many ways of doing this, that are left undefined for now, besides the 
> obvious (is it in the roster or whitelisted in the privacy list). These 
> could include looking at the server it came from (is it trusted, does it 
> have a good reputation, is it blacklisted by some etc), looking at who 
> the user is (eg. is the user in the roster of any other users on this 
> server, including in that of users who are in the roster of the target 
> user, user reputation system, etc.), and possible sending a challenge or 
> registration request etc. to sender.

Maybe there's an opportunity here to incorporate the e2e web of trust in 
this? Or use something like http://www.advogato.org/trust-metric.html 
(yes, there it is again. Has been discussed on these lists since 2000 :D).

This way people not on my roster could still send me a message without 
subscribing if they are trusted by my server (of by my web of trust).

BTW regarding email-xmpp and disallowing messages from people not in my 
privacy lists. Is it an idea to differentiate between chats and messages 
in the privacy lists? IMO SPIM is far more annoying/intrusive than SPAM. 
SPAM just accumulates in your inbox, SPIM is something that keeps you 
from your work. So I wouldn't mind blocking IM chats from people not in 
my roster but I would like to keep my messages inbox as open as possible 
(of course I would like to keep my IM traffic as open as possible too).

Something else that popped into my mind. If everyone would block 
messages from other people not in their roster it would be pretty 
difficult to create a function on a website to quickly send a message to 
another Jabber user because you would first need to do the whole 
subscribe thing.

Besides that blocking messages by default just doesn't work at the 
moment because of the RFC requirement of silently dropping messages that 
are matched by a 'deny' rule. This way I have no clue if the recipient 
has blocked me, is too busy, has a crappy connection or just thinks that 
I'm an annoying pest.

Bart




More information about the Standards mailing list