[Standards-JIG] privacy2 anti-SPIM proto-JEP
Bart van Bragt
jabber at vanbragt.com
Mon Aug 29 21:58:46 UTC 2005
Tomasz Sterna wrote:
> The problem here is that you need to trust the sender's server.
> And the SPIMmer server will gladly lie to you that his bots are good
> net citizens.
Oops, forgot to mention that part. Of course you can't just trust any
server that would be a pretty naive approach. But if vanbragt.com has
had several users from jabber.org in it's database (that have been good
netizens) then it can fairly safely assume that jabber.org is OK. If we
would like to make this a bit more complicated it could ask one of it's
fellow servers (that it trusts because of certification, lots of good
netizens, manually whitelisted, centrally whitelisted, whatever) if they
trust jabber.org This can lower lower the suspicion level and after a
few more tests the server forwards the message to my client.
BTW this 'good netizenship' thingy requires a kind of 'reporting'
facility. IIRC AIM has something like that? You can press a button or
assign a rating to a buddy if you receive spam (or indecent proposals)
from this user. When you press this button (or assign this rating) you
can either store this rating on your 'own' server (vanbragt.com in this
case), you can store it on the originating server (jabber.org) but you
can also accumulate these scores centrally or in some kind of
distributed network thingy. This way spammers have to be _really_ quick
if they want to send out spam. Their servers will get banned almost
instantly (if they managed to create a server that was trusted at all by
the existing servers).
Anyway. All this fits in nicely in the 'suspicion level' proposal.
More information about the Standards