[Standards-JIG] privacy2 anti-SPIM proto-JEP

Bart van Bragt jabber at vanbragt.com
Mon Aug 29 21:58:46 UTC 2005


Tomasz Sterna wrote:
> The problem here is that you need to trust the sender's server.
> And the SPIMmer server will gladly lie to you that his bots are good
> net citizens.
Oops, forgot to mention that part. Of course you can't just trust any 
server that would be a pretty naive approach. But if vanbragt.com has 
had several users from jabber.org in it's database (that have been good 
netizens) then it can fairly safely assume that jabber.org is OK. If we 
would like to make this a bit more complicated it could ask one of it's 
fellow servers (that it trusts because of certification, lots of good 
netizens, manually whitelisted, centrally whitelisted, whatever) if they 
trust jabber.org This can lower lower the suspicion level and after a 
few more tests the server forwards the message to my client.

BTW this 'good netizenship' thingy requires a kind of 'reporting' 
facility. IIRC AIM has something like that? You can press a button or 
assign a rating to a buddy if you receive spam (or indecent proposals) 
from this user. When you press this button (or assign this rating) you 
can either store this rating on your 'own' server (vanbragt.com in this 
case), you can store it on the originating server (jabber.org) but you 
can also accumulate these scores centrally or in some kind of 
distributed network thingy. This way spammers have to be _really_ quick 
if they want to send out spam. Their servers will get banned almost 
instantly (if they managed to create a server that was trusted at all by 
the existing servers).

Anyway. All this fits in nicely in the 'suspicion level' proposal.

Bart



More information about the Standards mailing list