[Standards-JIG] privacy2 anti-SPIM proto-JEP
Bart van Bragt
jabber at vanbragt.com
Tue Aug 30 20:06:46 UTC 2005
Peter Saint-Andre wrote:
> Thinking about this some more, I realize that it is possible to define
> the challenge stuff without changing RFC 3921 except to modify the MUST
I think the challenge concept is going to be very effective but I also
see some drawbacks.
For one is that we're bothering the user with a problem of the system,
the (sending) users has to do more effort so we can detriment spammers.
Another reason is the fact that this measure isn't going to make the
Jabber network more spammer resilient, we're only blocking spam on
servers that implement this system. Google (which has spurred the sudden
development of anti-spam proposals) isn't really helped with a
challenge/response system. They don't need the JSF for that, they can
implement this on their own if they want. They'll need no help
whatsoever from the rest of the Jabber network if they want to reduce
spam in this way.
Systems like this already exist in the email world and aren't exactly
popular (try a Google search on 'challenge response email spam', I have
to admit that quite a few of the problems with these systems are not
valid if the system is implemented on XMPP).
It's annoying when you want to add some kind of bot.
It doesn't work (well) with blind people and not all clients can show
Text challenges can be confusing and they have severe l18n issues.
Most of this comes down to the fact that these systems are just not
The proposal does have some strong advantages. It's fairly simple to
implement (working out the little implementation details will be quite a
task though). It could work with clients that don't support the JEP and
it's probably fairly effective against SPIM (about as effective as the
used CAPTCHA is).
All in all I like the idea but only as a last resort. IMO we don't have
to use this kind of heavyweight tactics on an XMPP network. I can
understand that people are using it as a last resort on SMTP but IMO we
have other (better) options available. Besides that I don't have the
idea that we need to design and implement an anti-SPIM system in 2 weeks
time to please Google. Please, let's think this through properly and see
what other options we have available before closing down the XMPP
network in such a rigorous way.
More information about the Standards