[Standards-JIG] bot-challenge proto-JEP

Ian Paterson ian.paterson at clientside.co.uk
Wed Aug 31 16:46:14 UTC 2005


Sander wrote:
> * The server that the spimmer is brute-force-attaching, can set an
interval: 
> if the question was wrong, it will not allow new answers from 
> that IP(in-band registration)/user(privacy lists) for a while.

Delays do not discourage SPIM. While the SPIM bot is waiting for its ban
to expire, it will be busy sending SPIM to other servers.

A delay would only work if the SPIM-bot was focusing on one user or one
server. Even then, if there is a network of zombies it could simply pass
the task to another zombie on another IP.


> * If an IP generated (used on in-band registration) let's say 
> 1000 question requests (in an hour) because of wrong answers,
> the server can automatically blacklist that IP (for some time).

Yes, that is a good policy. I'll add a note to the proto-JEP.


> > > * The *user* can set his own question and answers.
> >
> > 99% of the users are not going to do this and they are 
> going to stick 
> > with the defaults which is going to make the life of 
> spammers _very_ 
> > easy.
> 
> * If you get much spim, there is a very good motivation to 
> invest some time on it...

I agree with you both. Aunt Tillie might do this, but only if all the
other SPIM prevention methods have failed and she is still plagued with
SPIM.

Perhaps her client could suggest it to her whenever she clicks on the
button that automatically reports an instance of SPIM to both the
servers involved?

- Ian




More information about the Standards mailing list