R: R: R: [jdev] about spim techniques

[Sander Devrieze]

Op zondag 28 augustus 2005 22:04, schreef Peter Saint-Andre:
> Ian Paterson wrote:
> >>(I should be able to specify the error  message that's
> >>returned to you when your message to me is blocked
> >>because you're not in my roster -- at this point we have
> >>something like a challenge-response system
> >
> > Yes. IMHO this will be one of the most important anti-SPIM techniques
> > (along with the others discussed earlier - regarding registration, s2s,
> > etc...).
> >
> > So you see my server generating the challenge and validating the
> > response? I think you're right. (I had been assuming it would be my
> > client!)
> >
> > I think servers should operate the same rules for subscription requests
> > and messages. i.e. I shouldn't even see the subscription request until
> > the other user has passed my server's Bot-Proof Challenge.
>
> I don't think it's my server or my client that does this -- it's me. Who
> better to figure out if the other person is human than me? I don't think
> that automated bot-detection methods (client-based or server-based) are
> nearly as effective as human-to-human communication.

One of the things I suggested is that the user can set a question (extenstion 
for Privacy Lists?) that is asked before a user can send a subscription 
request, send a message (we don't want to add everybody, who wants to contact 
us, to our roster),... Of course people can change these questions if they 
want. Possible questions are (see also other post of me to this list):
* Question for subscription requests: "What is the name of my dog?"<-- if you 
want only people knowing the answer to send a subscription request (you still 
can add people not knowing the answer yourself)
* Multiple-choice question for every message: "What are you sending to me now? 
spim, a message, some beer, a pigeon"

<snip>

-- 
Mvg, Sander Devrieze.

xmpp:sander at devrieze.dyndns.org ( http://jabber.tk/ )