Google Talk

I’m sure everyone who is interested has already heard about and probably even tried Google Talk. I really like the simple interface they have chosen; it is somewhat similar to my Jabber client of choice, Gossip.

What is most interesting about Google Talk is the use of XMPP/Jabber.

There has been much discussion on why Google Talk cannot speak to the rest of the Jabber world. A couple of common answers to this question are: Google just hasn’t gotten around to implementing the server to server features of Jabber yet and Google is worried about IM spam (spim).

I hadn’t really thought about the spim aspect of the problem until I stumbled on a thread on the jadmin mailing list.

Google Talk federation policy proposal

Automatic registration is a feature of many Jabber servers which allows a user to create a Jabber account on the server. Relating this to the email system, automatic registration would be like email servers all over the Internet allowing you to create an account on the server without any other type of authentication. This would be a spammers heaven.

On first glance, the fact that a lot of Jabber servers allow automatic registration appears to be a real problem for a large scale Jabber/XMPP network. However, I’m not so sure the same spam problems that plague email will necessarily effect the Jabber IM network.

A major problem in the war against email spam is that users expect to be able to receive email from people they have never been in contact with before. Since we expect to receive email from random people who have legitimate reasons to contact us it is very hard to block email from people who do not have legitimate reasons.

IM is used in a very different way from email, it is much more personal. Most people using IM clients do not expect, or want, messages from people they do not already have some relationship with. Part of this is the informal nature of IM and part is privacy based. IM clients give out information such as whether or not you are currently using the computer. Most IM users don’t want this to be general knowledge.

In the Jabber world the list of people you communicate with form your roster. By adding someone to your Jabber roster you are essentially saying “I trust you”. If you trust a particular person with your current status and the ability to interrupt your work at their own discretion you also trust them to not send you spim. If that trust is violated the offending contact can simply be removed from your roster.

Fortunately, the authors of the XMPP IM RFC have already thought about this. XMPP has server side privacy lists. This makes it possible to order your Jabber server to not send any Jabber data to your client if the sender is not on your roster. Of course this excludes requests to be added to your roster.

If blocking all communication with people who are not already on your roster is the default for all Jabber clients, what opportunity does this leave spimmers?

Leave a comment

Your email address will not be published. Required fields are marked *