Updated to reflect move of privacy rules to XEP-0016; modified provisional namespaces to adhere to XMPP Registrar policies; completed editorial review.
Added reference to Server-Based Privacy Rules.
Initial published version.
First draft.
The appearance of large public IM services based on XMPP Core
Spim blocking is more efficiently performed on the receiving server for several reasons:
However, no automated spim recognition techniques work perfectly all the time. This document is designed to give users control over the spim recognition their servers perform on their behalf.
Clients should be able to:
The stanza blocking protocol defined in XEP-0016 enables a client to control explicitly which senders its server must block stanzas from. Such explicit blocking is suitable for privacy control, but not for filtering spim.
This document contradicts an assumption expressed in the standard blocking protocol in order to extend client control to spim blocking. More specifically, it simply defines a spim recognition privacy-list fall-through action that is different from the 'allow' default assumed in XEP-0016.
The various spim recognition procedures that may be employed by the server are beyond the scope of this document. No single measure can differentiate all spim perfectly. It is RECOMMENDED that servers implement a combination of complementary spim recognition techniques (and other anti-spim techniques
For example, a server could employ traffic and reputation analysis to filter the majority of spim, and use CAPTCHA Forms to identify the remainder (feeding what it learns back to the traffic and reputation analysis).
A client MAY confirm that its server supports Spim-Blocking Control using Service Discovery (XEP-0030)
This section specifies server functionality not defined in XEP-0016. This document will not reach Draft status until Server-Based Privacy Rules has been modified to permit this functionality.
A server that supports this protocol MAY maintain a separate
Note: When it blocks a stanza, the server MUST NOT add the 'from' attribute of the stanza to the correspondents list.
Note: The lists of correspondents have a very different function from rosters. Edits are initiated by the server not the client, allowing the lists to be completely transparent to clients.
The server SHOULD perform the following procedures whenever it receives a stanza that falls through the active privacy list of the user it is addressed to without being either allowed or denied:
When a spim recognition procedure delays delivery of a stanza the server SHOULD store it temporarily.
While delivery is being delayed:
Once delivery of a stanza has been delayed for an implementation-specific length of time, or an implementation-specific number of stanzas from the same sender (or same sending server) are being delayed, the server SHOULD deny delivery of the stanza without informing the sender.
A good example of a delayed spim recognition procedure is when servers use the CAPTCHA Forms protocol to confirm whether or not a client is a spim robot before denying or allowing the delivery of a stanza from a new correspondent.
This informative section requires no client or server functionality beyond that defined in XEP-0016.
The client SHOULD use the 'subscription' type to exclude all JIDs on the user's roster from spim blocking (see the items with order 20, 30 and 40 in the example below).
At least in the medium term, clients that use non-XMPP protocols cannot be expected to support interactive spim recognition techniques (like CAPTCHA Forms). So, if its server uses interactive techniques, the client MAY use the 'jid' type to ensure its server does not block stanzas arriving from the transports the user has registered with (see the item with order 50 in the example below).
If a user believes spim will not be sent by users of a particular server (e.g. the user's own corporate server), then the client MAY use the 'jid' type to exclude all these users from spim blocking (see the item with order 60 in the example below).
No spim recognition techniques are perfect. Senders are sometimes falsely identified as spim bots. (For example, when a server sends CAPTCHA Forms, but the client does not support that protocol.)
In these cases the user MAY ask out-of-band the person he is trying to communicate with to allow communications in one of the following ways:
If stanzas from a spim robot running on a zombie domain somehow manage to get past the server's spim recognition then the client MAY use the 'jid' type to block one or all JIDs from the domain. (XEP-0016 already enables this functionality.)
A client MAY disable server-side spim blocking by ensuring the default fall-through action is never applied. It does this simply by including an explicit fall-through item in its active privacy list.
Note: Before a server with existing accounts deploys this protocol, it MAY ensure all users' privacy lists have an explicit fall-through item. As a result, spim recognition would be disabled until users choose to switch it on.
If a server implements this protocol and its security is compromised, then the attacker may be able to access the list of all previous correspondants for every user. People are unable to delete their own lists and they may not even be aware that they exist. So servers MUST ensure they protect this sensitive information very carefully.
This document requires no interaction with the Internet Assigned Numbers Authority (IANA)
Until this specification advances to a status of Draft, its associated service discovery node shall be "http://www.xmpp.org/extensions/xep-00158.html#node"; upon advancement of this specification, the XMPP Registrar