Well, you're trying to fight pubsub spim, but that's only a very small
part of the picture. Once your jid is out in the open, it can be used
through any channel over XMPP (normal messages, ...). There are
efforts to fight spim in general, so I don't think taclking this very
specific case is very useful.
The fact remains that it is still better to avoid spim than fight it,
I don't think unfortunately that a system which will completely avoid spam
"a priori" exists. I mean, anyway you can be as careful as you want, unless
you really never give your jid, it will finishes to be spread with the time.
That's sad, but that's it.
My postal mail box also is filled with spam every days and I don't see how
to avoid it (I tried to glue some paper saying "no advertisement", but they
still put some and the paper finally "disappears"). If ever some day you are
disturbed in the phone by "jokers", maybe will you call your phone provider,
police, or simply change your phone number...
Spammers exist everywhere, for every communication mean, and there is no
real mean to stop them, else than stopping communicate (no postal box, no
phone, no email, no Jabber).
That's sad, but I don't see real way to prevent totally spam, whatever form
it takes.
And the case I proposed is not so specific. For instance, you can configure
your roster (I remember it is somewhere in the rfc) to block some contact,
or simply to only accept communication from people in your roster.
Of course if you do so, there is still a mean to be spammed: spammer will
ask to be added to your roster; so you will be spammed by this kind of
request maybe. Of course you can also block this, then you will be the only
one able to initiate a roster add.
This is annoying but anyway there is no real way of stopping a spammer (you
could do filter, but I don't like all these "intelligent" filters because
they often do errors). Yet Jabber could propose some configuration of your
nodes like this.
and there's no real way to avoid it with a push system. The best you
can do AFAICT is to do things like introduce a third-party (e.g. your
own trusted server) to manage your subscriptions, and let it relay
everything, but that would just be moving the problem.
That's what I proposed. But no need to have your "own" server, just "A"
trusted server (and to change it when you lose your trust in it). If it
implements the basic security rules, then it should only send you messages
the way you have configured your account (for instance reject any message
outside my roster).
Jehan
