Woes Loom for IM Users

Instant messaging is facing some e-mail-like issues.

Plenty of tools are available to make instant messaging play nice in a corporate environment. But with Yahoo and AOL recently dropping their respective enterprise IM services, its clear that companies have yet to integrate IM as seamlessly as they have e-mail.

Dont get me wrong; e-mail isnt exactly the poster child for efficient communications. But at least the dysfunctional, antiquated system described in SMTP allows you to e-mail another person with a high probability of success. IM needs a system similar to SMTP, but with standards and technologies that shore up SMTPs shortcomings.

There are many reasons why Yahoo and AOL abandoned the business IM market, with finding customers undoubtedly a major factor.

Theoretically, it isnt unreasonable to pay for the provisioning and management behind AOL Enterprise Gateway and Yahoo Business Messenger. However, paying to talk on a single network doesnt make much sense. Who would buy cell phone service from a company if customers of that service could talk only to one another?

True interoperability hinges on the adoption of a proposed Internet Engineering Task Force standard called CPIM, or Common Profile for Instant Messaging. CPIM will be supported by the two major IM and presence standards camps: SIMPLE (SIP Instant Messaging and Presence Leveraging Extensions) and XMPP (Extensible Messaging and Presence Protocol).

/zimages/3/28571.gifClick here to read eWEEK Labs review of a product that reins in corporate IM threats.

CPIM basically defines a protocol by which IM gateways can communicate messaging and user presence information using an e-mail in-box metaphor.

However, the abuse of SMTP should be a lesson to those building these gateways because a truly free IM system will be subject to similar attacks. As surely as we have e-mail-directory harvest attacks today, there will come a day when IM users will be subject to the same abuses.

You can set aside the notion that IM works in a realm of trusted senders, where individuals willingly exchange identity information to join one anothers buddy lists. Weve already seen IM attacks that use social engineering to tap a users buddy list to send spam. More sophisticated attacks will not be far behind.

Next Page: Are you sending "spim" to your customers?