With the growing prevalence of XMPP communications, it is no longer safe to assume that XMPP will be free of spammers and nuisance users due to its obscurity. To that effect, this protocols aim is to create a user rating that can be used to hinder unnecessary communication within servers. While there have been several attempts to curb spam within servers, they have targeted the specific messages that may be labeled as spam, or relied on blocking policies. This approach singles out the JID of the user to (hopefully) remove their access to the server.
XMPP Core, not known at this point.
A user rating is an integer value assigned to a user’s bare JID to aid servers in determining JIDs that are predisposed to spam or offensive messages. The User Rating allows servers to determine appropriate actions from limiting stanza sending, to kicking or banning of the JID from the server. The rating, once implemented can be used in automated and user-based environments to curb abusive users. The introduction of a <rating/> element should be attached to a bare JID and should contain a float. <rating>0.0</rating> Would indicate the user is behaving normally, and is not suspected of sending spam. Where a user who has achieved a rating of the following: <rating>1.0</rating> would be kicked from the server, for example. <reportjid/> is the JID of the user to be reported for spam or abuse.
A user may obtain their own rating by sending an IQ-get with no to address and an element qualified by the ‘rating’ namespace.
The server should return an IQ result stanza with <rating/> element:
In installations that run as chat servers, moderation of spam users can be delivered to online users and administrators. Users receiving spam from a bare JID can send an IQ stanza to the server that increases the user rating.
To report abuse, an IQ stanza must be sent with the set type including the repored-jid element. If montague.net happens to a local vhost server, then it will be processed by that server. However, this stanza would be sent directly to montague.net with the rating payload.
Server sends a result IQ to confirm receipt of the report.
Servers should notify a user JID that they have been reported, however the identity of the reporter MUST remain anonymous, therefore the message should be sent from the server itself.
Server should return a not supported stanza if rating is not supported.
Local server may be programmed to create a <rating/> locally and track communications on its own server if this result is returned.
Server should return a not found stanza if the JID specified in <reported-jid/> is unable to be found:
A message should be sent to inform user that the JID is not found:
Whether the jid is of a local or foreign domain, the montague.net server should at this point begin to track the reported jid firstname.lastname@example.org and a new user rating.
JIDs that are critical to server functionality or admins should have a permanent <rating/> of -100 to indicate that they are protected. Should a user attempt to report a protected user, the server should send the following:
The server may report the error with a message to the original user, indicating that the selected <reported-jid/> is admin or protected.
When a user is found ‘guilty’ of being a spammer using this method the server should first deliver a message before action is taken:
The server will then conduct appropriate action, either a kick, or an outright ban depending on the severity of the offenses, or settings within the server. Actions may be taken using existing XEP-0061 Privacy Lists or XEP-0191 Blocking Command, or an internal implementation to prevent communication from known spammer accounts.
Although this setup implies an active user base, the <rating/> element may be incorporated into non-human based systems as well. Unexpected JIDs, or ones that connect externally may be automatically given a high rating, and the server set for a low tolerance of stanzas sent in, allowing for quick and generally automated expulsion of unwanted or abusive JIDs from an automated system. The <rating/> element does not require a human interaction, instead it can be manipulated by a host server for automated abuse control. Depending on a server operator’s level of forgiveness, ratings may be permanent or can normalize to 0 after a period of time.
This feature may lend itself to abuse from users who wish to punish or abuse another user. All rating systems should follow two abuse control rules to limit abuse potential:
This document requires no interaction with the Internet Assigned Numbers Authority (IANA).
None known at this point.
Not finished at this point.
This document in other formats: XML PDF
This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF).
Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <http://xmpp.org/extensions/ipr-policy.shtml> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
The primary venue for discussion of XMPP Extension Protocols is the <email@example.com> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <http://xmpp.org/about/discuss.shtml> for a complete list.
Errata can be sent to <firstname.lastname@example.org>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
Note: Older versions of this specification might be available at http://xmpp.org/extensions/attic/