XEP-xxxx: User Rating

Abstract
This specification provides for the rating element.
Author
Daniel Wisnewski
Copyright
© 2016 – 2016 XMPP Standards Foundation. SEE LEGAL NOTICES.
Status

ProtoXEP

WARNING: This document has not yet been accepted for consideration or approved in any official manner by the XMPP Standards Foundation, and this document is not yet an XMPP Extension Protocol (XEP). If this document is accepted as a XEP by the XMPP Council, it will be published at <https://xmpp.org/extensions/> and announced on the <standards@xmpp.org> mailing list.
Type
Standards Track
Version
0.0.1 (2016-05-21)
Document Lifecycle
  1. Experimental
  2. Proposed
  3. Stable
  4. Final

1. Introduction

With the growing prevalence of XMPP communications, it is no longer safe to assume that XMPP will be free of spammers and nuisance users due to its obscurity. To that effect, this protocols aim is to create a user rating that can be used to hinder unnecessary communication within servers. While there have been several attempts to curb spam within servers, they have targeted the specific messages that may be labeled as spam, or relied on blocking policies. This approach singles out the JID of the user to (hopefully) remove their access to the server.

2. Requirements

XMPP Core, not known at this point.

3. Glossary

A user rating is an integer value assigned to a user’s bare JID to aid servers in determining JIDs that are predisposed to spam or offensive messages. The User Rating allows servers to determine appropriate actions from limiting stanza sending, to kicking or banning of the JID from the server. The rating, once implemented can be used in automated and user-based environments to curb abusive users. The introduction of a <rating/> element should be attached to a bare JID and should contain a float. <rating>0.0</rating> Would indicate the user is behaving normally, and is not suspected of sending spam. Where a user who has achieved a rating of the following: <rating>1.0</rating> would be kicked from the server, for example. <reportjid/> is the JID of the user to be reported for spam or abuse.

4. Use Cases

4.1 Retrieving rating

A user may obtain their own rating by sending an IQ-get with no to address and an element qualified by the ‘rating’ namespace.

Example 1. Rating retrieval request
        <iq from=’romeo@montague.net’
          id=’aa1a’
          type=’get’>
          <query xmlns=’rating’ />
        </iq>
        

The server should return an IQ result stanza with <rating/> element:

Example 2. Server Response
        <iq type=’result’ to=’romeo@montague.net’
          id=’aa1a’
          type=’result’>
          <query xmlns=’rating’ />
          <rating>0.1</rating>
        </query>
      </iq>
      

4.2 User-moderated server

In installations that run as chat servers, moderation of spam users can be delivered to online users and administrators. Users receiving spam from a bare JID can send an IQ stanza to the server that increases the user rating.

Example 3. Reporting Spam/Abuse
      <iq type=’set’
        from=’romeo@montague.net’
        to=’shakespeare.lit’
        id=’report1’>
        <rating xmlns=’urnm:xmpp:abuse:1’>
          <reported-jid>mercutio@shakespeare.lit</reported-jid>
        </rating>
      </iq>
    

To report abuse, an IQ stanza must be sent with the set type including the repored-jid element. If montague.net happens to a local vhost server, then it will be processed by that server. However, this stanza would be sent directly to montague.net with the rating payload.

Example 4. Success of reported response
      <iq type=’result’ to=’romeo@montague.net’ id=’report1’ />
      

Server sends a result IQ to confirm receipt of the report.

Servers should notify a user JID that they have been reported, however the identity of the reporter MUST remain anonymous, therefore the message should be sent from the server itself.

Example 5. User receives abuse report
      <message to=’mercutio@shakespeare.lit’ id=’warning’ type=’headline’>
        <body>Your actions have been reported as spam, and your rating has been increased.</body>
      </message>
    

Server should return a not supported stanza if rating is not supported.

Example 6. Feature-Not-Implemented Result
      <iq type=’error’ id=’report1’ to=’romeo@montague.net>
        <rating xmlns=’urn:xmpp:abuse’>
          <error type=’cancel’>
            <feature-not-implemented xmlns=’urn:ietf:xml:ns:xmpp-stanzas’/>
          </error>
        </rating>
    </iq>

Local server may be programmed to create a <rating/> locally and track communications on its own server if this result is returned.

Server should return a not found stanza if the JID specified in <reported-jid/> is unable to be found:

Example 7. User JID not-found
      <iq type=’error’ id=’report1’ to=’romeo@montague.net>
        <rating xmlns=’urn:xmpp:abuse’>
          <error type=’cancel’>
            <item-not-found xmlns=’urn:ietf:xml:ns:xmpp-stanzas’/>
          </error>
        </rating>
      </iq>
      

A message should be sent to inform user that the JID is not found:

Example 8.
      <message to=’romeo@montague.net’ id=’warning’ type=’headline’>
        <body>The reported user JID has not been found on this server.</body>
      </message>
      

Whether the jid is of a local or foreign domain, the montague.net server should at this point begin to track the reported jid mercutio@shakespeare.lit and a new user rating.

JIDs that are critical to server functionality or admins should have a permanent <rating/> of -100 to indicate that they are protected. Should a user attempt to report a protected user, the server should send the following:

Example 9. User is protected
      <iq type=’error’ id=’admin1’ to=’romeo@montague.net>
        <rating xmlns=’urn:xmpp:abuse’>
          <error type=’cancel’>
            <not-allowed xmlns=’urn:ietf:xml:ns:xmpp-stanzas’/>
          </error>
        </rating>
      </iq>
      

The server may report the error with a message to the original user, indicating that the selected <reported-jid/> is admin or protected.

When a user is found ‘guilty’ of being a spammer using this method the server should first deliver a message before action is taken:

Example 10. User reaches <rating/> of 1.0
      <message to=’mercutio@montague.net id=’notification’ type=’headline’>
        <body>You have been found to be spamming the montague.net server, please take some time and cool off.</body>
      </message>
      

The server will then conduct appropriate action, either a kick, or an outright ban depending on the severity of the offenses, or settings within the server. Actions may be taken using existing XEP-0061 Privacy Lists or XEP-0191 Blocking Command, or an internal implementation to prevent communication from known spammer accounts.

5. Business Rules

OPTIONAL.

6. Implementation Notes

Although this setup implies an active user base, the <rating/> element may be incorporated into non-human based systems as well. Unexpected JIDs, or ones that connect externally may be automatically given a high rating, and the server set for a low tolerance of stanzas sent in, allowing for quick and generally automated expulsion of unwanted or abusive JIDs from an automated system. The <rating/> element does not require a human interaction, instead it can be manipulated by a host server for automated abuse control. Depending on a server operator’s level of forgiveness, ratings may be permanent or can normalize to 0 after a period of time.

7. Security Considerations

This feature may lend itself to abuse from users who wish to punish or abuse another user. All rating systems should follow two abuse control rules to limit abuse potential:

  1. No one entity can use the rating system to ban/kick a JID unless they are a server administrator. There must at least two or more JIDs reporting spam or abuse to pass the kick or ban threshold.
  2. Successive report values on same JID will decrease in weight against a user rating, eventually lowering to zero (which then can be marked as spam/abuse). For example: the first <repored-jid/> of mercutio@montague.net by Romeo@montague.net increases the rating by 0.1. The second from romeo@montague.net the same user is now weighted slightly less, by increasing it 0.08. The third 0.06, fourth 0.04 and so on until the weighted value of the report is null. At this point, it would be advisable to notify Romeo that he is abusing the rating system, and will begin to increase his own rating by further pushing the issue.
  3. Critical or known-user JIDs exempt from rating rules should be set to a value such as -100 to indicate that they are exempt from spam control measures.

8. IANA Considerations

This document requires no interaction with the Internet Assigned Numbers Authority (IANA).

9. XMPP Registrar Considerations

None known at this point.

10. XML Schema

Not finished at this point.


Appendices

Appendix A: Document Information

Series
XEP
Number
xxxx
Publisher
XMPP Standards Foundation
Status
ProtoXEP
Type
Standards Track
Version
0.0.1
Last Updated
2016-05-21
Approving Body
XMPP Council
Dependencies
XMPP Core
Supersedes
None
Superseded By
None
Short Name
NOT_YET_ASSIGNED

This document in other formats: XML  PDF

Appendix B: Author Information

Daniel Wisnewski
Email
daniel.wisnewski@tigase.org
JabberID
daniel@tigase.org

Copyright

This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF).

Permissions

Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.

Disclaimer of Warranty

## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##

Limitation of Liability

In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.

IPR Conformance

This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <http://xmpp.org/extensions/ipr-policy.shtml> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).

Visual Presentation

The HTML representation (you are looking at) is maintained by the XSF. It is based on the YAML CSS Framework, which is licensed under the terms of the CC-BY-SA 2.0 license.

Appendix D: Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.

Appendix E: Discussion Venue

The primary venue for discussion of XMPP Extension Protocols is the <standards@xmpp.org> discussion list.

Discussion on other xmpp.org discussion lists might also be appropriate; see <https://xmpp.org/community/> for a complete list.

Errata can be sent to <editor@xmpp.org>.

Appendix F: Requirements Conformance

The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".

Appendix G: Notes

Appendix H: Revision History

Note: Older versions of this specification might be available at https://xmpp.org/extensions/attic/

  1. Version 0.0.1 (2016-05-21)

    First draft.

    dsw

Appendix I: Bib(La)TeX Entry

@report{wisnewski2016xepxxxx,
  title = {User Rating},
  author = {Wisnewski, Daniel},
  type = {XEP},
  number = {xxxx},
  version = {0.0.1},
  institution = {XMPP Standards Foundation},
  url = {https://xmpp.org/extensions/xep-xxxx.html},
  date = {2016-05-21/2016-05-21},
}

END