User Rating

%ents; ]>

User Rating This specification provides for the rating element. This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF). Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation. ## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ## In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages. This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <http://xmpp.org/extensions/ipr-policy.shtml> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA). xxxx ProtoXEP Standards Track Standards Council XMPP Core NOT_YET_ASSIGNED Daniel Wisnewski daniel.wisnewski@tigase.org daniel@tigase.org 0.0.1 2016-05-21 dsw

First draft.

With the growing prevalence of XMPP communications, it is no longer safe to assume that XMPP will be free of spammers and nuisance users due to its obscurity. To that effect, this protocols aim is to create a user rating that can be used to hinder unnecessary communication within servers. While there have been several attempts to curb spam within servers, they have targeted the specific messages that may be labeled as spam, or relied on blocking policies. This approach singles out the JID of the user to (hopefully) remove their access to the server.

XMPP Core, not known at this point.

A user rating is an integer value assigned to a user’s bare JID to aid servers in determining JIDs that are predisposed to spam or offensive messages. The User Rating allows servers to determine appropriate actions from limiting stanza sending, to kicking or banning of the JID from the server. The rating, once implemented can be used in automated and user-based environments to curb abusive users. element should be attached to a bare JID and should contain a float. 0.0]]> Would indicate the user is behaving normally, and is not suspected of sending spam. Where a user who has achieved a rating of the following: 1.0 would be kicked from the server, for example. is the JID of the user to be reported for spam or abuse. ]]>

A user may obtain their own rating by sending an IQ-get with no to address and an element qualified by the ‘rating’ namespace.

]]>

The server should return an IQ result stanza with <rating/> element:

0.1 ]]>

In installations that run as chat servers, moderation of spam users can be delivered to online users and administrators. Users receiving spam from a bare JID can send an IQ stanza to the server that increases the user rating.

mercutio@shakespeare.lit

]]>

To report abuse, an IQ stanza must be sent with the set type including the repored-jid element. If montague.net happens to a local vhost server, then it will be processed by that server. However, this stanza would be sent directly to montague.net with the rating payload.

]]>

Server sends a result IQ to confirm receipt of the report.

Servers should notify a user JID that they have been reported, however the identity of the reporter MUST remain anonymous, therefore the message should be sent from the server itself.

Your actions have been reported as spam, and your rating has been increased. ]]>

Server should return a not supported stanza if rating is not supported.

]]>

Local server may be programmed to create a <rating/> locally and track communications on its own server if this result is returned.

Server should return a not found stanza if the JID specified in <reported-jid/> is unable to be found:

]]>

A message should be sent to inform user that the JID is not found:

The reported user JID has not been found on this server. ]]>

Whether the jid is of a local or foreign domain, the montague.net server should at this point begin to track the reported jid mercutio@shakespeare.lit and a new user rating.

JIDs that are critical to server functionality or admins should have a permanent <rating/> of -100 to indicate that they are protected. Should a user attempt to report a protected user, the server should send the following:

]]>

The server may report the error with a message to the original user, indicating that the selected <reported-jid/> is admin or protected.

When a user is found ‘guilty’ of being a spammer using this method the server should first deliver a message before action is taken:

You have been found to be spamming the montague.net server, please take some time and cool off. ]]>

The server will then conduct appropriate action, either a kick, or an outright ban depending on the severity of the offenses, or settings within the server. Actions may be taken using existing XEP-0061 Privacy Lists or XEP-0191 Blocking Command, or an internal implementation to prevent communication from known spammer accounts.

OPTIONAL.

element may be incorporated into non-human based systems as well. Unexpected JIDs, or ones that connect externally may be automatically given a high rating, and the server set for a low tolerance of stanzas sent in, allowing for quick and generally automated expulsion of unwanted or abusive JIDs from an automated system. The element does not require a human interaction, instead it can be manipulated by a host server for automated abuse control. Depending on a server operator’s level of forgiveness, ratings may be permanent or can normalize to 0 after a period of time.]]>

This feature may lend itself to abuse from users who wish to punish or abuse another user. All rating systems should follow two abuse control rules to limit abuse potential:

No one entity can use the rating system to ban/kick a JID unless they are a server administrator. There must at least two or more JIDs reporting spam or abuse to pass the kick or ban threshold.
Successive report values on same JID will decrease in weight against a user rating, eventually lowering to zero (which then can be marked as spam/abuse). For example: the first <repored-jid/> of mercutio@montague.net by Romeo@montague.net increases the rating by 0.1. The second from romeo@montague.net the same user is now weighted slightly less, by increasing it 0.08. The third 0.06, fourth 0.04 and so on until the weighted value of the report is null. At this point, it would be advisable to notify Romeo that he is abusing the rating system, and will begin to increase his own rating by further pushing the issue.
Critical or known-user JIDs exempt from rating rules should be set to a value such as -100 to indicate that they are exempt from spam control measures.

This document requires no interaction with the Internet Assigned Numbers Authority (IANA).

None known at this point.

Not finished at this point.