Simplified XMPP Incident Exchange

# Simplified XMPP Incident Exchange ## Communication of received reports The protocol described in [XEP-0377: Spam Reporting](https://xmpp.org/extensions/xep-0377.html) allows a recipient to report JIDs/messages to their server, so their server operator can take appropriate action. A common use case is to then share reports with certain trusted entities, such as sharing spam reports with anti-spam services, or sending reports "upstream" to the originating server. The protocol described here allows for exchanging this information. ```xml <message to="reports.example.com"> <received-report id="4615da38-d345-11ef-ac2d-4325a9cdc728" xmlns="urn:xmpp:incidents:report:0"> <report xmlns="urn:xmpp:reporting:1" reason="urn:xmpp:reporting:spam"> <text>They sent me spam</text> </report> <reported-at>2025-07-12T09:02:00Z</reported-at> <reported-entity> <jid>spammer@bad.example</jid> <ip type="server">203.0.113.52</ip> </reported-entity> <reporter> <jid>victim@server.example</jid> </reporter> <stanzas> <forwarded xmlns="urn:xmpp:forward:0"> <delay xmlns='urn:xmpp:delay' stamp='2025-07-10T23:08:25Z'/> <message from="spammer@bad.example" to="victim@server.example" type="chat" xmlns="jabber:client"> <body>Spam, Spam, Spam, Spam, Spam, Spam, baked beans, Spam, Spam and Spam!</body> </message> </forwarded> </stanzas> </received-report> </message> ``` Reports are sent as a `<received-report/>` element in the 'urn:xmpp:incidents:report:0' namespace. This element encapsulates a single received report. The `<received-report/>` element MUST contain a single `<report/>` element, defined in XEP-0377, which typically matches the original `<report/>` of the incident as provided by the initial reporter. In addition, the element MUST contain the following child elements: - A `<reported-entity/>` containing at least a `<jid/>` element containing the reported JID as its content. It MAY also contain an `<ip/>` element if the report concerns traffic from a known IP address, and a `type` attribute specifying either `server` (if the IP address is of the reported entity's server) or `client` (if the IP address is of the reported entity's client). The following child elements are OPTIONAL: - A `<reporter/>` element which, if present, MUST contain a `<jid/>` element where the content specifies the JID of the initial reporting entity. - A `<stanzas/>` element which, if present, contains one or more `<forwarded/>` elements defined in [XEP-0297: Stanza Forwarding](https://xmpp.org/extensions/xep-0297.html). If the initial report contained stanza-ids, the forwarded stanzas SHOULD be the ones corresponding to those ids. ## Potential IODEF mapping ```xml <iq from='jabber.org' id='vk2x91g47' to='im.flosoft.biz' type='set'> <report xmlns='urn:xmpp:incident:3'> <Incident xmlns='urn:ietf:params:xml:ns:iodef-2.0' purpose='reporting'> <IncidentID name='server.example'>4BF5D2CE-7C90-4860-BEF2-43A7D777D5FF</IncidentID> <GenerationTime>2025-07-12T09:02:00Z</GenerationTime> <Description xml:lang='en'>They sent me spam</Description> <Contact role='reporter' type='person'> <AdditionalData> <jid xmlns='urn:xmpp:incident:2'>victim@server.example</jid> </AdditionalData> </Contact> <EventData> <Flow> <System category="source"> <Node> <Address category="ext-value" ext-category="xmpp">spammer@bad.example</Address> </Node> </System> <System category="intermediate"> <Node> <Address category="ext-value" ext-category="xmpp">bad.example</Address> <Address category="ipv4-addr">203.0.113.52</Address> </Node> </System> </Flow> <AdditionalData> <forwarded xmlns="urn:xmpp:forward:0"> <delay xmlns='urn:xmpp:delay' stamp='2025-07-10T23:08:25Z'/> <message from="spammer@bad.example" to="victim@server.example" type="chat" xmlns="jabber:client"> <body>Spam, Spam, Spam, Spam, Spam, Spam, baked beans, Spam, Spam and Spam!</body> </message> </forwarded> </AdditionalData> </EventData> </Incident> </report> </iq> ```