VoIP Spam

[dlublink]

Hello,

We all know about email spam, people spam us with nonsense. Without spam filters my work server gets about 10,000 spam messages a day. Spamhaus apparently blocks about 50 billion spams per day, and they don't even block half of servers using their service!

So my question is, when e164.org reaches critical mass and people sign up in hordes, what is to block VoIP Spam?

By bypassing the PSTN you'll be able to call someone in North America from China without any restrictions. Try telling someone hacker in the middle of China they aren't allow VoIP spamming.

It has been suggested that numbers be verified using e164.org tree and checking the IP against the telephone number.

Does anyone else have ideas as to what we can do to protect VoIP before it goes the way of Email?

Thanks,

David

[smilindog2000@yahoo.com]

For e-mail, I have been forced into challenge/response filtering.  In other words, my server sends you an e-mail asking you to verify you're a real person before your e-mail is sent to me.  Works great.

The equivalent can be done for voice spam.  For example, if your number is not on a white-list, you'd get a voice asking you some silly question you can answer by phone, like what year is it, or how many fingers do you have on one hand?  If a real person is on the other end, they'll get through.  If they get through once, they automatically are white-listed.  This wont stop telemarketing, but at least it gets rid of most bots.

I like the idea of a white-list server that you can register with.  Could there be a special dial code for reporting spam, such as 7726 (spells spam)?

[evilbunny]

Verification that a person owns a number won't stop spam, although might slow them down a little, after all if they make a lot of money via spam purchasing numbers isn't going to be an issue.

It's going to require verification checks AND some legislation to stop this, basically if companies face fines that makes their business model unsustainable then they won't do it, and I don't mean just fining the companies making the spam emails/calls, you need to fine companies paying for the services, but you also need to make sure a competitor hasn't paid to have them spammed so they would be fined.

This is mostly a social problem and the world has dealt with social problems for thousands of years before technology came along.

While I utilise SpamHaus, I only do so in a spamassassin score, not as a accept or reject manner, I've found using RBLs directly in the past is a problem because of too many list administrators being overly zealous and becoming more of a problem then a solution.

John Todd created a simple AGI script that may help with SPIT, although it will only help as much as SPF works, and this removes some of the benefits of forwarding CID and other things need to be put into SIP header rather then this simple version for it to be widely acceptable.

Code:

# To demo this script, try:
#
# An SRV lookup on _sip._udp.loligo.com that works:
# ./checksrv -v loligo.com 204.91.156.10
#
# A TXT lookup on _outproxy._sip._udp.loligo.com that works:
# ./checksrv -v loligo.com 192.148.252.133
#
# start
#
#!/bin/sh

defaults="no"

if [ $1 == "-v" ]; then
     verbose="1"
     name=$2
     ip=$3
     type=$4
else
     verbose="0"
     name=$1
     ip=$2
     type=$3
fi

if [ "x$type" == "x" ]; then
     type="_sip._udp"
     defaults="yes"
fi

dr=`dig +short SRV $type.$name | cut -d' ' -f4`

if [ $verbose == "1" ]; then
     echo "Found for $type.$name:"
fi

for d in $dr ; do

     ar=`dig +short $d`

     if [ $verbose == "1" ]; then
         echo "$d: "
     fi
        for a in $ar; do
         if [ $verbose == "1" ]; then
             echo "    $a"
         fi
         if [ "x$a" == "x$ip" ]; then
             match=$d
         fi
     done
    done

if [ $defaults == "yes" ]; then
   type="_outproxy._sip._udp"

   dr=`dig +short TXT $type.$name | cut -d' ' -f4|tr -d \"|sed 's/outproxy=//'`
   if [ $verbose == "1" ]; then
       echo "Found for $type.$name:"
   fi

   for d in $dr ; do

       ar=`dig +short $d`
       if [ $verbose == "1" ]; then
           echo "$d: "
       fi

       for a in $ar; do
           if [ $verbose == "1" ]; then
               echo "    $a"
           fi
           if [ "x$a" == "x$ip" ]; then
               match=$d
           fi
       done done
fi

if [ $verbose == "1" ]; then
     echo "Match: $match"
else

# If you are running Asterisk and want to use this script as an AGI,
#  just comment out the first "echo" line below and uncomment the
#  Asterisk AGI "SET VARIABLE" line to replace it.
#
     echo $match
#   echo "SET VARIABLE SRVMATCH $match"
fi

# end

[evilbunny]

For e-mail, I have been forced into challenge/response filtering.  In other words, my server sends you an e-mail asking you to verify you're a real person before your e-mail is sent to me.  Works great.

The problem with this of course is phone calls need to be a little more real time, or would annoy the crap out of people.

The equivalent can be done for voice spam.  For example, if your number is not on a white-list, you'd get a voice asking you some silly question you can answer by phone, like what year is it, or how many fingers do you have on one hand?  If a real person is on the other end, they'll get through.  If they get through once, they automatically are white-listed.  This wont stop telemarketing, but at least it gets rid of most bots.

I haven't had any VoIP spam yet, but I have had people fat finger dial my US number and call me at 4 am, and requiring people to just hit 1 or some other random number or combination is usually more then enough to prevent this problem, aided by the fact the SPIT (SPam over Internet Telephony) probably won't connect immediately if they are dialing multiple numbers at the same time, it takes time to dump calls and connect to just one channel they'd possibly miss the initial prompt to press keys.

I like the idea of a white-list server that you can register with.  Could there be a special dial code for reporting spam, such as 7726 (spells spam)?

Once I start getting spam I'd end up using *<something> to report the previous call as spam, since just numbers would look too much like an extension

[jmullinix]

I have a Trixbox/Asterisk server.  I created inbound routes that trap inbound toll free numbers.  I do the same with no caller ID calls, but I had to write a little code for that one.  The trap answers the line, sends the Zapateller tones and hangs up. 

That eliminates most of my Telemarketing calls.  Ward Mundy's site, nerdvittles.com will steer you on this.

[dlublink]

I have a Trixbox/Asterisk server.  I created inbound routes that trap inbound toll free numbers.  I do the same with no caller ID calls, but I had to write a little code for that one.  The trap answers the line, sends the Zapateller tones and hangs up. 

That eliminates most of my Telemarketing calls.  Ward Mundy's site, nerdvittles.com will steer you on this.

Unfortunatly my father-in-law blocks callerid on his cellphone and is always calling me, since I don't want to cut off my family, the trick about caller id won't work.

I have three north american dids for personal use. 1-418 (QC), 1-416(TO) and 1-877(TF). I never sell anything and I never spam people. So you can't really be sure that your trap would work effectively.

If I really wanted to sell you something, I would get a non toll free number, and your trap is bypassed.

One option I have explored is called 'telemarketer torture' which is available on voip wiki. It is a menu that is written to be difficult to navigate. So I setup extension 1066 to call the menu, so if a telemarketer calls I transfer them to extension 1066.

But this wouldn't stop people from sending prerecorded messages such as 'go to www.somesite.tld and buy viagra and cialis for discount price!'.

David

[Renne]

There was a nice AGI in the Asterisk forum which handles cold callers with an endless loop of questions like "Which political party do you represent?" in a voice box menu. 

Drives any cold caller crazy and he'll never dial your number again! 

[dlublink]

Trouble is, anonymous calls can be good. I have that script installed (telemarketer torture). Trouble is some calls are without callerid (my father-in-law) and some calls are unauthenticated (work who uses e164.org).

David

[BlueDream]

I think it is only a matter of time before we start to receive VOIP spam calls, with the ability to call people all around the world for extremely cheap prices I think we'll see telemarketing/spam companies with MASSIVE call centres get contracts for calling people world wide, operating 24 hours a day 365 days a year calling people throughout the world in different time zones to cater for when people are awake/at work/at home....

I think with PSTN it was prohibitive cost wise to call people world wide....

Some countries such as Australia and I think USA & Canada have do not call lists which make it illegal for telemarketers/spammers to do cold calling, but obviously with people placing calls from outside the country they would not be subject to such legislation....

[kieranmullen]

Oy! What an old thread. Who borught this back from the dead?  I wish more people would use the service. Sadly I dont believe they will due to distrust of other competing voip businesses.

[evilbunny]

I think with PSTN it was prohibitive cost wise to call people world wide....

Not entirely true, because the higher call volumes attracted lower costs etc.

Because this will end up a mostly social problem (like email spam) a social solution (like do not call lists) are required, the do not call lists work because they don't just target the company making the calls in the case of the call centre being located outside of that countries legal jurisdiction, but also get the company paying them, this can lead to problems with joe jobs etc though where a competitor wants to get a company fined so they pay a telemarketing company to spam everyone etc.

[gjacmar]

We get bombarded with spam constantly.  We average a million messages a day.

www.limelightit.com

[blue.angel]

As you able-bodied know, spam infiltrates, clogs, and slows down email servers worldwide. In my organization, spam accounts for about 89% of all entering and outbound messages. Yet, we’ve been acclimatized to the use of filters, quarantines, and clutter email folders. Spam apprehension is not a absolute science, and has taken years to advance able strategies for active email spam.

Translate this to the VoIP beginning for a moment. Imagine if 90% of all calls or voice-related letters were, well, spam. Would we even bother to aces up our campanology phones anymore? Just as Caller ID bluffing has become commonplace, it’s difficult to analyze the authority of callers. However, the majority of Caller ID bluffing is acclimated for non-malicious purposes. Here’s the ultimate question: how continued will we be lucky?
BY:
IP PBX

[yoyohh]

Where did you start? What kind of projects wow power leveling did you

choose, and how far did wow power leveling you make it?

Often the world of warcraft gold answer is the bedroom or the

kitchen. There are plenty of options for these areas 重庆二手交易 of the

house, and the market gold in wow is ripe with furniture in all

styles wow gold eu and colors from the perfect bed to the best

kitchen counters.But did you stop to think wow gold chea of the

 bathroom? The bathroom wow cheap gold is often the single most

neglected room in a home.

[tayomismo]

how can these spam affects the VoIP? can it damage something? just curious.