[asterisk-biz] Fraud

Tomer Horn thorn at ivrit.org.il
Tue Jun 6 09:53:31 MST 2006


I agree with Florian.

I would like to add that technically, it should be implemented either in
style of RBL using DNS and/or DUNDi - where the DUNDi will be used as a
blackhole. Just make sure that by design you'll be able to create
redundancy sites in different locations in case of DDoS or whatever. Be
prepared for that.  You should allow, as you suggested, to download the
complete list by using the web/dns-axfr.

I think with that comes the subject of moral responsibility for the list:
- Under what rules a DID goes into the list? Who is allowed to commit to 
the list?
- What prevents from those who are running the list to list "safe" DIDs
and abuse
the list for whatever purposes.
- Maybe the entries should have a feature to enter both positive and
negative
votes/scores/comments for each listed DID?

Just my 2 cents.

Florian Overkamp wrote:
> Hi Mike,
>
> Mike Lynchfield wrote:
>> We create an API , or Web portal , that would accept input 
>> (DID,Reason,Flag)
>> and serve a list.
>>
>> This list would be a SOF (Suspicion of fraud) list in either txt,xml 
>> or both
>> for you to download.
>
>> How does it sound ? ..
>
> The basic idea makes a lot of sense, although I think there should 
> also be some meta-data like:
> - what is the nature of the SOF, in text, for customer support purposes
> - when was the number registered as SOF
> - optionally, how many complaints were made about the number ?
> - if there was an identifiable source, of the complaint or notice, who 
> was it ?
>
> Our national regulator also publishes a list of numbers that have been 
> seen in auto-diallers. Maybe other countries do the same ?
>
>




More information about the asterisk-biz mailing list