[Asterisk-Users] Re: VoIP SPAM, what's next ?

John Todd jtodd at loligo.com
Wed Aug 11 01:13:40 MST 2004 

At 10:14 PM +0200 on 8/10/04, Loek Gijben wrote:
>"hank" <hank at hanksmith.net> wrote:
>>  voip spam?
>>  I have never gotten any yet.
>
>It's is just waiting for the first one to arrive..
>The mechanics are just too appealing for spam-like businesses.
>
>Imagine a telemarketeer script that dials lists of VoIP addresses. 
>Instead of having
>to pay for each call they use cheap Internet bandwioth. The same 
>cost savings we 
>use * for applies to the telemarketeers also.
>
>>  ----- Original Message -----
>>  From: "John Todd" <jtodd at loligo.com>
>>  > At 7:14 PM +0200 on 8/10/04, Soren Rathje wrote:
>>  >>Gang,
>>  >>Do anyone have a clue on how they do this ??
>They  state that they can discriminate between a automated call and a human
>caller. I'm very sceptic about that: if I record a salespitch and 
>later fan it out to a list
>of known ENUM hosts, then it would be indisciminable from an actual 
>phonecall...
>... at least for the start of the salespitch, and that's bad because 
>then you've already
>crawled to your phone and  picked up the handset.
>
>Blacklisting spammers is harder too, compared to SMTP spam.

How is it that different?

>  > > VOIP Spam is actually pretty trivial to take care of, if only the
>>  > manufacturers would wise up.
>
>That's oversimplified. You wan't people that you don't know yet to 
>be able to contact
>you. (I want potential customers to call my business number).
>All kind of SMTP scanning and filtering techniques won't do good in 
>the VoIP world
>as you cannot examine the whole message. It's realtime..
>
>My 2 eurocents,
>loek gijben

Yes, it's oversimplified, but you're missing the point.  The point is 
that if we don't have individual components that can be secured to 
the point where there is an authentication method for accepting 
calls, then we're trying to bail the boat with a sieve.  The "middle" 
of the network will be smart for a long time, though the control of 
the middle is moving all the way to the edge (users able to control 
their own whitelists/blacklists/methods) and the middle is certainly 
getting closer to the edge (SIP-based proxy and PBX systems getting 
cheaper, but probably not household items for a long, long time, if 
ever, for the bulk of the market.)  So, I'm content with trusting 
that the spam control will be handled by the "middle" of the network, 
as long as we have some way of authenticating calls between the 
middle and the edge.

PS: Businesses will always be subject to VOIP Spam - they _want_ 
unsolicited calls.   There's nothing  you can do to prevent 
salespeople from calling your business unless you either (a) have a 
human filtering the calls, or (b) push your customers or potential 
customers through a lot of voicemail routines which will get them to 
hang up.  That's reality.  Spam-reduction techniques can cut down on 
a lot, but those filters will always be looser for businesses.

JT

More information about the asterisk-users mailing list