[Asterisk-Users] Re: sip URL peering

Klaus Darilion klaus.mailinglists at pernau.at
Fri Nov 25 01:41:55 MST 2005 

Wolfgang S. Rupprecht wrote:
> Klaus Darilion <klaus.mailinglists at pernau.at> writes:
> 
>>It's not that easy. If you want to have open SIP URIs (just like email
>>is open for everybody) you will receive SPIT calls. E.g. the SPEER
>>group tries to define rules for VoIP peering which allows
>>authentication to enable open SIP URIs. (I won't open acces to my SIP
>>URI if I can not verify the senders URI).
> 
> 
> Keeping spam in mind seems like a really good idea.  I'm also a big
> fan of keeping a cryptographic "paper trail" so that one can figure
> out who spammed.
> 
> On the other hand, is SPAM / SPIT a big enough problem at this point
> to warrant scuttling any interconnectivity?  It seems a bit premature
> to worry about a problem that may not develop for 5 years and allow
> that fear to stop direct sip dialing.

Then we will have the same problem with email. Sometimes it's better to 
learn and try to design new services with potential problems in mind. 
With asterisk it's quite easy to make automated marketing calls. I'm 
sure as soon as more people are reachable directly via SIP, you will get 
marketing calls also via SIP. Then, the service providers will have to 
reject incoming calls and think about solutions. I prefer starting with 
solution to avoid disturbing users.


> As an amusing aside, I inadvertently added a "captcha" to my phone
> line when I had the local number go into an IVR that asks the caller
> to press 1 for person XXX and 2 for person YYY and 3 of they are a
> telemarketer.  I don't think anyone other than my friends has ever
> pressed 3, but the predictive dialers used by the phone-spammers
> doesn't seem to pass the turing test and isn't able to press 1 or 2.
> ;-) I see lots of timeout-hangups in the IVR with caller-id's like
> "CAR PROMO" or "VOIP CALL".
> 
> If spam/spit is ever a problem, I'm simply routing previously unseen
> calls to a turing test of the same type and anyone that has previously
> called (and/or been called) gets to bypass the turing test.

That for sure will work for geeks like you and me. But if you consider 
the a telco which allows to reach all customers via SIP, the detection 
should happen in the beginning. Also if my grandma calls me and she 
hears "press 1 for ..." probably she will hang again.

regards
klaus

More information about the asterisk-users mailing list