[asterisk-users] Is Enum safe from spammers?

John Todd jtodd at digium.com
Tue Jul 14 21:36:26 CDT 2009


The answer, quickly, is "No, ENUM is not safe from spam."  But there  
is security in obscurity at the moment.  Since nobody really uses  
ENUM, it's not been brought to the attention of phone spammers.   
However, witness AOL AIM, or Skype - now that people know it exists  
and there are millions of endpoints, the bots move in.  I get frequent  
connections on both services from random bots wanting to "chat",  
though no voice connections yet.

So ENUM is a target, yes.  But as far as SIP URIs in ENUM, there may  
be some easy solutions that don't require a lot of backflips and can  
quickly integrate with Asterisk.  The good news is that Asterisk is  
easily scriptable to block/squelch calls that don't meet certain  
criteria.  Here's a post I wrote a while back on the topic, including  
code.

https://mail.internet2.edu/wws/arc/sip.edu/2006-07/msg00012.html

...and a better-formatted version:

http://forum.e164.org/index.php?topic=16.0

JT



On Jul 14, 2009, at 4:46 PM, Karl Fife wrote:

> I think an equally interesting question is whether the Federal Trade
> Commission (and foreign equivalents) draw a distinction between  
> calls to
> E.164 numbers based on their transport technology.  In other words,  
> is there
> a legal difference depending on whether the call touches the PSTN  
> vs. being
> looked up in an ENUM directory with Pure IP transport?
>
> If you are an attorney, please chime in.  I'm not an attorney, but I  
> suspect
> the answer would be that there is no distinction.  I know the  
> definition of
> "phone call" is a moving target these days, so perhaps today's legal  
> answer
> will be different tomorrow.
>
> On the other hand perhaps the legal question is completely moot.  The
> zero-cost nature of SPIT might make it like SPAM wherein the fact  
> that it
> violates many laws in most countries is ultimately of no consequence.
>
> Will this ultimately come down to a technical arms race like we see  
> with
> SPAM?
>
>
>
>
> .
>
>
>
> December 21, 2012
>
>
> ----- Original Message -----
> From: "Gordon Henderson" <gordon+asterisk at drogon.net>
> To: "Asterisk Users Mailing List Discussion"
> <asterisk-users at lists.digium.com>
> Sent: Tuesday, July 14, 2009 9:14 AM
> Subject: [asterisk-users] Is Enum safe from spammers?
>
>
>>
>> Just been contacted by a UK Enum registrar looking for ITSPs to  
>> become
>> resellers of their Enum registration systems ...
>>
>> Is anyone using Enum?
>>
>> Does anyone (other than cynical old me) think that Enum is a  
>> spammers best
>> friend?
>>
>> Has anyone received a spam VoIP call yet? (ie. one placed directly  
>> over
>> the Internet aimed at a SIP URI to a PBX which allows anonymous  
>> incoming
>> calls?)
>>
>> I can see that Enum is good to provide another way round the PSTN,  
>> but at
>> the same time, I'm just not convinced...
>>
>> What do others think?
>>
>> Gordon
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>  http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

---
John Todd                       email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW -  Huntsville AL 35806  -   USA
direct: +1-256-428-6083         http://www.digium.com/






More information about the asterisk-users mailing list