Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas <mike () mtcc com>]

On 12/19/19 8:16 AM, Christopher Morrow wrote:
> How is it envisioned that this will work?
> I mean, I'm all for less spam calling... and ideally there would be
> some form of 'source address verification' on the PSTN/phone
> network... but in today's world that really just doesn't exist and the
> motivations to suppress fake sources are 'just as good' as they are on
> the intertubes. (with crappier options in the gear - SHAKEN/STIR are
> really not even available in the majority of the switch 'gear' right?)
It's my opinion that STIR/SHAKEN is trying to solve the wrong problem. 
Telephone numbers are oh-so last millennia. I don't care about telephone 
numbers any more than I care about ip addresses. What I care about is 
the From: address, be it email, sip or anything else that uses an 
email-like address. Unlike the e.164 quagmire, domains can vouch that 
they actually sent a message ala DKIM (in fact, when i was developing 
DKIM, i for shits and giggles, DKIM-signed SIP messages too). If a 
message comes from gmail (and verifies), I have a pretty good belief 
that it really is that user since I know they don't allow their users to 
spoof other email accounts. Same can be done with SIP. That is the road 
forward here, not an ugly complex bandaid on an outdated form of identity.

Mike