nanog mailing list archives
Re: FCC chairwoman: Fines alone aren't enough (Robocalls)
From: Michael Thomas <mike () mtcc com>
Date: Tue, 4 Oct 2022 12:09:24 -0700
Back when P-Asserted-Identity was coming into being I screamed at the top of my lungs that it was going to get abused. The reply was that the telephone network was a closed system so it wasn't a problem. It turns out that we were both sort of right. At that time, email submission authentication was still pretty uncommon so most ISP's were open relay sewers so there was nobody to name and shame, so we figured that it would be a good idea to provide that means. That's pretty much the case of telephony now since their providers don't care what the identity is in the signaling. But it was always the case that they could care and not allow spoofing, just like I can't spoof email addresses from my gmail account. And very unlike email, telephony has lots of regulatory machinery to require that to happen.
Mike On 10/4/22 11:22 AM, bzs () theworld com wrote:
On October 3, 2022 at 16:05 mike () mtcc com (Michael Thomas) wrote: > The problem has always been solvable at the ingress provider. The > problem was that there was zero to negative incentive to do that. You > don't need an elaborate PKI to tell the ingress provider which prefixes > customers are allow to assert. It's pretty analogous to when submission > authentication was pretty nonexistent with email... there was no > incentive to not be an open relay sewer. Unlike email spam, SIP > signaling is pretty easy to determine whether it's spam. All it needed > was somebody to force regulation which unlike email there was always > jurisdiction with the FCC. Analogies to email are always fraught. How often do LEGITIMATE telco customers make hundreds if not thousands of calls per hour w/o some explicit arrangement with their telco? As they say, a telephone company is a vast, detailed billing system with an added voice feature. Quite unlike email where it's mostly fire and forget plus or minus hitting a spam filter precisely because there is no billing, no incentive. And no voice "snowshoeing". I doubt robocalls are ever made with anything like spam roboarmies. With email it's like every single computer on the net with an IP address has, in effect, a (potentially) fully functional "originating switch" (again, some exceptions like port 25 blocking.) People have run spambots from others' printers etc.
Current thread:
- Source Vs. Manifestations Re: 202210071016.AYC Re: FCC chairwoman: Fines alone aren't enough (Robocalls), (continued)
- Source Vs. Manifestations Re: 202210071016.AYC Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Abraham Y. Chen (Oct 09)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Peter Beckman (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Michael Thomas (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) sronan (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Christopher Morrow (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) sronan (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Jawaid Bazyar (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Nathan Angelacos (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Michael Thomas (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) bzs (Oct 04)
- Re: FCC chairwoman: Fines alone aren't enough (Robocalls) Michael Thomas (Oct 04)