I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs.
I'm assuming there's a technical and/or willpower reason or some counterfactual like VOIP depends on it.
Even just flagging it would help. Or, rejecting numbers they can know lie inside their own routing architecture, or asserts within their own number plan where the CLID does not match.
Morally it's like BCP38 in the customer facing internet systems: reject customer input they don't pay you to assert.
I used to work at two (UK) telcos. There's a historic reason and a modern reason.
The historic reason was, just like the Internet, the international phone network was built on gentlemen agreements by engineers who largely trusted each other.
A big national telco is unlikely to attack its peers, so there was little need for safety measures. As smaller telcos came in to the mix via deregulation, that understanding changed - but it was hard to retroactively fit controls.
The more modern reason is outsourced call centres. You want outbound calls from your Philippines based staff to show as if they were calling from a local number. When large and reputable entities were doing this it was fine. Just like showing a different reply-to address on an email.
If you were designing a modern network, it wouldn't be like this. But international telephony is over a hundred years old and has a huge amount of legacy technology and legal agreements.
> You want outbound calls from your Philippines based staff to show as if they were calling from a local number.
The company that has offshored it's support to the Philippines might want that, but I doubt any consumers want that. That shouldn't have happened, but regulation comes (20+ years?) after harmful business profit decisions have been made and implemented.
But, thank you for the explanation. I have heard similar explanations before, and it has always sounded to me like a situation where the telcos are able to offer a service for a profit for the customers to hide the origin of their offshore call centres (that mostly nobody wants to speak to anyway).
The consumers 'want' it because if they get disconnected and try to recall, by spoofing a local number it costs them nothing/little since it's a local number (maybe toll-free?) instead of a lot for an international call. Of course, they might want a local call centre even more, but spoofing a local number for overseas call centres does have a purpose.
> I've never seen an hotline where you can call back and resume the call you were doing.
Assuming they even accept inbound calls to the CLI number in the first place.
I frequently encounter companies where I miss a call due to $reason, I then try to call back the CLI number and it just says "This was $megacorp trying to call you, we will try again later".
Or, if you're really lucky, the CLI will just dump you into IVR-hell which, of course, is "AI powered" today, so you have to spend 30 minutes telling the stupid robot they mis-intepreted your voice.
My electric company gave me a number (UID, not phone number) to resume a call if the issue wasn't fixed within 24 hours, and I'm pretty sure internet operators have the same protocol (at least used to).
Can literally be a "Desk ID" basically, so using that would reach the phone next to the agent. Used to work both with outgoing cold calls and incoming customer support, had a setup that worked like that for the latter.
> My electric company gave me a number (UID, not phone number) to resume a call if the issue wasn't fixed within 24 hours
What planet do you live on ?
Seriously. Where I am it is guaranteed that a utility company would never even consider such a concept let alone have the technical competence to actually implement it.
Enedis is basically a state owned company (to be clear, they aren't the one selling electricity, they are the one in charge of the network and the distribution, so I'm not sure if it counts as utility).
The call centre for my Australian bank's KYC is seemingly backed by a single person. I've spoken to her a few times now... so calling them back more or less does work, though you might have to wait on hold again.
A legitimate company registering an local number, routing its Philippines call centre through it and accountable for outbound calls is not really comparable with a random scammer faking whatever number.
Just looking at my incoming call list on my phone for yesterday: "Suspected Spam", "Suspected Spam", "Suspected Spam", "Potential Fraud", "Suspected Spam", "Suspected Spam", a real call, "Suspected Spam", "Suspected Spam"...
Phone is set to only notify me for numbers for known contacts - does mean that I occasionally miss calls from other people, but I can live with that.
Yes, was just relating my experience - it's just go the the point where I personally opt to play safe. Like everyone I do get calls from people who aren't in my contact list but it was getting silly so I've defaulted to ignoring them and it works for me. Anyone serious is going to be happy leaving a message - which suits me anyway as I spend a large part of my work day in Teams calls.
In the last 3 months I received 700 spam/scam calls to my phone, my wife received about 400. We can't turn off ringing for unknown callers and we're getting mad. A few days ago I vented to one of those call-center people trying to sell me a cheaper power utility for the Nth time, and told her to find another job or something like that; she actually called me back yelling at me that "any job is worth", and yelled at her that I cannot fucking receive sometimes up to 20 calls in a day, sometimes at quite annoying times of the day! It's getting ridiculous.
EDIT: I know not everybody is having the same experience in my country. Some people are only getting a few calls per week; I registered our phones in https://registrodelleopposizioni.it/ and also I'm using android's spam filter which filters out additional hundreds of calls automatically.
EDIT 2: I sometimes wonder if we're being harassed by somebody ; I cannot tell. The voices are often quite similar, but it might be the albanian accent that makes them sound similar.
> I vented to one of those call-center people trying to sell me a cheaper power utility for the Nth time, and told her to find another job or something like that
I threaten to kill and rape them all the time, but that usually doesn't do much.
I've found that politely asking them to kill themselves elicits much more engagement, and I hope it at least implants some lasting memory.
> You want outbound calls from your Philippines based staff to show as if they were calling from a local number.
This is a valid use case, but I’m a bit surprised that the mechanism isn’t better controlled. Surely a better design would be for an actual local entity to forward the call, possibly with an optimization to allow the voice data to bypass the local entity once the call is connected.
Just whitelist the caller ID and have the originating network guarantor
The second part is the hard part and requires coordination
It wouldn’t be expensive or especially hard to do but there is no payoff for the network. Remember they make money off scam calls too
Since as long as I can remember these organisations have been optimised for profit, not for GAF and that’s why they’re being savaged by regulation and OTT competitors now
There has been no market forces compelling them to do this and until recently when it got really bad, no political or regulatory forces
> The more modern reason is outsourced call centres. You want outbound calls from your Philippines based staff to show as if they were calling from a local number. When large and reputable entities were doing this it was fine. Just like showing a different reply-to address on an email.
For this particular case, do they really spoof the caller ID on an (expensive) international phone call, or do they actually just re-route via a local phone number?
It's been a while since I did telecoms related stuff but also you might want a different CLI and ANI for forwarded calls so you can preserve the original line being used.
Obviously the whole scam call centre has changed how it has to work but we actually had a working system that had quite a few useful features.
It's a solved problem. VoIP plus leased trunk lines by the a telco in the market you want to work at. You are limited to fixed set of numbers and you are "local" in the market you want to work at.
That's why in 2020 the FCC belatedly mandated SHAKEN/STIR to authenticate Caller ID in the US using public-key cryptography. Deployment is still work in progress, and it does not cover SMS/MMS, however.
A bigger problem is Russia or Saudi Arabia using the SS7 signalling network to track their dissidents in the US because those legacy telco protocols have basically no authentication whatsoever, and won't blink if a Saudi Telco sends Verizon a MAP message saying "what is the cell location of Jamal Khashoggi's phone?"
> I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs.
Actually, there are several legitimate use cases:
• Call divert: Local number calls a number abroad and that one is diverted back a another local number. It's probably rare, but it's a totally legit use case.
• 2G/3G roaming: I'm not an expert on this one, but as far as I understood it, roaming calls placed on 2G/3G networks are initiated in the visiting country, and use the local number of the caller.
• Getting better rates using VoIP. Whether this is legit or not might be subject to discussion, however I was using a foreign VoIP provider (because they had better rates for local calls than any local providers, for my low call volume) sending out my own local number (had to be validated by them by callback, although that's their own security measure, not the network's one). Now in several EU countries and Switzerland this doesn't work any more, as calls bearing national IDs coming from abroad must be displayed as anonymous. And it's quite annoying that there isn't a way to "authentify" those numbers so the owner can use them as they wish.
> I've yet to read a good explanation of why the telcos permit ...
They (the telcos) are paid for every message they deliver. So absent regulation forcing them to do otherwise, it is in their best interest (additional profit) to pass through every message with no filtering of any form.
And, if the regulators had any technical knowledge at all, they would recognize that the billing system is the key to stopping the robo texts. Every text can be traced back to its origin through the billing system (because that's how the telco's collect their fees, so of course they know who to collect from for which messages they forwarded). So the regulators just need to force open the billing systems and trace the money back to the illicit senders, and then they know who to cut off (or to fine out of existence).
That's what's mandated by ARCEP (the French regulator) since the beginning of this year, and now all faked numbers are marked as “hidden caller”, and indeed it helps a lot.
Cost. Cost to spam and scam tends to 0 at industrial scale. Meanwhile amount of time and resources telco want to spend on fighting it is Bounded by how much regulators are going to allow them to pass on to customers.
As an Australian, I'm happy to hear this, but also annoyed that a lot of legitimate SMS from companies don't use branded sender ID. I'm not sure why, but my guess is that SMS gateways charge more for it and businesses don't want to pay the extra cent or two.
No it costs the same, the reason they do it is that it’s slightly more difficult to spoof a real number sender ID because most gateways will verify ownership by sending you a text on that number before letting you send outbound from it, where as they have no way of doing the same for an alphanumeric sender ID
As counter measure to text scams the Australian government (actually ACMA which I think is the Au version of the FCC) has introduced a national register of Sender Ids, which comes in to effect on the 1st of July. It requires providers to mark any unregistered Sender Id as 'Unverified'
I haven't yet been able to find the full register (if it's even public) but I thought this is an interesting approach.
In India this has been the regulation for several years, and has helped along with the Do Not Disturb (DND) registration by the end user and rules for senders/callers. Anyone sending bulk SMSes, even if the sending is done through a third party provider like AWS from another country/region, will have to register. [1]
The entity, the header, content template (which allows two or three variables/placeholders) need to be registered. A Distributed Ledger (DLT) is used to store these. Ad hoc messages without a registered template are expected to be rejected by the telco.
As an Australian who moved to India a couple of years ago: I’ve found India’s Do Not Call Register significantly less effective than Australia’s, because telco, ISP, TRAI and other government offices keep on sending spam, a lot of it stuff that will train people to be phished, and if you report them as DND violations, they declare them service-related. And for telco/ISP, they commingle with actual service-related and important transactional messages, so you can’t just block the shortcodes.
In Australia, I don’t remember ever really getting spam SMSes. Emails from the bank, yes, but that’s easier to filter if desired. When you get the same old spam messages time after time, you can filter them in email, but text message apps are often not up to that sort of thing.
The really stupid thing is that more than half of the spam is about blocking spam. At least once a month, AD-TRAIND-G sends:
> స్పామర్లపై చర్య కోసం స్పామ్ను రిపోర్ట్ చెయ్యండి. అయితే, ఫోన్ కాలింగ్ యాప్లో స్పామర్ను బ్లాక్ చేయడం వల్ల స్పామర్పై చర్య తీసుకోబడదు. స్పామ్ను TRAI DND యాప్ లేదా సర్వీస్ ప్రొవైడర్ యాప్ లేదా 1909 లో రిపోర్ట్ చెయ్యండి. TRAI DND యాప్లో రిపోర్ట్ చేయడం సులభం మరియు వేగవంతం, ఈరోజే ఇన్స్టాల్ చేసుకోండి.
And AD-AIRDOT-S just sends a random message from a pool of half a dozen or so, mostly English but one or two Telugu, sometimes every few days, sometimes every few weeks. Such as:
> Alert: On receiving unwanted SMS , please complain by calling 1909 or send SMS to 1909 in format 'SMS Content, Sender No, dd/mm/yy' or visit bit.ly/2qBK0vp to report through Airtel Thanks App.
(Huh, that link is now broken. Used to work. Makes it even more dumb.)
I should automate reporting all of this stuff, deliberately to waste their time, and maybe, just maybe, make someone think, “maybe we should stop sending this stuff”.
There was also RCS… I turned that off after a bit, because it was being used purely for spam and undesirable stuff, and you couldn’t complain in the same channels. RCS is dead like this.
There are good reasons to allow unregistered telecommunications. If you don't like it, you can always block it your end; given that we can all expect many other people to do the same (and it'll likely be a feature built into many phone operating systems), the social pressure you're after still exists.
The 'Ask Reason for Calling' iPhone feature has completely eliminated scam calls for me. Real callers not in contacts leave a short message and I pick it up. Best iOS feature from the last few years IMO.
Sadly this isn't limited to Australia. RCS the SMS successor does not consider free peering. I believe security is used as an excuse to create a closed ecosystem that surfaces new businesses and therefore innovation.
For a community of builders, like this, any barrier to entry will be problem, however we'll intend.
I've gotten like five notifications from Telstra about this today. They really want me to know that things might change! Like I don't already get a few spam calls and messages every day
I am sure there are reasons why this won't work, but could it really be so hard to show both the faked number, and where the call actually comes from, so I could choose which one to add to my block list.
It is crazy that wasn't something already required. Here local sms-gateways always required paperwork to prove word you want to use as sender name is a brand you own.
Interesting change. If it helps cut down on spam and phishing texts while keeping branded messages trustworthy, it sounds like a step in the right direction.
I welcome this move, enforcing that SMS messages come from who they say they'll come from is important.
Personally I think the whole system of replacing the point of origin with a name needs to be overhauled. Allowing a name as well is fine, but the practice of delivering messages that can't be replied to is pretty poor.
Rather than have to futz around with a different number or website to go to, I should be able to just reply "STOP" if (for example) Dominos keep spamming me with Pizza offers I don't want.
It's not. Together with ongoing global tightening of regulations for permissible caller IDs on phone calls, it's all about fighting fraud. (I work in the telecom industry and am in the middle of all the waves this is causing for legitimate business cases.)
It is not a requirement for me to carry ID at all times where I live, although that mentality is being encouraged. Digital ID is a step down from that.
Governments always want to know everything. They are like the biggest data sniffers now, even more so than e. g. CIA-book (formerly known as Facebook).
They do, but that's irrelevant to this. Most normal people also don't want phone calls to be completely anonymous or spoofed, and the phone network has never been meant to be anonymous.
I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs.
I'm assuming there's a technical and/or willpower reason or some counterfactual like VOIP depends on it.
Even just flagging it would help. Or, rejecting numbers they can know lie inside their own routing architecture, or asserts within their own number plan where the CLID does not match.
Morally it's like BCP38 in the customer facing internet systems: reject customer input they don't pay you to assert.
I used to work at two (UK) telcos. There's a historic reason and a modern reason.
The historic reason was, just like the Internet, the international phone network was built on gentlemen agreements by engineers who largely trusted each other.
A big national telco is unlikely to attack its peers, so there was little need for safety measures. As smaller telcos came in to the mix via deregulation, that understanding changed - but it was hard to retroactively fit controls.
The more modern reason is outsourced call centres. You want outbound calls from your Philippines based staff to show as if they were calling from a local number. When large and reputable entities were doing this it was fine. Just like showing a different reply-to address on an email.
If you were designing a modern network, it wouldn't be like this. But international telephony is over a hundred years old and has a huge amount of legacy technology and legal agreements.
> You want outbound calls from your Philippines based staff to show as if they were calling from a local number.
The company that has offshored it's support to the Philippines might want that, but I doubt any consumers want that. That shouldn't have happened, but regulation comes (20+ years?) after harmful business profit decisions have been made and implemented.
But, thank you for the explanation. I have heard similar explanations before, and it has always sounded to me like a situation where the telcos are able to offer a service for a profit for the customers to hide the origin of their offshore call centres (that mostly nobody wants to speak to anyway).
I think I just ranted twice, sorry. Thank you!
The consumers 'want' it because if they get disconnected and try to recall, by spoofing a local number it costs them nothing/little since it's a local number (maybe toll-free?) instead of a lot for an international call. Of course, they might want a local call centre even more, but spoofing a local number for overseas call centres does have a purpose.
I've never seen an hotline where you can call back and resume the call you were doing.
> I've never seen an hotline where you can call back and resume the call you were doing.
Assuming they even accept inbound calls to the CLI number in the first place.
I frequently encounter companies where I miss a call due to $reason, I then try to call back the CLI number and it just says "This was $megacorp trying to call you, we will try again later".
Or, if you're really lucky, the CLI will just dump you into IVR-hell which, of course, is "AI powered" today, so you have to spend 30 minutes telling the stupid robot they mis-intepreted your voice.
My electric company gave me a number (UID, not phone number) to resume a call if the issue wasn't fixed within 24 hours, and I'm pretty sure internet operators have the same protocol (at least used to).
Is that to restart the call to the same person or a case id that gives details of your request and that could be passed to anyone?
Can literally be a "Desk ID" basically, so using that would reach the phone next to the agent. Used to work both with outgoing cold calls and incoming customer support, had a setup that worked like that for the latter.
Didn't use it, it was fixed, so I don't have more details, sorry.
> My electric company gave me a number (UID, not phone number) to resume a call if the issue wasn't fixed within 24 hours
What planet do you live on ?
Seriously. Where I am it is guaranteed that a utility company would never even consider such a concept let alone have the technical competence to actually implement it.
I'm jealous. ;)
Enedis is basically a state owned company (to be clear, they aren't the one selling electricity, they are the one in charge of the network and the distribution, so I'm not sure if it counts as utility).
The call centre for my Australian bank's KYC is seemingly backed by a single person. I've spoken to her a few times now... so calling them back more or less does work, though you might have to wait on hold again.
A legitimate company registering an local number, routing its Philippines call centre through it and accountable for outbound calls is not really comparable with a random scammer faking whatever number.
This consumer couldn't care less about where the person is actually sitting as long as the tasks are done and the problems solved.
"As long as" does a lot of work here, considering language barriers and (in my experience) generally less knowledge in off-shored centers.
Showing overseas based workers of Microsoft as another company name on caller ID is a phishing risk.
Showing workers of companies other than Microsoft as Microsoft on caller ID is a phishing risk.
Just looking at my incoming call list on my phone for yesterday: "Suspected Spam", "Suspected Spam", "Suspected Spam", "Potential Fraud", "Suspected Spam", "Suspected Spam", a real call, "Suspected Spam", "Suspected Spam"...
Phone is set to only notify me for numbers for known contacts - does mean that I occasionally miss calls from other people, but I can live with that.
I often get calls from people I don't know for legitimate purposes.
Spam calls happen but I'm not interested in social credit ratings for callers.
Yes, was just relating my experience - it's just go the the point where I personally opt to play safe. Like everyone I do get calls from people who aren't in my contact list but it was getting silly so I've defaulted to ignoring them and it works for me. Anyone serious is going to be happy leaving a message - which suits me anyway as I spend a large part of my work day in Teams calls.
I too, but I never take them before I've looked up the number. If it's important they'll take my call or call back.
I guess the signal-to-noise ratio matters.
In the last 3 months I received 700 spam/scam calls to my phone, my wife received about 400. We can't turn off ringing for unknown callers and we're getting mad. A few days ago I vented to one of those call-center people trying to sell me a cheaper power utility for the Nth time, and told her to find another job or something like that; she actually called me back yelling at me that "any job is worth", and yelled at her that I cannot fucking receive sometimes up to 20 calls in a day, sometimes at quite annoying times of the day! It's getting ridiculous.
EDIT: I know not everybody is having the same experience in my country. Some people are only getting a few calls per week; I registered our phones in https://registrodelleopposizioni.it/ and also I'm using android's spam filter which filters out additional hundreds of calls automatically.
EDIT 2: I sometimes wonder if we're being harassed by somebody ; I cannot tell. The voices are often quite similar, but it might be the albanian accent that makes them sound similar.
EDIT 3: caller id numbers are always different
> I vented to one of those call-center people trying to sell me a cheaper power utility for the Nth time, and told her to find another job or something like that
I threaten to kill and rape them all the time, but that usually doesn't do much.
I've found that politely asking them to kill themselves elicits much more engagement, and I hope it at least implants some lasting memory.
If some unknown numbers calls me and they're not a courier or the bank (which rarely calls) I immediately assume it's a scammer.
I don't because I run groups and get calls for legit business reasons.
What I normally do is answer the phone but let them speak first.
> You want outbound calls from your Philippines based staff to show as if they were calling from a local number.
This is a valid use case, but I’m a bit surprised that the mechanism isn’t better controlled. Surely a better design would be for an actual local entity to forward the call, possibly with an optimization to allow the voice data to bypass the local entity once the call is connected.
The mechanism is https://en.wikipedia.org/wiki/STIR/SHAKEN
But it is slow to roll out.
As far as I know, STIR/SHAKEN doesn’t do this at all. See, among other things, the very first entry in the Wikipedia page’s limitations section.
Just whitelist the caller ID and have the originating network guarantor
The second part is the hard part and requires coordination
It wouldn’t be expensive or especially hard to do but there is no payoff for the network. Remember they make money off scam calls too
Since as long as I can remember these organisations have been optimised for profit, not for GAF and that’s why they’re being savaged by regulation and OTT competitors now
There has been no market forces compelling them to do this and until recently when it got really bad, no political or regulatory forces
tl;dr na bro
> The more modern reason is outsourced call centres. You want outbound calls from your Philippines based staff to show as if they were calling from a local number. When large and reputable entities were doing this it was fine. Just like showing a different reply-to address on an email.
For this particular case, do they really spoof the caller ID on an (expensive) international phone call, or do they actually just re-route via a local phone number?
It's been a while since I did telecoms related stuff but also you might want a different CLI and ANI for forwarded calls so you can preserve the original line being used.
Obviously the whole scam call centre has changed how it has to work but we actually had a working system that had quite a few useful features.
> You want outbound calls from your Philippines based staff to show as if they were calling from a local number
I personally don't? Why would I want that.
The companies might want to hide that info but I don't think that's a legitimate use case.
Because it is useful for most people to see that they're receiving a call from their bank, insurance company, hospital, whoever.
The hospital's call staff might not be in the same building as the doctor - so showing a familiar number is useful.
In an ideal world you would be able to trust that number but, as per the above, that isn't always the case.
It's a solved problem. VoIP plus leased trunk lines by the a telco in the market you want to work at. You are limited to fixed set of numbers and you are "local" in the market you want to work at.
That we can do better now isn't important to why something existed to be grandfathered-in in the first place.
Call centres were getting outsourced before e.g. Skype was a twinkle in the eyes of Priit Kasesalu and Jaan Tallinn.
That's why in 2020 the FCC belatedly mandated SHAKEN/STIR to authenticate Caller ID in the US using public-key cryptography. Deployment is still work in progress, and it does not cover SMS/MMS, however.
A bigger problem is Russia or Saudi Arabia using the SS7 signalling network to track their dissidents in the US because those legacy telco protocols have basically no authentication whatsoever, and won't blink if a Saudi Telco sends Verizon a MAP message saying "what is the cell location of Jamal Khashoggi's phone?"
> I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs.
Actually, there are several legitimate use cases:
• Call divert: Local number calls a number abroad and that one is diverted back a another local number. It's probably rare, but it's a totally legit use case.
• 2G/3G roaming: I'm not an expert on this one, but as far as I understood it, roaming calls placed on 2G/3G networks are initiated in the visiting country, and use the local number of the caller.
• Getting better rates using VoIP. Whether this is legit or not might be subject to discussion, however I was using a foreign VoIP provider (because they had better rates for local calls than any local providers, for my low call volume) sending out my own local number (had to be validated by them by callback, although that's their own security measure, not the network's one). Now in several EU countries and Switzerland this doesn't work any more, as calls bearing national IDs coming from abroad must be displayed as anonymous. And it's quite annoying that there isn't a way to "authentify" those numbers so the owner can use them as they wish.
> I've yet to read a good explanation of why the telcos permit ...
They (the telcos) are paid for every message they deliver. So absent regulation forcing them to do otherwise, it is in their best interest (additional profit) to pass through every message with no filtering of any form.
And, if the regulators had any technical knowledge at all, they would recognize that the billing system is the key to stopping the robo texts. Every text can be traced back to its origin through the billing system (because that's how the telco's collect their fees, so of course they know who to collect from for which messages they forwarded). So the regulators just need to force open the billing systems and trace the money back to the illicit senders, and then they know who to cut off (or to fine out of existence).
Telco networks are sprawling and accurately defining the boundary might be harder than it sounds.
Traditionally they have a bias towards "working"/delivering traffic. It's easier to issue a refund than answer a urgent support request.
I can also imagine the biggest customers have all sorts of multi-vendor failover plans that may be affected.
> Even just flagging it would help.
That's what's mandated by ARCEP (the French regulator) since the beginning of this year, and now all faked numbers are marked as “hidden caller”, and indeed it helps a lot.
The Sitbon family didn't lobby hard enough to prevent this.
> The Sitbon family
Who?
https://warning-trading.com/enquetes-et-decryptages/karsyl-s...
Thanks. From the articles looks more like a gang of grifters than people with the abilities to engage in lobbying.
Cost. Cost to spam and scam tends to 0 at industrial scale. Meanwhile amount of time and resources telco want to spend on fighting it is Bounded by how much regulators are going to allow them to pass on to customers.
I rely on the ability to set the outbound caller ID but I would happily register it if required.
As an Australian, I'm happy to hear this, but also annoyed that a lot of legitimate SMS from companies don't use branded sender ID. I'm not sure why, but my guess is that SMS gateways charge more for it and businesses don't want to pay the extra cent or two.
Alpha codes don't allow replies. As such if you need to reply it has to be from a number
No it costs the same, the reason they do it is that it’s slightly more difficult to spoof a real number sender ID because most gateways will verify ownership by sending you a text on that number before letting you send outbound from it, where as they have no way of doing the same for an alphanumeric sender ID
That will likely change after this goes into effect, otherwise all that legitimate spam will never make it.
As counter measure to text scams the Australian government (actually ACMA which I think is the Au version of the FCC) has introduced a national register of Sender Ids, which comes in to effect on the 1st of July. It requires providers to mark any unregistered Sender Id as 'Unverified'
I haven't yet been able to find the full register (if it's even public) but I thought this is an interesting approach.
In India this has been the regulation for several years, and has helped along with the Do Not Disturb (DND) registration by the end user and rules for senders/callers. Anyone sending bulk SMSes, even if the sending is done through a third party provider like AWS from another country/region, will have to register. [1]
The entity, the header, content template (which allows two or three variables/placeholders) need to be registered. A Distributed Ledger (DLT) is used to store these. Ad hoc messages without a registered template are expected to be rejected by the telco.
[1]: https://trai.gov.in/advice-to-senders
And as we can see from Australia, this doesn’t need a blockchain.
As an Australian who moved to India a couple of years ago: I’ve found India’s Do Not Call Register significantly less effective than Australia’s, because telco, ISP, TRAI and other government offices keep on sending spam, a lot of it stuff that will train people to be phished, and if you report them as DND violations, they declare them service-related. And for telco/ISP, they commingle with actual service-related and important transactional messages, so you can’t just block the shortcodes.
In Australia, I don’t remember ever really getting spam SMSes. Emails from the bank, yes, but that’s easier to filter if desired. When you get the same old spam messages time after time, you can filter them in email, but text message apps are often not up to that sort of thing.
The really stupid thing is that more than half of the spam is about blocking spam. At least once a month, AD-TRAIND-G sends:
> స్పామర్లపై చర్య కోసం స్పామ్ను రిపోర్ట్ చెయ్యండి. అయితే, ఫోన్ కాలింగ్ యాప్లో స్పామర్ను బ్లాక్ చేయడం వల్ల స్పామర్పై చర్య తీసుకోబడదు. స్పామ్ను TRAI DND యాప్ లేదా సర్వీస్ ప్రొవైడర్ యాప్ లేదా 1909 లో రిపోర్ట్ చెయ్యండి. TRAI DND యాప్లో రిపోర్ట్ చేయడం సులభం మరియు వేగవంతం, ఈరోజే ఇన్స్టాల్ చేసుకోండి.
And AD-AIRDOT-S just sends a random message from a pool of half a dozen or so, mostly English but one or two Telugu, sometimes every few days, sometimes every few weeks. Such as:
> Alert: On receiving unwanted SMS , please complain by calling 1909 or send SMS to 1909 in format 'SMS Content, Sender No, dd/mm/yy' or visit bit.ly/2qBK0vp to report through Airtel Thanks App.
(Huh, that link is now broken. Used to work. Makes it even more dumb.)
I should automate reporting all of this stuff, deliberately to waste their time, and maybe, just maybe, make someone think, “maybe we should stop sending this stuff”.
There was also RCS… I turned that off after a bit, because it was being used purely for spam and undesirable stuff, and you couldn’t complain in the same channels. RCS is dead like this.
Singapore does this. Any message that comes from an unregistered sender show up on the phone with “Likely Scam” as the sender name.
The Australian one will label them as Unverified.
Personally, I'd prefer them to be blocked. If it's important and legitimate, they'll register.
There are good reasons to allow unregistered telecommunications. If you don't like it, you can always block it your end; given that we can all expect many other people to do the same (and it'll likely be a feature built into many phone operating systems), the social pressure you're after still exists.
Good move, it's crazy how many scam calls and SMS I receive in Australia. In fact, if I get an SMS or a call, I just assume it's a scam.
The 'Ask Reason for Calling' iPhone feature has completely eliminated scam calls for me. Real callers not in contacts leave a short message and I pick it up. Best iOS feature from the last few years IMO.
Goddammit, it's iOS 26 only. That sounds super useful!
Have you added yourself to the Do Not Call register?
https://www.donotcall.gov.au
I don’t think this will cut down on spam so much as fraud. All spam calls I get don’t have registered IDs
Sadly this isn't limited to Australia. RCS the SMS successor does not consider free peering. I believe security is used as an excuse to create a closed ecosystem that surfaces new businesses and therefore innovation.
For a community of builders, like this, any barrier to entry will be problem, however we'll intend.
I've gotten like five notifications from Telstra about this today. They really want me to know that things might change! Like I don't already get a few spam calls and messages every day
India has something similar, and even goes a step further by having last alphabet as an identifier for Promotional, Services, Govt. etc.
https://www.trai.gov.in/advice-to-senders
I am sure there are reasons why this won't work, but could it really be so hard to show both the faked number, and where the call actually comes from, so I could choose which one to add to my block list.
It is crazy that wasn't something already required. Here local sms-gateways always required paperwork to prove word you want to use as sender name is a brand you own.
Interesting change. If it helps cut down on spam and phishing texts while keeping branded messages trustworthy, it sounds like a step in the right direction.
I welcome this move, enforcing that SMS messages come from who they say they'll come from is important.
Personally I think the whole system of replacing the point of origin with a name needs to be overhauled. Allowing a name as well is fine, but the practice of delivering messages that can't be replied to is pretty poor.
Rather than have to futz around with a different number or website to go to, I should be able to just reply "STOP" if (for example) Dominos keep spamming me with Pizza offers I don't want.
This sounds connected with their social media restrictions.
It's not. Together with ongoing global tightening of regulations for permissible caller IDs on phone calls, it's all about fighting fraud. (I work in the telecom industry and am in the middle of all the waves this is causing for legitimate business cases.)
Yes, we know how that fraud will be fought, with a requirement for a digital ID from the government.
But you're okay with the analog ID requirement?
It is not a requirement for me to carry ID at all times where I live, although that mentality is being encouraged. Digital ID is a step down from that.
Governments always want to know everything. They are like the biggest data sniffers now, even more so than e. g. CIA-book (formerly known as Facebook).
They do, but that's irrelevant to this. Most normal people also don't want phone calls to be completely anonymous or spoofed, and the phone network has never been meant to be anonymous.
I doubt guy even lived when phonebooks with addresses were a thing.