On October 3, 2022 at 16:05 mike@mtcc.com (Michael Thomas) wrote:
The problem has always been solvable at the ingress provider. The problem was that there was zero to negative incentive to do that. You don't need an elaborate PKI to tell the ingress provider which prefixes customers are allow to assert. It's pretty analogous to when submission authentication was pretty nonexistent with email... there was no incentive to not be an open relay sewer. Unlike email spam, SIP signaling is pretty easy to determine whether it's spam. All it needed was somebody to force regulation which unlike email there was always jurisdiction with the FCC.
Analogies to email are always fraught. How often do LEGITIMATE telco customers make hundreds if not thousands of calls per hour w/o some explicit arrangement with their telco? As they say, a telephone company is a vast, detailed billing system with an added voice feature. Quite unlike email where it's mostly fire and forget plus or minus hitting a spam filter precisely because there is no billing, no incentive. And no voice "snowshoeing". I doubt robocalls are ever made with anything like spam roboarmies. With email it's like every single computer on the net with an IP address has, in effect, a (potentially) fully functional "originating switch" (again, some exceptions like port 25 blocking.) People have run spambots from others' printers etc. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*