FCC proposes $10 Million fine for spoofed robocalls
Michael Thomas
mike at mtcc.com
Thu Dec 19 20:48:02 UTC 2019
On 12/19/19 8:16 AM, Christopher Morrow wrote:
> How is it envisioned that this will work?
> I mean, I'm all for less spam calling... and ideally there would be
> some form of 'source address verification' on the PSTN/phone
> network... but in today's world that really just doesn't exist and the
> motivations to suppress fake sources are 'just as good' as they are on
> the intertubes. (with crappier options in the gear - SHAKEN/STIR are
> really not even available in the majority of the switch 'gear' right?)
>
It's my opinion that STIR/SHAKEN is trying to solve the wrong problem.
Telephone numbers are oh-so last millennia. I don't care about telephone
numbers any more than I care about ip addresses. What I care about is
the From: address, be it email, sip or anything else that uses an
email-like address. Unlike the e.164 quagmire, domains can vouch that
they actually sent a message ala DKIM (in fact, when i was developing
DKIM, i for shits and giggles, DKIM-signed SIP messages too). If a
message comes from gmail (and verifies), I have a pretty good belief
that it really is that user since I know they don't allow their users to
spoof other email accounts. Same can be done with SIP. That is the road
forward here, not an ugly complex bandaid on an outdated form of identity.
Mike
More information about the NANOG
mailing list