SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
Michael Thomas
mike at mtcc.com
Tue Jul 16 22:23:26 UTC 2019
On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
> ----- Original Message -----
>> From: "Christopher Morrow" <morrowc.lists at gmail.com>
>> On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins <paul at telcodata.us> wrote:
>>> Chris it would be trivial for this to be fixed, nearly overnight, by
>>> creating some liability on the part of carriers for illicit use of
>>> caller ID data on behalf of their customers.
>> 'illicit use of caller id' - how is caller-id being illicitly used though?
>> I don't think it's against the law to say a different 'callerid' in the call
>> session, practically every actual call center does this, right?
> I can speak to that, having originated calls from a call center.
>
> Yes, of course we sent out calls with "spoofed" CNID.
>
> But, even though only 2 or 3 or our 5 carriers* held *our* feet to the fire,
> we held the clients' feet to the fire, requiring them to prove to our
> satisfaction that they had adminstrative control over the numbers in question.
>
> But it's the carrier's responsibility, properly, to do that work.
>
How do the clients prove that?
Way back when when we were working on mipv6 we had to work through a
somewhat similar problem for handoffs. The ultimate answer was a return
routability test: that is, if you can answer on the address you're
trying to claim "ownership" for, it's good enough.
Maybe such a thing can be done in for spoofing? Even out of band spot
checking might be adequate to keep clients honest?
But right you are, it's ultimately the carrier who needs to care about
this problem at or nothing gets better.
Mike
More information about the NANOG
mailing list