Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

• Previous message (by thread): Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
• Next message (by thread): Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Totally agree with you there, I run a mail server/monitoring server on OVH.  With TLSA records, DKIM, and MTA-STS, I’ll still see junk filters on it if I accidentally email someone other than myself.  Yes my space has been SWIP’d and I send so low email volume so it’s reputation would be neutral at best which very much justifies the spam filters due to OVH’s reputation.  Somehow I don’t think SHAKEN/STIR would be any different.

I wonder how far this would go on VoIP transit.  I purchase from voicetel.com <http://voicetel.com/> for my house, which purchases from some other providers, which probably aggregates to others.  It doesn’t seem like this is quite as easy as looking up a whois from ARIN.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 7, 2020, at 7:46 PM, John R. Levine <johnl at iecc.com> wrote:
> 
>> Most DNS registers avoid verifying customer information as long as the payment clears (for a short time).  DKIM (and DNSSEC) is built on top of trusting tokens from third-parties which disclaim all liability.
> 
> Right.  The only promise that DKIM makes is that if you have a stream of mail signed by the same domain, you can praise or blame the same entity for it.  It's a handle that recipient systems can use to build a reputation system, not a whitelist.  DKIM has worked this way since 2006, the documentation is entirely clear that's what it does, and I'm kind of surprised you haven't gotten the memo.
> 
>> Phone companies and advertisers have already demonstrated they can't be trusted to act as third-party introducers.
> 
> No kidding.  I've talked to people at big telcos who are in the middle of STIR/SHAKEN and they tell me they plan to use it pretty much the same way that mail providers use DKIM.  Some senders will have a good reputation and their calls will be delivered, some won't, and not so much. As with mail, it also provides a handle to push back on people sending unwanted junk.
> 
>> Eventually we'll have STE/STU-equivalent end-to-end verification on our smartphones.
> 
> That's known not to work for e-mail spam, so I can't imagine why anyone would expect it to work for phone calls.
> 
> Regards,
> John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200307/fd3e9663/attachment.html>

• Previous message (by thread): Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
• Next message (by thread): Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]