<div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 4, 2022 at 6:20 AM Mike Hammett <<a href="mailto:nanog@ics-il.net">nanog@ics-il.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)">Sorta like in the IP world, if everyone did BCP38/84, amplification attacks wouldn't exist. Not everyone does, so...<br></div></div></blockquote><div dir="auto"><br></div><div dir="auto">Tragedy of the commons</div><div dir="auto"><br></div><div dir="auto">Furthermore, those customers are paying to not be policed. </div><div dir="auto"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><br><div style="font-family:arial,helvetica,sans-serif"><span name="x" style="font-family:arial,helvetica,sans-serif"></span><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank" style="font-family:arial,helvetica,sans-serif">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank" style="font-family:arial,helvetica,sans-serif">http://www.midwest-ix.com</a><span name="x" style="font-family:arial,helvetica,sans-serif"></span><br></div><br><hr id="m_-4142280954103245621zwchr" style="font-family:arial,helvetica,sans-serif"><div style="font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;color:rgb(0,0,0)"><b style="font-family:Helvetica,Arial,sans-serif">From: </b>"Mike Hammett" <<a href="mailto:nanog@ics-il.net" target="_blank" style="font-family:Helvetica,Arial,sans-serif">nanog@ics-il.net</a>><br><b style="font-family:Helvetica,Arial,sans-serif">To: </b>"Shane Ronan" <<a href="mailto:shane@ronan-online.com" target="_blank" style="font-family:Helvetica,Arial,sans-serif">shane@ronan-online.com</a>><br><b style="font-family:Helvetica,Arial,sans-serif">Cc: </b><a href="mailto:nanog@nanog.org" target="_blank" style="font-family:Helvetica,Arial,sans-serif">nanog@nanog.org</a><br><b style="font-family:Helvetica,Arial,sans-serif">Sent: </b>Tuesday, October 4, 2022 8:07:55 AM</div></div></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div style="font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;color:rgb(0,0,0)"><br><b style="font-family:Helvetica,Arial,sans-serif">Subject: </b>Re: FCC chairwoman: Fines alone aren't enough (Robocalls)<br><br><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)">I think the point the other Mike was trying to make was that if everyone policed their customers, this wouldn't be a problem. Since some don't, something else needed to be tried.<br><br><div style="font-family:arial,helvetica,sans-serif"><span style="font-family:arial,helvetica,sans-serif"></span><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank" style="font-family:arial,helvetica,sans-serif">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank" style="font-family:arial,helvetica,sans-serif">http://www.midwest-ix.com</a><span style="font-family:arial,helvetica,sans-serif"></span><br></div><br><hr id="m_-4142280954103245621zwchr" style="font-family:arial,helvetica,sans-serif"><div style="font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;color:rgb(0,0,0)"><b style="font-family:Helvetica,Arial,sans-serif">From: </b>"Shane Ronan" <<a href="mailto:shane@ronan-online.com" target="_blank" style="font-family:Helvetica,Arial,sans-serif">shane@ronan-online.com</a>><br><b style="font-family:Helvetica,Arial,sans-serif">To: </b>"Michael Thomas" <<a href="mailto:mike@mtcc.com" target="_blank" style="font-family:Helvetica,Arial,sans-serif">mike@mtcc.com</a>><br><b style="font-family:Helvetica,Arial,sans-serif">Cc: </b><a href="mailto:nanog@nanog.org" target="_blank" style="font-family:Helvetica,Arial,sans-serif">nanog@nanog.org</a><br><b style="font-family:Helvetica,Arial,sans-serif">Sent: </b>Monday, October 3, 2022 9:54:07 PM<br><b style="font-family:Helvetica,Arial,sans-serif">Subject: </b>Re: FCC chairwoman: Fines alone aren't enough (Robocalls)<br><br><div dir="ltr" style="font-family:Helvetica,Arial,sans-serif">The issue isn't which 'prefixes' I accept from my customers, but which 'prefixes' I accept from the people I peer with, because it's entirely dynamic and without a doing a database dip on EVERY call, I have to assume that my peer or my peers customer or my peers peer is doing the right thing.<div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif">I can't simply block traffic from a peer carrier, it's not allowed, so there has to be some mechanism to mark that a prefix should be allowed, which is what Shaken/Stir does.</div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif">Shane</div><div style="font-family:Helvetica,Arial,sans-serif"><br></div><div style="font-family:Helvetica,Arial,sans-serif"><br></div></div><br><div class="gmail_quote" style="font-family:Helvetica,Arial,sans-serif"><div dir="ltr" class="gmail_attr" style="font-family:Helvetica,Arial,sans-serif">On Mon, Oct 3, 2022 at 7:05 PM Michael Thomas <<a href="mailto:mike@mtcc.com" target="_blank" style="font-family:Helvetica,Arial,sans-serif">mike@mtcc.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;font-family:Helvetica,Arial,sans-serif;border-left-color:rgb(204,204,204)">The problem has always been solvable at the ingress provider. The <br>
problem was that there was zero to negative incentive to do that. You <br>
don't need an elaborate PKI to tell the ingress provider which prefixes <br>
customers are allow to assert. It's pretty analogous to when submission <br>
authentication was pretty nonexistent with email... there was no <br>
incentive to not be an open relay sewer. Unlike email spam, SIP <br>
signaling is pretty easy to determine whether it's spam. All it needed <br>
was somebody to force regulation which unlike email there was always <br>
jurisdiction with the FCC.<br>
<br>
Mike<br>
<br>
On 10/3/22 3:13 PM, Jawaid Bazyar wrote:<br>
> We're talking about blocking other carriers.<br>
><br>
> On 10/3/22, 3:05 PM, "Michael Thomas" <<a href="mailto:mike@mtcc.com" target="_blank" style="font-family:Helvetica,Arial,sans-serif">mike@mtcc.com</a>> wrote:<br>
><br>
>      On 10/3/22 1:54 PM, Jawaid Bazyar wrote:<br>
>      > Because it's illegal for common carriers to block traffic otherwise.<br>
><br>
>      Wait, what? It's illegal to police their own users?<br>
><br>
>      Mike<br>
><br>
>      ><br>
>      > On 10/3/22, 2:53 PM, "NANOG on behalf of Michael Thomas" <nanog-bounces+jbazyar=<a href="mailto:verobroadband.com@nanog.org" target="_blank" style="font-family:Helvetica,Arial,sans-serif">verobroadband.com@nanog.org</a> on behalf of <a href="mailto:mike@mtcc.com" target="_blank" style="font-family:Helvetica,Arial,sans-serif">mike@mtcc.com</a>> wrote:<br>
>      ><br>
>      ><br>
>      >      On 10/3/22 1:34 PM, Sean Donelan wrote:<br>
>      >      > 'Fines alone aren't enough:' FCC threatens to blacklist voice<br>
>      >      > providers for flouting robocall rules<br>
>      >      ><br>
>      >      > <a href="https://www.cyberscoop.com/fcc-robocall-fine-database-removal/" rel="noreferrer" target="_blank" style="font-family:Helvetica,Arial,sans-serif">https://www.cyberscoop.com/fcc-robocall-fine-database-removal/</a><br>
>      >      ><br>
>      >      > [...]<br>
>      >      > “This is a new era. If a provider doesn’t meet its obligations under<br>
>      >      > the law, it now faces expulsion from America’s phone networks. Fines<br>
>      >      > alone aren’t enough,” FCC chairwoman Jessica Rosenworcel said in a<br>
>      >      > statement accompanying the announcement. “Providers that don’t follow<br>
>      >      > our rules and make it easy to scam consumers will now face swift<br>
>      >      > consequences.”<br>
>      >      ><br>
>      >      > It’s the first such enforcement action by the agency to reduce the<br>
>      >      > growing problem of robocalls since call ID verification protocols<br>
>      >      > known as “STIR/SHAKEN” went fully into effect this summer.<br>
>      >      > [...]<br>
>      ><br>
>      >      Why did we need to wait for STIR/SHAKEN to do this?<br>
>      ><br>
>      >      Mike<br>
>      ><br>
><br>
><br>
</blockquote></div>
</div><br></div></div><br></div></div></blockquote></div></div>