<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 10/4/22 2:00 PM,
      <a class="moz-txt-link-abbreviated" href="mailto:sronan@ronan-online.com">sronan@ronan-online.com</a> wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:7552DC8D-3246-4D3A-86B8-0C1F0BC097F5@ronan-online.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">I suppose but that also means they need to go back
        and figure out which prefixes to allow, since historically
        hasn’t been tracked.</div>
    </blockquote>
    <p><br>
    </p>
    <p>Which is the same thing as when email providers didn't care
      either. Getting them to care is key however you need to get that
      done.<br>
    </p>
    <blockquote type="cite"
      cite="mid:7552DC8D-3246-4D3A-86B8-0C1F0BC097F5@ronan-online.com">
      <div dir="ltr"><br>
      </div>
      <div dir="ltr">Also, how does the man in the middle since most
        calls don’t go from originating carrier to terminating carrier,
        know if the originator did their job?</div>
    </blockquote>
    <p>Why do the middle guys need to care? Only the originator and
      terminator have a stake in the spam problem. Of course I'm talking
      all SIP here, not with PSTN hops. Or is that what you're talking
      about? <br>
    </p>
    <p><br>
    </p>
    <p>Mike<br>
    </p>
    <p><br>
    </p>
    <blockquote type="cite"
      cite="mid:7552DC8D-3246-4D3A-86B8-0C1F0BC097F5@ronan-online.com">
      <div dir="ltr"><br>
        <blockquote type="cite">On Oct 4, 2022, at 4:50 PM, Michael
          Thomas <a class="moz-txt-link-rfc2396E" href="mailto:mike@mtcc.com"><mike@mtcc.com></a> wrote:<br>
          <br>
        </blockquote>
      </div>
      <blockquote type="cite">
        <div dir="ltr">
          <meta http-equiv="Content-Type" content="text/html;
            charset=UTF-8">
          <p><br>
          </p>
          <div class="moz-cite-prefix">On 10/4/22 1:40 PM, <a
              class="moz-txt-link-abbreviated moz-txt-link-freetext"
              href="mailto:sronan@ronan-online.com"
              moz-do-not-send="true">sronan@ronan-online.com</a> wrote:<br>
          </div>
          <blockquote type="cite"
            cite="mid:BC2FFC0F-7696-4007-9C2F-ACCAF20B9230@ronan-online.com">
            <meta http-equiv="content-type" content="text/html;
              charset=UTF-8">
            <div dir="ltr">Except the pstn DB isn’t distributed like DNS
              is.</div>
          </blockquote>
          <p><br>
          </p>
          <p>Yes, I had forgot about "dip" in that sense. But an
            originating provider doesn't need to do a dip to know that
            the calling number routes to itself. I've been talking about
            the calling provider not the called provider all along.</p>
          <p>Mike<br>
          </p>
          <blockquote type="cite"
            cite="mid:BC2FFC0F-7696-4007-9C2F-ACCAF20B9230@ronan-online.com">
            <div dir="ltr"><br>
              <blockquote type="cite">On Oct 4, 2022, at 2:40 PM,
                Michael Thomas <a class="moz-txt-link-rfc2396E"
                  href="mailto:mike@mtcc.com" moz-do-not-send="true"><mike@mtcc.com></a>
                wrote:<br>
                <br>
              </blockquote>
            </div>
            <blockquote type="cite">
              <div dir="ltr">
                <meta http-equiv="Content-Type" content="text/html;
                  charset=UTF-8">
                <p><br>
                </p>
                <div class="moz-cite-prefix">On 10/4/22 11:21 AM, Shane
                  Ronan wrote:<br>
                </div>
                <blockquote type="cite"
cite="mid:CAJ_LqoEoCeGVfsHQg3XHd6eaOVwuZdPYTx_kC4MmCZ5pWuDs_g@mail.gmail.com">
                  <meta http-equiv="content-type" content="text/html;
                    charset=UTF-8">
                  <div dir="ltr">Except the cost to do the data dips to
                    determine the authorization isn't "free".</div>
                </blockquote>
                <p>Since every http request in the universe requires a
                  "database dip" and they are probably a billion times
                  more common, that doesn't seem like a very compelling
                  concern.</p>
                <p>Mike<br>
                </p>
                <p><br>
                </p>
                <blockquote type="cite"
cite="mid:CAJ_LqoEoCeGVfsHQg3XHd6eaOVwuZdPYTx_kC4MmCZ5pWuDs_g@mail.gmail.com"><br>
                  <div class="gmail_quote">
                    <div dir="ltr" class="gmail_attr">On Tue, Oct 4,
                      2022 at 2:18 PM Michael Thomas <<a
                        href="mailto:mike@mtcc.com"
                        moz-do-not-send="true"
                        class="moz-txt-link-freetext">mike@mtcc.com</a>>
                      wrote:<br>
                    </div>
                    <blockquote class="gmail_quote" style="margin:0px
                      0px 0px 0.8ex;border-left:1px solid
                      rgb(204,204,204);padding-left:1ex">
                      <div>
                        <p><br>
                        </p>
                        <div>On 10/4/22 6:07 AM, Mike Hammett wrote:<br>
                        </div>
                        <blockquote type="cite">
                          <div
style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)">I
                            think the point the other Mike was trying to
                            make was that if everyone policed their
                            customers, this wouldn't be a problem. Since
                            some don't, something else needed to be
                            tried.<br>
                            <br>
                            <div><span name="x"></span><br>
                            </div>
                          </div>
                        </blockquote>
                        <p>Exactly. And that doesn't require an
                          elaborate PKI. Who is allowed to use what
                          telephone numbers is an administrative issue
                          for the ingress provider to police. It's the
                          equivalent to gmail not allowing me to spoof
                          whatever email address I want. The FCC could
                          have required that ages ago.<br>
                        </p>
                        <p><br>
                        </p>
                        <p>Mike<br>
                        </p>
                        <blockquote type="cite">
                          <div
style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)">
                            <div><br>
                              -----<br>
                              Mike Hammett<br>
                              Intelligent Computing Solutions<br>
                              <a href="http://www.ics-il.com"
                                target="_blank" moz-do-not-send="true"
                                class="moz-txt-link-freetext">http://www.ics-il.com</a><br>
                              <br>
                              Midwest-IX<br>
                              <a href="http://www.midwest-ix.com"
                                target="_blank" moz-do-not-send="true"
                                class="moz-txt-link-freetext">http://www.midwest-ix.com</a><span
                                name="x"></span><br>
                            </div>
                            <br>
                            <hr id="m_5695148775473131614zwchr">
                            <div
style="color:rgb(0,0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From:
                              </b>"Shane Ronan" <a
                                href="mailto:shane@ronan-online.com"
                                target="_blank" moz-do-not-send="true"><shane@ronan-online.com></a><br>
                              <b>To: </b>"Michael Thomas" <a
                                href="mailto:mike@mtcc.com"
                                target="_blank" moz-do-not-send="true"><mike@mtcc.com></a><br>
                              <b>Cc: </b><a
                                href="mailto:nanog@nanog.org"
                                target="_blank" moz-do-not-send="true"
                                class="moz-txt-link-freetext">nanog@nanog.org</a><br>
                              <b>Sent: </b>Monday, October 3, 2022
                              9:54:07 PM<br>
                              <b>Subject: </b>Re: FCC chairwoman: Fines
                              alone aren't enough (Robocalls)<br>
                              <br>
                              <div dir="ltr">The issue isn't which
                                'prefixes' I accept from my customers,
                                but which 'prefixes' I accept from the
                                people I peer with, because it's
                                entirely dynamic and without a doing a
                                database dip on EVERY call, I have to
                                assume that my peer or my peers customer
                                or my peers peer is doing the right
                                thing.
                                <div><br>
                                </div>
                                <div>I can't simply block traffic from a
                                  peer carrier, it's not allowed, so
                                  there has to be some mechanism to mark
                                  that a prefix should be allowed, which
                                  is what Shaken/Stir does.</div>
                                <div><br>
                                </div>
                                <div>Shane</div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                              </div>
                              <br>
                              <div class="gmail_quote">
                                <div dir="ltr" class="gmail_attr">On
                                  Mon, Oct 3, 2022 at 7:05 PM Michael
                                  Thomas <<a
                                    href="mailto:mike@mtcc.com"
                                    target="_blank"
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext">mike@mtcc.com</a>>
                                  wrote:<br>
                                </div>
                                <blockquote class="gmail_quote"
                                  style="margin:0px 0px 0px
                                  0.8ex;border-left:1px solid
                                  rgb(204,204,204);padding-left:1ex">The
                                  problem has always been solvable at
                                  the ingress provider. The <br>
                                  problem was that there was zero to
                                  negative incentive to do that. You <br>
                                  don't need an elaborate PKI to tell
                                  the ingress provider which prefixes <br>
                                  customers are allow to assert. It's
                                  pretty analogous to when submission <br>
                                  authentication was pretty nonexistent
                                  with email... there was no <br>
                                  incentive to not be an open relay
                                  sewer. Unlike email spam, SIP <br>
                                  signaling is pretty easy to determine
                                  whether it's spam. All it needed <br>
                                  was somebody to force regulation which
                                  unlike email there was always <br>
                                  jurisdiction with the FCC.<br>
                                  <br>
                                  Mike<br>
                                  <br>
                                  On 10/3/22 3:13 PM, Jawaid Bazyar
                                  wrote:<br>
                                  > We're talking about blocking
                                  other carriers.<br>
                                  ><br>
                                  > On 10/3/22, 3:05 PM, "Michael
                                  Thomas" <<a
                                    href="mailto:mike@mtcc.com"
                                    target="_blank"
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext">mike@mtcc.com</a>>
                                  wrote:<br>
                                  ><br>
                                  >      On 10/3/22 1:54 PM, Jawaid
                                  Bazyar wrote:<br>
                                  >      > Because it's illegal
                                  for common carriers to block traffic
                                  otherwise.<br>
                                  ><br>
                                  >      Wait, what? It's illegal to
                                  police their own users?<br>
                                  ><br>
                                  >      Mike<br>
                                  ><br>
                                  >      ><br>
                                  >      > On 10/3/22, 2:53 PM,
                                  "NANOG on behalf of Michael Thomas"
                                  <nanog-bounces+jbazyar=<a
                                    href="mailto:verobroadband.com@nanog.org"
                                    target="_blank"
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext">verobroadband.com@nanog.org</a>
                                  on behalf of <a
                                    href="mailto:mike@mtcc.com"
                                    target="_blank"
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext">mike@mtcc.com</a>>
                                  wrote:<br>
                                  >      ><br>
                                  >      ><br>
                                  >      >      On 10/3/22 1:34
                                  PM, Sean Donelan wrote:<br>
                                  >      >      > 'Fines alone
                                  aren't enough:' FCC threatens to
                                  blacklist voice<br>
                                  >      >      > providers for
                                  flouting robocall rules<br>
                                  >      >      ><br>
                                  >      >      > <a
                                    href="https://www.cyberscoop.com/fcc-robocall-fine-database-removal/"
                                    rel="noreferrer" target="_blank"
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext">https://www.cyberscoop.com/fcc-robocall-fine-database-removal/</a><br>
                                  >      >      ><br>
                                  >      >      > [...]<br>
                                  >      >      > “This is a
                                  new era. If a provider doesn’t meet
                                  its obligations under<br>
                                  >      >      > the law, it
                                  now faces expulsion from America’s
                                  phone networks. Fines<br>
                                  >      >      > alone aren’t
                                  enough,” FCC chairwoman Jessica
                                  Rosenworcel said in a<br>
                                  >      >      > statement
                                  accompanying the announcement.
                                  “Providers that don’t follow<br>
                                  >      >      > our rules and
                                  make it easy to scam consumers will
                                  now face swift<br>
                                  >      >      >
                                  consequences.”<br>
                                  >      >      ><br>
                                  >      >      > It’s the
                                  first such enforcement action by the
                                  agency to reduce the<br>
                                  >      >      > growing
                                  problem of robocalls since call ID
                                  verification protocols<br>
                                  >      >      > known as
                                  “STIR/SHAKEN” went fully into effect
                                  this summer.<br>
                                  >      >      > [...]<br>
                                  >      ><br>
                                  >      >      Why did we need to
                                  wait for STIR/SHAKEN to do this?<br>
                                  >      ><br>
                                  >      >      Mike<br>
                                  >      ><br>
                                  ><br>
                                  ><br>
                                </blockquote>
                              </div>
                            </div>
                            <br>
                          </div>
                        </blockquote>
                      </div>
                    </blockquote>
                  </div>
                </blockquote>
              </div>
            </blockquote>
          </blockquote>
        </div>
      </blockquote>
    </blockquote>
  </body>
</html>