I've been reporting spam calls and texts to the FCC for a few years now. Does it do anything? I don't know, certainly not immediately, and the problem persists.
I tried the method spelled out here for my latest batch of "Your USPS package has arrived" texts, but the phone numbers (example: +63 936 631 6676) just give an "invalid number" response. Not unexpected.
Every official channel seems to be failing us on this one. Spam calls still exist, spam texts still exist, and even fake government websites still exist. I don't understand why a .com site like https ://usps.com-helpnk.com/ is still up.
I disagree with the posted page that the telecoms are interested in stopping spam. If they really cared, they would have addressed it by now. I suspect they are somehow making money from the spam callers.
I'm not so sure about this. No one (except for, obviously, spammers) benefits from email spam, every mailhost and network admin is most certainly interested in stopping it (to some extent), and yet my mailbox can prove that spam is still very much alive.
Solving spam problems in a highly distributed large federation of networks is not simple.
However, I think there are less telecoms than LIRs and mail systems out there, and they typically have better control over who their clients are (less hacking, though I could be wrong), and there's not enough pressure on them (spammy mailhost's gonna get banned by every RDNSBL real quick, telcos - I don't know, but I guess not so much?), so I can certainly agree that telecoms have issues with their incentives. I could be wrong about this, though - I don't really know much about the telephone industry.
The analogy doesn't hold because anyone can send an email to anyone else on any service at any time.
You can't exactly just climb up a telephone pole and tap off a few phone numbers for yourself. You have to explicitly enter into a contract with a service provider to use their infrastructure.
Spammers and scammers are wasting infrastructure resources that the telcos could be allocating to users. The telco can just cut your access off if you abuse it.
If I spin up an email server, no one entity can stop me sending email to anyone else. Gmail or Outlook or other services can block me individually, but there is no centralized network and no central authority that can refuse my connection. [0]
I suspect that telcos don't want to do anything about abuse because it's a very large fraction of their total traffic. The artificially higher utilization of the network gives them more justification for their prices or gives them some sort of good boy points for having x number of users. I don't really know how any of that works, just a wild guess.
[0] There are centralized blacklists and other ways to communicate that a sender should be widely blocked, but that's not the same as a telco refusing to physically connect you
Sounds like you’ve never used Twilio before - or any other API-based SMS system
Isn't Twilio your service provider in that case?
Have you tried recently? There’s a ton of regulation mandated paperwork and registration required these days.
Ehm you need to create an account, accept their TOS, enter billing information and then some.
They can easily disable your account should you break the TOS (or for any reason really)
Not quite the same as hosting an email server somewhere
Your ISP/host can refuse service (assuming somebody convinces them to take that step). That doesn't mean you can't find another, but they are your connection to the Internet.
Exactly. And proper providers make legitimate users jump through so many hoops. E.g. with Twilio I can't even send text messages to US long codes (regular numbers) anymore without assigning "campaigns" and giving sample text messages... All I wanted is that my users can pick a phone number and use SMS as an interface to send commands and queries. They (US government and Twilio) don't even let me do that in order to "fight spam".
Same here. They keep adding process and restrictions on legitimate users to prove that they're working on it, but I don't think they really want to.
Sure, there are probably fishy international service providers that house legitimate AND spam traffic and are hard to block. But phone networks are much more centralized than email and should have better abilities to fight spam if they really wanted to (but instead keep profiting from it)
I agree and disagree with this statement:
1. The distributed system can't solve the spam problem, because it's not a technical problem.
2. The population can immediately solve the spam problem by responding in the affirmative to every single request they get.
What makes spam profitable is the quality of the responses - right now only the marks respond, so every response is valuable to the spammer as it is a lead that will almost certainly result in money.
If the spammer sends out 3m SMS/robocall messages, and gets 5 responses, those responses are worth actual money!
OTOH, if the spammer sent out 3m SMS/robocall messages, and got 3m responses (of which only 5 are worth money), then the spam would quickly stop.
IOW, by self-selecting into one of two groups (will give you money/won't give you money) we are making spam profitable.
This is the only way to stop spam of any kind - poison the database.
When you say 'poison the database' in the case if sms/robocalls what exactly would that involve?
It involves never blocking any SMS/robocall: for SMS always reply in the affirmative (i.e. you want an agent to phone you), for robocalls, keep the call active for as long as you can, and reply in the affirmative for future contact.
You do that, knowing full-well that you aren't going to be buying anything.
If even half the population did that, spam SMS and robocalls would become too expensive to do anymore.
I usually answer the spam calls and then try to keep a human on the line as long as possible. I get almost no spam calls on my phone now (although I'm not necessarily claiming this is a direct result).
When you consider that most of this stuff originates from places outside of jurisdictions of any place that would ever consider doing something about it, you realize that legislation is worth much less than the paper it's never printed on.
It's that time I get to repeat: The US is a big enough destination that threatening to drop incoming calls would work. Much like the EU online privacy regulations has international effects, the US can play the game too. It's extremely unlikely that a legit telco anywhere in the world would choose to continue spam and lose the ability to call the US. (Telcos peer to other telcos/interconnects explicitly and can force custom agreements)
They should threaten to drop outgoing calls too. That’d eliminate all the useless offshore call centers.
Some sort of quite tall wall, perhaps made of fire…
Carriers could solve the spam problem overnight by disconnecting about 3 or 4 countries from the rest of the world. However popular that action may be, it would not be legal.
ya but now they are the racist carrier. racism hunts. witch hunts. in the far future these 2 events will look no different
The world has already decided to disconnect 5 countries from the global banking system, effectively keeping them locked in the dark ages....
I can't see how it can be any other way than you mention.
Is it conceivable that they don't have control of who is using their network, and how they're using it?
It's not like they've just landed on the planet with this big telecoms network to manage. They created them, they set the rules, they own the gates.
It's purely profit driven, no question.
In the exact same way that Google and Meta claim to not be able to police advertising on their own fucking networks.
The architecture of the telephone network was designed by a complex series of historical monopolies (across multiple countries), federal regulators, and state regulators. Because of this history, the providers have a surprisingly small degree of control over the traffic that passes through their network. This is, in a regulatory sense, what it means to be a common carrier.
My admittedly cynical view, then, is that the structure has outgrown it's usefulness.
Features are being added, which enable phone number spoofing and other shenanigans, at some point deep in the network, such that common carriers, at the tips of the network, have no control over.
Thus creating a scammers/spammers paradise.
(This is a US-based response response about the US phone system.)
Because it's a political problem, not an engineering or business problem.
In order to prevent monopolies, we have very strict requirements about carrying all calls that enter the network. Otherwise, phone companies would randomly block each other as part of anti-competitive tactics to push each other out of business.
The telephone spammers take advantage of these laws, because it is very difficult to legally block a spam call. Your phone provider must carry all phone calls without any prejudice!
(So I'm about to get very close to the line about hacker news's "no politics" guideline. Please consider that spammers "hack the law" and "hack politics" before you flag me. Instead, I would appreciate it if you take a minute or two to fact check my opinion disguised as fact.)
The primary way out of this is by a legal change, not by an engineering change or culture change: We must update our laws so that it is very difficult to make and carry spam calls on the telephone network.
I personally believe that one way to do this is to require that all phone calls provide rich metadata to the phone that is ringing. I really should know who is calling me, and the phone company that originates that call should be responsible for verifying it. I would even consider a requirement that makes it trivial, or automatic, to "lift the corporate veil" on who owns the company that is calling me. Otherwise there should be strict penalties for a phone network that allows originating calls with phony or spoofed metadata.
(I also don't think anyone has a right to make a 100% anonymous phone call. I think we can figure out how to allow people who need to make anonymous phone calls to make them, without exposing the entire phone network to SPAM.)
Ultimately, every phone call that enters the phone network needs to have a strict and auditable chain of liability.
In reality, if our laws included a requirement for strict metadata, and then a requirement to make an "abusive phone call" button really obvious, we could figure this out pretty quickly: at this point it becomes a simple reputation system.
Finally, we need laws that prohibit co-opting the phone network for marketing. We may want to start with prohibiting unsolicited commercial and political calls. We need to make sure that there are no loopholes, where the company you bought something from 2 years ago is still free to call you as if you have an ongoing relationship. We need to recognize that pulling out one's phone and looking at who is calling is really a significant burden to us, and that our government should protect us from companies and politicians who think that they have the right to interrupt our day at any moment to listen to a sales pitch.
If you really care and want to put time into this, advocate politically. (And remember that hacker news is not supposed to be political.) Don't waste your time reading instructions about how to report spam.
Of course, that would require the politicians to first opt their own political calls in to the existing (if largely useless) measures such as the Do Not Call registry.
A few questions (in good faith) for discussion:
- How do you feel about the telcoms reading/filtering your texts?
- Where do you feel these controls would be most appropriately applied? Sender or recipient or both?
- How would you define SMS spam for filtering? Should the messages be manually reviewed or automatically filtered based on volume/content?
- Should recipient telcoms filter potentially malicious or spammy voice calls?
Texts are not encrypted anyway, your telecom can already read and filter your texts, and there’s been several instances of it happening.
Eg: https://www.reddit.com/r/tmobile/comments/17aqv1z/tmobile_li...
All the responses to this post have been an amusing read. Apparently this forum is too young to remember all the Guyana phone sex scam numbers from the 80s and 90s…
I think you underestimate how ineptly run a lot of these highly-regulated, legacy industries actually are.
They care, but in the way most people care about not being fat. They still can’t make the necessary lifestyle changes to do anything about it even if it is their most ardent wish.
Less that spam makes them money, more than doing nothing about spam doesn’t cost them money.
With booking systems that use texts for appointment confirmation, several companies end up using the same group of phone numbers due to the service that sends the text having limited phone numbers.
Some of the companies are quite spammy. It’s frustrating as blocking the number risks blocking real ‘you have an appointment at xxx’ type messages.
They care, but not enough to spend what is required to address it.
In some cases it definitely seems to be the carriers making money.
I’ve never really had any issues at all with SMS spam in the UK and Europe - but I’m currently in Thailand where it’s awful! When you buy a new SIM card at the airport, the spamming starts within an hour or so. I count 18 sent yesterday alone, once every hour or so during the day.
I believe it is actually the carrier (true.th) sending them as they all follow a similar format and seem to arrive with a somewhat predictable regularity.
They even have an automated number (*137) you can call and supposedly turn off spam, but it doesn’t work: “System will cancel spam SMS within 24 hour. Thank you for using!”. Yeah right.
Only solution on iOS seems to be to disable notifications for SMS from unknown senders in System Settings. Then, at least, they only annoy you when you actually look at the messages app.
Like others, I'm confused about how there's so much variation between countries on this one.
In the US, the calls and texts are a plague. If you've had a phone number for a few years you're probably getting multiple texts and calls a day, even if you are on the Do Not Call registry, from advertisers of every type and scammers alike. Lots of people have apps for blocking spam and they still get through.
In the Netherlands I'm also on a do not call registry, and I get nearly zero spam calls or texts. There is the occasional scammer SMS, and I get a spam call maybe once every 2-3 months, usually for nonprofit fundraising.
In developing countries you're spammed by both the telco and third party advertisers within minutes of activating a prepaid SIM card. The telco is almost certainly delivering the advertisements.
My guess is that the penalties and enforcement behind violating do-not-call registry in the Netherlands (EU?) are just much stronger than in the US. It still does not explain the lack of low-quality spam / scam messages from people who are unlikely to be dissuaded by regulation.
The only thing I can think of is that there is better authentication for accessing the Dutch telephone network (and better incentives for the telcos) which allow the providers to prevent or shut down spam numbers quickly.
Could the percentage of occupied Dutch phone codes be lower than the USA? There may be a smaller pay off.
You mean area codes (all Dutch mobiles are on one area code - 06) or do you mean the proportion of available phone numbers to phone users?
The latter would imply that spammers are 'wardialing' phone numbers but that seems really unlikely to me as it would be incredibly easy for telcos to detect and prevent.
This was many years ago but I was trying to set up a Twilio number in the Netherlands to do a crank call on a friend there. I thought it would be as straightforward as the US(ie. Just sign up, add some money and pick a number from their available pool). No....from what I recall you need to submit an actual physical address and there was some mechanism for verifying I think as it failed the first time I tried. Now I think I managed to eventually get some random shop registered but for spamming, I don't think that would last as it would get flagged eventually. I don't know if they still do this sort of verification but if anything it is probably more strict now.
It’s unlikely to work for phone numbers outside the US. Sorry :( For typical 10-digit US numbers, the carrier search sites work well, as does Twilio’s carrier lookup API.
Thank you for putting together this resource!
I read the rest of the FAQ, signed up for Twilio, and their API worked to identify the number.
Try reporting it directly to the US Postal Inspector. From: https://www.uspis.gov/news/scam-article/smishing-package-tra...
lol. They will do absolutely nothing.
yeah i don't understand whether the government even does anything or if they treat it like an off and on switch due to attention or negligence
there's some impressive anti-scammer youtube content, and it seems to be a growing trend, maybe this is just capitalism doing what it does best? advertisers putting money in front of combative interventions.
https://www.youtube.com/watch?v=dWzz3NeDz3E
https://www.youtube.com/watch?v=jUHFpfVPUYc
I used to report spam calls, but quit when I received one from my own number, the number of the phone on which I received the call.
I've had some luck with reporting phishing domains to their registrars. It doesn't always work, but I have gotten a few taken down that way.
My own experience is that reporting to Google's Safe Browsing whatever is a waste of time. A lot of scam sites geo-block or redirect to a random news site when visiting from $OutsideTargetArea, so that seems to break a lot of/most automated screening.