T-Mobile, Comcast Turn on Call Verification Between Networks in Latest Robocall Fight (usatoday.com) 58
pgmrdlm shares a report: Calls between T-Mobile users and Comcast's Xfinity Voice home subscribers will now be "verified," the latest move in the ongoing fight against robocalls. The two companies announced Wednesday that they have launched cross-network verification, allowing users to know that the calls they are receiving is from an actual person and not a spammer or robocaller.
They use a handoff system recommended by the FCC where the caller's network verifies that a legitimate call is being made with a "digital signature." The recipient's network then confirms the signature on its side. A number of major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, AT&T, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
They use a handoff system recommended by the FCC where the caller's network verifies that a legitimate call is being made with a "digital signature." The recipient's network then confirms the signature on its side. A number of major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, AT&T, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
took them long enough (Score:3, Insightful)
This seems like something that should have been done...forever?
Re: (Score:1)
Except what constitutes a "legitimate call?" All it would take for this to be rendered ineffective is an agreement that certain calls be considered "legitimate."
Plus who verifies these signatures? It's completely useless to the public if it's just between the companies involved behind closed doors. Hell it may not even exist, and be just yet another PR stunt so they can still claim they are "improving" their infrastructure and get more money from their subscribers / taxpayers.
Yet more proof that slapping a
Re: (Score:3)
Pretty much all my friends now tell me that they never answer their phone unless the calling number is on their contacts list, simply because the number of fake calls so outnumbers the real calls that it's worth the fact that sometimes you miss calls from somebody who actually does need to get hold of you.
(but... I did manage to keep the Microsoft repair guy, who cold called me
Re: (Score:2)
You know, yes, you can come up with problems, but the existing system has totally failed due to robocalls spoofing phone numbers.
Pretty much all my friends now tell me that they never answer their phone unless the calling number is on their contacts list, simply because the number of fake calls so outnumbers the real calls that it's worth the fact that sometimes you miss calls from somebody who actually does need to get hold of you.
(but... I did manage to keep the Microsoft repair guy, who cold called me at about 2:30 today, on the phone for 17 minutes. I think that's a record for me.)
It's not that difficult for me. I have a Wisconsin area code but live in Texas. I don't know anyone in Wisconsin anymore so any Wisconsin area code calling me might as well be screaming "I am definitely a robocall!"
Much ado about nothing? (Score:5, Interesting)
How many robocalls were transiting between these two networks? Personally, I'd prefer if Verison would simply verify calls that were supposedly coming from their OWN network.
Re: (Score:1)
Exactly. Also, does every network need to add call verification between each network separately? This will take forever. The spammers will just use a network that doesn't have call verification setup.
Re: (Score:3)
Also, does every network need to add call verification between each network separately?
Of course not.
Networks can choose to send verification certificates or not.
Your phone, eventually, will gain the ability to see if the originating network sent a certificate or not.
Your phone - ok, hopefully - should eventually gain the ability to act on that information.
This will take forever. The spammers will just use a network that doesn't have call verification setup.
Apple and Google both have stated they will be implementing the shaken/stirprotocols in their OSes.
For Apple and Google made or stock Android using phones, which they claimed last month would be within a year.
After that you can choose what
Re: (Score:2)
Of course there is a much easier fix. A simple option to send all callers not in my contact list directly to voice mail. I don't need to talk to strangers. I've made this happen with a 'hack'. I have a blank ring tone that is my default, each contact list user has a real ring tone. I might get a half dozen spam calls a day, but I never notice.
Re: (Score:2)
The spammers will just use a network that doesn't have call verification setup.
Ideally, software will evolve to let us 100% ignore calls from networks that don't have call verification setup. Just like you can choose to only allow mail into your system that passes DMARC. It doesn't require everyone have DMARC setup for it to be useful. What makes you think this is has to be 100% participation to become effective? I don't you didn't come out and say that outright, but can see that is where you are going w
Re: (Score:1)
I suspect it has nothing to do with calls being made from the networks, rather it's about explicitly marking calls as verified. As they prove the system works, they can increase the scope of the effort so that it verifies calls between all of the major networks.
Until, one day, you'll be able to reasonably assume any call that lacks the "verified" tag is a robocall and autoblock it.
Re: (Score:2)
They already *know* which numbers belong to which networks, it's a necessary database that allows number portability so when someone calls a number they know which destination network to switch the call to.
All they need to do is use this database in reverse on calls entering their network to see if the ANI info for the call matches the network it's *supposed* to be coming from.
If ANI on an incoming call says it belongs to the ATT network but its entering from some carrier other than ATT, then it should be d
A bit more complicated. Cincinnati Bell & AWS (Score:2)
> so when someone calls a number they know which destination network to switch the call to
Yes, and TO is the operative word. A phone number is technically known as a DID number - Direct Inward Dial. A DID (phone number) indicates which service (not station aka phone) a call is being placed to. There is no such thing as a DOD, Direct Outward Dial number. Consider this very simple case:
You are logging in to your bank web site, Second National Bank.com. Your bank doesn't suck, so it has multifactor commun
Re: (Score:3)
Then don't fucking spoof your own customer service number into the call.
What inward dial number would you prefer? (Score:2)
What direct inward dial number would you prefer?
Web servers don't take incoming phone calls, they take incoming web requests; they don't have DIDs, they have names like www27.1stbank.com
Re: (Score:2)
Email has a from, though both are services, not (Score:2)
Email has from and to addresses, in the envelope as well as the headers. So it doesn't have the same issue in terms of fundamental logic. Emails from from some address, phone calls don't come from a "phone number" (DID). So that's a fundamental difference.
Note that like the phone system, email addresses can be something like customerservice@acme.com - a role or service, NOT a device, and certainly not a person.
So you can't identify a particular device as customerservice@acme.com, and similarly you can't s
SIP yes, as opposed to (Score:2)
I was speaking of PTSN, vs SIP.
The SMTP standard, RFC 5321, states that the sender initiates an email with the line:
MAIL FROM email@address
The email address used in MAIL FROM (the envelope) is specified as the route for errors to be returned.
Also RFC 2822 requires a From address in the message itself.
Re: (Score:2)
Yes, and TO is the operative word. A phone number is technically known as a DID number - Direct Inward Dial. A DID (phone number) indicates which service (not station aka phone) a call is being placed to.
DID is actually the service, not the individual BTN/WTN being forwarded into a PBX, but a lot of people use the term interchangeably.
There is no such thing as a DOD, Direct Outward Dial number.
Actually, there is.
Re: (Score:1)
They do not want to do this because the carrier makes money from terminating calls, no matter where they come from. If they only accept calls where the caller-id matches the ANI and where they perform validate that the incoming call is coming from the network owning the calling number, then they will lose money (by not terminating the call). Therefore there is no interest on behalf of any carrier to ensure the validity of the call.
This is just snake oil designed for theatrical purposes that will actually
Re: (Score:2)
Sounds like a good plan to me.
What about the small carriers ? (Score:5, Insightful)
What if the large carriers all implement FCC's SHAKEN/STIR between them but then refuse to do the same thing for all the small carriers ?
Then start marking all non-verified calls as SPAM ?
Don't say it could not happen.
Re: (Score:2)
It wouldn't identify them as spam, it just wouldn't say they were verified (as this new T-Mobile link up appears to do).
T-Mobile does also identify scam callers in some cases, but it uses a variety of techniques to do that (and a master list updated every six minutes), so it also would not arbitrary mark all calls from a small carrier as spam.
Please Report All US Scams to the FBI (Score:3)
Too easy to get access? (Score:2)
It seems like that if robocalls are a problem, it is too easy to get access to the phone network without anyone to hold accountable?
Also, it seems like a phone number is becoming more and more irrelevant these days. It's more like a node number, an IP address for your device. :D
Re: (Score:2)
I had someone from SUSE, Sweden calling me. Didn't answer the first two times because they had inserted my own number as the one calling, so I didn't bother answer. The third time I answered and suggested that it wasn't really a good method to build trust when trying to sell me something.
So it's possible to detect callerid spoofing? (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)