Slashdot Mirror
Net Phone Customers Brace For 'VoIP Spam'
XaviorPenguin writes "If you think that Spam in your e-mail inbox is bad, wait until VoIP gets huge! According to a News.CNet.com story, your voice mail box on your Net Phones may be cluttered with ads for Viagra. '"The fear with VoIP spam is you will have an Internet address for your phone number, which means you can use the same tools you use for e-mail to generate traffic," said Tom Kershaw, a vice president at security specialist VeriSign. "That raises automation to scary degrees."'
If you think that is scary, you know the Do-Not-Call list that is out by the FTC, yeah, um, people with Net Phones may not be affected by this list and spammers/telemarketers may take this advantage for themselves. "
Does this mean I'll be getting calls from "barely legal" teens requesting my attendance in viewing them for the low price of $29.99 a month?
Comment removed based on user account deletion
Well so far Vonage is great.
Ive been a subscriber for 3 years and have not recived a single sales call.
I belive I have recived about 10 calls that got the wrong number.
If only CAN-SPAM were 1/10th as effective as the do-not-call list. It's strange: I didn't sign up for the do-not-call list, but the number of telemarkters calling has still declined rather sharply. On the other hand, spammers, in the face of legislation, have apparently decided it would be better to send more spam than ever before.
concrete5: a cms made for marketing, but strong enough for geeks.
I'm not sure if I'm an exception to the case, but I never get any spam. If I get a voip address, I'll just use the same methods I do now. Create a dummy account for signups, be careful how I post my address on the internet, etc.
If you think that is scary, you know the Do-Not-Call list that is out by the FTC
The FCC cannot regulate the entire world - just the US.
Spammers can operate from other countries without worrying about FCC's do-not-call lists (or using compromised boxes for that matter).
My pics.
None of this would happen if everybody just went out and bought herbal viagra and penis enlargement kits. If we all bought some then they wouldn't need to spam us so much.
So buy! Buy! Buy!!
I can't wait to find out how Nigerians pronounce "i HaVe A gReAt BuSiNeSs PrOpOsAl FoR U"
For some reason I think your wife will disagree...
You must be new here.
so put it behind your firewall and only accept incoming from your provider.
Don't Tread on Me
I call from a "non-existent" phone number (a number I have which I simply always route to BUSY). That's the number sales droids get in stores, is on my checks, etc. The same number either line shows for CID (but only one line can do ANI as this #).
Private callers learn to dial their appropriate * code -- otherwise they go do the Boulder, CO time clock.
Out-Of-Area callers, 1-000, 1-700 and other assorted numbers go to the US Naval Observatory time clock.
My phone almost never rings with sales calls. Almost. You'll always get that cold caller (and VoIP makes doing this cheap). There's always been a cheap way though and those that DO get through are treated, well, rudely. It's "my" phone line.
Of course I'm the one that gave up on POTS now decades ago -- did similar BUSY, CID type "tricks" with ISDN forever with the added benefit (like VoIP) that "data lines" are automatically unpublished _and_ unlisted. As usual -- the first hint that I get that my "phone company" is selling my number and they lose a customer.
VoIP is a doubled edged sword for the sales attempts IMHO.
Existing VoIP services are through proprietary protocols controlled by the host companies (Vonage, Skype, etc...). Although the connections are made IP-to-IP, these clients are typically only built to accept connections that have been verified through the host network first. Although there have been problems with, for instance, instant message spam in the past, it is quite rare now (in my experience). Forging a message on a private network is much harder than on a public one.
-Joe
A lot of the cheaper plans offered by VoIP companies, like cell phones, have a certain number of minutes you have per month. Some of the companies, foolishly, make you listen to an entire voicemail message before deleting it (in the cell phone world Cingular does this too), now if you have even 5% or 10% the amount of voicemail spam that you do email spam and you're forced to listen to entire messages before deletion this is going to take up a pretty significant chunk of your minutes... that's bad bad news.
sig.
If the VoIP world goes the way of SIP (Session Initiation Protocol) then everyone will need to use a service provider to assist in routing calls outside of a business network. That provider will assign a charge, albeit a small one, to each call. Unlike sending spam email virtually free of charge, making 100,000 VoIP spam calls will cost a tidy sum of money - far beyond the purses of any 2-bit spammer!
Secondly, in a SIP environment, any call needs to go via a SIP registration server so that the caller is able to get information on what devices and messaging services the called party has available as well as obtaining the called party's IP address (remembering of course that if the called party is mobile, the IP address he or she is registered to is rapidly changing anyway!) I have no doubt that it's a relatively simple task to provide some connection blocking at the SIP server so that it's possible to create a blacklist of callers that will never get a connection.
Sure, I've no doubt that telemarketers will make use of VoIP but while both telemarketers and spammers should burn in hell, telemarketers target specific individuals (based on information they have on that individual that makes them believe they can sell something to him or her) and therefore generate far less junk traffic than spammers.
Personally, this is just FUD spread by a bunch of "think-they-know-it-all" security cowboys out to make a fast buck.
Gentoo Linux - another day, another USE flag.
OK, I know virtually nothing about VoIP, but I'm betting I'm right here... wouldn't that also block legitimate calls from others using VoIP phones? (I would think almost certainly for calls from other VoIP providers, unless they route out through POTS, and very possibly other calls from people using your provider as I'd imagine they would route those calls directly to save on costs.)
FYI: On my Cingular phone, 7 is the erase button after a message, but if you push 7-7 during a message it will stop playback and erase it. Don't know if it works on all phones/plans or just mine.
However I do believe that spam in the same social catagory as grafitti.
I think spam is more like 200 neighbors letting their dogs shit in your yard each day.
Or, to keep with your grafitti motif, spam is like an endless stream of grafitti painted on your own garage door.
I'm not disagreeing with your interesting post...just adding my 2c.
Evil is the money of root.
No, because while they all use VoIP, they themselves are not (yet) interconnected. Even if they were, the only call switch that your phone should talk to is the one hosted by your provider, since it is the determining factor as to where calls go, and all voice packets are routed through their network anyways.
The individual providers still need a way to interconnect to all other providers, and currently the only way to do that is via POPs (points of presence) and SS7 trunks to the POTs network. Generally once traffic is determined to not be on the CLEC's local network, its passed out to whoever they connect to to handle outbound routing, be it VoIP or not. I doubt any serious LEC would use the internet as a major interconnect with another provider. The security risk alone is too much of a risk.
Also note that not all providers currently use the same protocol (as has been mentioned in other posts), so even if someone spoofed a call from your provider, they would have to know how to talk to your phone, be it MGCP or SIP or something else.
Just because your phone "has an world reachable IP address" doesnt mean it is wide open to attacks. I think the most serious issue to be dealt with will be DOS attacks, since most IVoIP (internet VoIP, ala Vonage.. as opposed to internal VoIP on private networks) cannot control their QOS between customer and callswitch.
tm
Support TBI Research: http://www.raisinhope.org