Spam Over Internet Telephony (SPIT) to Come?
grub writes "According to this article on NewScientist.com 'Spam and spim - spam by instant messenger -- are about to be joined by "spit" - spam over internet telephony' Yup, spam via VoIP."
← Back to Stories (view on slashdot.org)
I don't think that's how it works. I don't think anyone responds to your typical spam; rather, they harvest working emails and sell those to less-than-scrupulous companies. That's where the real profits are, so it doesn't matter if people respond or not.
I could be wrong though.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
One of the biggest problem of spam is the inability to identify the source (and why so many people believe that solutions like SPF will help out).
VoIP is end-to-end, so if someone starts "spitting" the network, he can easily be blocked.
Of course, other solutions would be to have white lists for VoIP, but it is weird to think about white lists to telephony, since the idea is that anyone could reach anyone.
I think dubious character companies will try to do it anyway for some time, but with time blocking will keep the problem to manageable levels.
From what I've read, blind people are more impacted by plain ol' email spam than anyone. It takes a lot more time for them to listen for a screen reader start reciting off the latest anatomical enlargement offer than it does for a sighted person from scanning the text and just hitting "delete."
Fortunately, VoIP is young enough such that they could modify the protocols to nip this in the bud.
Cryptographic solutions would probably be the first place to look. For example, suppose my phone will only look at incoming connections which are begun with some certificate signed by the VoIP service provider (Vonage, Skype, whatever). So, in order to be able to call me, your phone first contacts the provider, requests a certificate to connect to me, and the provider gives that to the phone, and then their phone uses that as credentials to get my phone to not ignore it. Then, all the service provider has to do is watch out for excessive numbers of connections coming from one customer.
I wouldn't be surprised in the least if this isn't already built into the VoIP systems. After all, we've been trying for some time now to move email into the domain of cryptographic authentication (SPF is just an intermediate fix) to stop spam. So, we've known for a while that this is "the way to do it right", and we also know from the way e-mail is going that it's a major pain to try to change the system to use it after the system is already in place. So, I'd expect that they might already have this capability.