VoIP to Fuel Plague of 'Dialing for Dollars'/Spam

Ant writes "Broadband Reports says Internet News is exploring how telemarketers world-wide are realizing they can dodge long-distance costs (and U.S. "Do Not Call" restraints) by voice spamming VoIP users. Different from SPIT (spam over internet telephony) because it's not automated, an analyst in the article predicts homes and businesses could see some 150 calls a day from overseas call centers."

The ring that keeps on ringing

[erick99]

I am surprised that this hasn't happened sooner but I believe it will happen. I wonder what sort of culture shock we will have when our home telephones are rendered useless because they ring non-stop? I am getting just over 400 email spam a day so 100 to 150 phone calls a day (especially at a cost of only a penny or so each according to the article) seems believable. While spam filtering rids me of all but two or three email spam a day in my inbox, is there a technology that will do the same for my home phone. God, this sure will be interesting (and yes, I understand I have employed a bit of hyperbole).

Re:The ring that keeps on ringing

[dsginter]

Here's what I don't get:

There exist many methods for anti-spam authentication. Why hasn't someone implemented one of them in an "Email 2.0" style service with the single feature being "not compatible with existing email, including spam"? After the first service opened up for business, there would be more. And more. Until Spam was gone for good.

We can see that people are getting to the point of ditching it entirely so why not move to something that fixes the problem at the expense of backward compatibility? This befuddles me to no end. I'd sign up in a heartbeat and so would everyone email user that I know.

Can we just FUCK backward compatibility for once? Why is it so damn important?

Re:The ring that keeps on ringing

[That's+Unpossible!]

Why hasn't someone implemented one of them in an "Email 2.0" style service with the single feature being "not compatible with existing email, including spam"?

1. These exist already. They're called whitelists.

2. In addition to blocking spam, they block email from many legitimate sources, such as companies/mailing lists/etc trying to send you email from an address you aren't expecting. We get subscribers all the time who sign up and yet never get on because they have a whitelist service and are too stupid to let our email through.

Re:The ring that keeps on ringing

Spam is not a technical problem. It's a people problem. It's not a matter of technical compatibility. It's a matter of some people being socially incompatible because they see an opportunity to make money.

Re:The ring that keeps on ringing

Alright, I'm a small busneuss owner, and I see an ad advertising "THE AWSOME, INCREDIBLE, ALL NEW EMAIL 2.0! NO MORE SPAM, BECAUSE THERE IS NO BACKWARDS COMPATIBILITY!" I would think two things:

• How do I talk to my friends?
• Is it made by Microsoft? (I hope not)

No backwards compatibility creates a chicken-and-egg situation, new people don't want to join because no one currently uses it! THIS IS WHY LINUX ISN'T USED AS MUCH! With microsoft, new versions (xp here) can run old software ('98). (Because of this, all new apps made from this point on only work with the new version, thus forcing people to upgrade) Can you run '98 or XP programs in linux? NO! (well, not natively. Yes, i do know about wine. But is it really mature enough so that your average joe could use it?)

Unless you can develop programs that only work with the new system and can still read old apps (this is how companies keep their monopoly), the new version will never become popluar. (or you could pay people to upgrade, as most all major companies do)

Re:The ring that keeps on ringing

Because some calls I want to receive are time sensitive. If the police are calling to tell me my fiance was in an accident, I want to know that now, not later when I get around to checking my messages.

Why don't people understand the very basic idea that it's my property. My phone line. My telephone. I want to use it my way. It's not there to subsidize their business model. Why the fuck should I bear the burden of paying for someone elses business? Fucking pieces of shit.

Re:The ring that keeps on ringing

[Sentry21]

I was thinking of something similar a while ago, when I was struggling to set up a mail system that was new and improved, and yet worked with the previous configuration the company had.

What I've decided is that e-mail needs to be simpler. Instead of four different daemons (IMAPd, POP3d, SMTPd, LDAP, and optionally an SQL server) running seven different protocols and standards (SMTP, IMAP, POP3, LDAP, SQL, SASL, SSL, TLS, SQL) that still don't work together because the e-mail clients all suck (with the possible exception of Evolution, which everyone here used to use until they switched to Windows from Linux) and don't work as expected.

What I thought of was a single, simple e-mail system. One daemon, handling incoming and outgoing messages, and handling local delivery and mail retrieval as well. One protocol for doing all of this.

The remote host connects. By default, they have 'anonymous' access unless they match an ACL (they can provide username/password, use TLS auth, SASL, SSL, check remote host, check remote ident, etc). Anonymous hosts generally have no access, though sites can allow access for things like browsing a support forum or access to a public contact book (since this system is basically a threaded message storage system).

Authenticated users (generally) can access 'their mail' - mailboxes can be created and assigned to groups, which provides them access to read/write those mailboxes, or users, which provides access to users only.

Messages can be flagged in all manner of ways, such as 'shared'/'public' (so anyone can go to 'Dan's Shared Mail' and see any messages that are there), 'replied to' (and the reply is automatically threaded to the original message as well), and so on.

Messages are always sent through the mail server assigned to the account one is sending from - all your configuration data stays on the server, so all you need is the servername, username, and password (depending on how ACLs are set up), and you're in. You can use any client on any machine, including web-based clients, and have immediate access to all of your mail and all mail functions.

Messages can be reassigned to other users, groups, or mailboxes (so messages bound for support@ but sent to sales@ by a confused user can be easily redirected back to support@).

Servers can establish one-time connections to other servers (for the purposes of sending mail from one server to another) or persistant connections (for e.g. mailbox sharing, collaboration across domains or companies, outsourcing of customer support to a third party company, and so forth).

Since, in this new mail system, users have to authenticate to their local mail server to be able to send mail (unless the remote host allows anonymous reciept), it would eliminate spam by allowing admins to block/filter non-authenticated messages, and/or to block authenticated users and/or hosts that send unsolicited e-mail.

It would have one protocol that would provide access to all the functions of the server - the address book, the mailboxes, sending/recieving, and so on. One persistant connection can be established, or the client can be put into batch mode, where it does essentially burst transmissions - sending and recieving all at once, syncronizing all relevant data, and then disconnecting (for offline use or in situations where connections cost money, such as dial-up or GSM data streams).

For backwards-compatibility, servers could provide the option for SMTP, POP3, IMAP, and LDAP access, so that the rest of the internet would be able to send them messages and recieve their data. As time goes on, and more and more software is designed that utilizes this protocol/architecture, admins could slowly drop support for older protocols. Once a good mail client supports it, for example, and an office migrates to that client (or to a selection of clients), then the admin could remove compatibility with IMAP/POP3.

Well, that's my rant. I've probably just described something like Exchange or Groupwise (which I've never used so I know nothing about them), but hey, it was fun.

Re:The ring that keeps on ringing

[morcheeba]

When I first got my "email 1.0" address, nobody that needed to email me had one. They got them eventually, though -- funny how that worked out :-)

Re:The ring that keeps on ringing

[porcupine8]

The only real difference between USENET and the other things you listed (Yahoo! Groups, Slashdot, K5, blog comments, etc.) is moderation. Join an unmoderated Y! Group, and you'll get plenty of spam. I had to set the one I owned to moderate new members to keep it out. Same for most unmoderated forums I've seen - eventually, they're overrun by spammers and trolls. And what is the difference between a live moderator and an email filter? The live moderator takes more time.

Aside from that basic problem with your argument, email and discussion forums/groups/communities/etc have fundamentally different purposes. I go to a discussion forum to discuss a specific topic of interest to me and other people who go there. I don't care much if every person interested in X goes to the X discussion board, I just talk to the people interested in X that happen to be there.

I use my email to communicate with family, friends, business associates, classmates, etc - specific people. I don't care if the person I meet at a conference does or can post on the same discussion boards I do, unless it happens to be a discussion board about whatever the conference was about. I do, however, want them to be able to email me, regardless of what type of email they use. Now, I do have a couple of different email addresses that I use for different purposes. But this would require me to have that, plus both an "email 1.0" and an "email 2.0" address for each purpose so that if the person I meet at that conference that I want to do business with doesn't have email 2.0 yet, they can still contact me. And when I meet them, I'd have to ask them which I should give them.

And I still don't really see the benefit for this added annoyance. I already have really good filtering. I can't see how it would make spammers send less spam whether or not I see the spam, so it wouldn't save bandwidth. Once the spammers figure out how to use Email 2.0, we'd just have to start using filters there, too.

Re:The ring that keeps on ringing

[PyroMosh]

So you basicly read everything anyway? Doesn't sount terribly useful to me.

I run my own domain. Aside from running a web site that's basicly just a dumping ground for files for me, I use it for my email.

If use myname@example.org as my primary email address, then I'll use that for giving out purposes to friends, etc.

Everyone else follow this simple format: If I sign up for a msn account, I'll use msn@example.org If I sign up for a carfax thingy, I'll use carfax@example.org It all forwards to myname@example.org anyway, but this way, if I ever recieve any spam, I instantly know where they got my address, and I can blacklist anything with that address in the header.

So far, I have 5 addresses blacklisted, from the past 3 years, simply because I'm careful about where I use my email address and what checkboxes are checked when I sign up for something.

I do not do this with my business sites, because well, frankly, I need my address published for those. They get a ton of spam. But I have a plan to work around that too.

Re:The ring that keeps on ringing

[Drakonite]

Really, though, you shouldn't be hard to those people - their jobs are bad enough as it is. Setting the phone down would be a lot nicer to them; then they'll merely get bored.

You make their job horrible and they'll either quit or demand more money. The more people that quit or demand more money the more money the telemarketing company will have to pay to keep employees. The more money the telemarketing company have to pay the less money they make. The less money they make the more expensive that form of 'advertising' becomes. The more expensive the advertising the less likely they are to perform it, or at least hopefully they less likely they are to bother anyone who has made it perfectly clear they aren't going to buy anything.

I see a GREAT reason to be a complete asshole to telemarketers.

This can extend beyond the phone as well. There are (or at least used to be) a couple telemarketing/phone survey companies in my town. The last person I know who mentioned they were doing telemarketing work received a backhand and at least 15 minutes of me yelling in their ear about the evils of being a telemarketer.

Friends don't let friends be telemarketers!

Better fix this

[BWJones]

"The average enterprise or household could see as much as 150 calls a day from these telemarketers. It has to happen, because it is a market force that takes the market feedback and makes it into a profitable approach."

Ah, so this is how they are going to use all that dark fiber. :-P

Seriously though, it would be in the phone companies best interest to figure out how to block this. After the legislation for the do not call list, calls to our home plummeted. And rightly so. If I have to deal with telemarketers calling my home again, I will simply have the phone company disconnect my land line, especially with the prospect of 100-150 calls/day. Most people that really need to get ahold of me immediately can use the cell phone or email/IM me anyway. As for calling people at work, I cannot figure out how businesses will tolerate this. Businesses will be more likely to pressure phone companies to limit this kind of activity as it impacts productivity.

So, I don't really care how they do it, but from an end users perspective......They can either fix the loopholes and prevent phone spam or they will lose business.

On another note. Serious question to all the Slashdotters: Has anyone here actually bought ANYTHING from a telemarketer who called you? I have never purchased any good or service solicited over the phone, and I am wondering who it is that actually keeps these knuckleheads in business.

Re:Better fix this

[networkBoy]

get a 1-900 number. Simple.

All your friends have an unlisted number that is held private, or have a code to bypass the billing on the 1-900 line. Everyone else pays a buck a min. (15 min. minimum). I'll let them telemarketers pay me ~$180/Hour (figuring an average 5 min. call).
-nB

Re:Better fix this

[nmos]

Telemarketers probably don't call 900 numbers but I've been toying with something similar. It seems like you could take a page from the "porn dialer" people and get a number in some country where the phone company charges very high fees and is willing to pass on a cut to you for generating traffic on their lines. As long as it "looks" like a normal US # it might take the marketers a while to catch on.

Not automated. Hmm

[wowbagger]

So, when one of these turkeys calls me, I can keep them on the line until I traceroute where his call is coming from, then go after him and his ISP with any number of legal charges as well as possible DDoSs.

Yes, that sounds like a GREAT way to make money.

Culture shock

[Tackhead]

> I wonder what sort of culture shock we will have when our home telephones are rendered useless because they ring non-stop?

It's already starting.

Ignoring people who have abandoned land-line phones for wireless, most of my friends are in the "phone by appointment only" mode.

If you want to talk to me on a land line, email (or IM) me first and tell me when you'll call. Otherwise, the damn thing stays unplugged, and/or with the ringer off. If I ain't expecting someone's call, it ain't getting answered.

Re:Culture shock

[b0bby]

Isn't that what an answering machine is for? You don't recognize the caller id, you let them talk to the machine. If it's important, then you pick up. Otherwise, delete.

Re:Culture shock

[panaceaa]

You make a great point. But I've found that generally in a big emergency (like an injury car crash) people don't leave messages at first. Though in more common minor emergencies (like being locked out) people generally do. So while most of the time waiting for a voice mail will work just fine, sometimes it won't.

I haven't thought about the way I handle these things before now. But now that I am thinking about it, I recall that:

- I'll answer random calls if I don't know specifically where my girlfriend is.
- If I know where she is, then I'll let callers leave a message.

Of course there's often exceptions but that's generally how things work. Plus, the screen on my phone is pretty illegible since I fell on it while rollerblading... so I basically answer it when anyone calls except when my girlfriend is around, and then I let people leave a message unless I'm expecting them to call.

Re:Silly Idea

[blanks]

Yes this would make it more expensive for the spammers to make the calls, and maybe it will keep some of the companies from following through, but with telemarketing if I remember correctly, the costs could be up to .25 per call (connected call) so anything less this this would be doable.

Also keep in mind that a way around this would be to have a dozens (hundreds?) of VOIP services, meaning you would just need a system to switch between "lines". And that technology all ready exists.

re-routing

[COMON$]

until I start re-routing their calls to each other. Think of it, a simple firewall that sits on your network that re-routs overseas calls to each other. Just keep a list of numbers and add new ones as they come in, completely automated...get a couple thousand Voice over IP users to do this and viola, problem solved. Old fashioned ping of death, DOS attacks. Perfectly legitimate because I am just returning their calls right???

asterisk

[clymere]

my understanding is that its not hard to avoid such thigs if yo're running asterisk. The people i know runnign it use some sort of "telemarketer hell" function that leads these people through multiple layers of prompts, where they then leave a message which is promptly deleted.

I want to say its as simple as detecting whether they are using a blocked number. None of these people are going to offer up their number right? What are the legal issues around spoofing? I know this is another capability asterisk has, but I would think there would some issues with a telemarketer using this to outright lie about where they are calling from...of course, would be hard to catch them too.

Re:What?

As it is, I don't answer calls which the caller ID is blocked or otherwise not visible to me.

Better yet, I bought a cheap 2.4GHz phone with CallerID, something like 30$, and discovered in the manual that there's option to block "private" callers, or even block number by putting them in memory with a # in front of the number. Doing this, the phone does not ring at all! So when a telemarketer call (the 1st time I put the number in memory with a #) or someone who block his number, I do not hear it, pretty cool feature :)

Re:waste a telemarketers time

[rubycodez]

better yet, we need to port ELIZA to voice recognition/speach synthesis. Plug 'em into that, and it doesn't even matter if the recognition rate is say 60% or so.

150 is a lot if it's not automated

[cbreaker]

If someone has to be on the other end of the phone when you answer it, it will be a lot more dificult to get 150 calls a day out to every house. On the other hand, with spam, you just hit "Send" and you're done.

But I do see this becomming a problem. Maybe there will be a setting you can set to block all calls from IP, rendering the entire technology useless.

I won't have a problem completely disconnecting my phone if I get 15 calls a day from telemarketers though.

new acronym proposal...

[Lord+Prox]

PHLEGM PHoning Longdstance by Eurasian Gangs / Marketers

Sue them!!!

[www.sorehands.com]

Use the laws to file a lawsuit against the spammers that spam or the people who hire the spammers. Spamming is motivated by profit, lawsuits against spamers will remove that motivation.

I got spammed by Avtech Direct. I sent a demand letter, they were nasty in their response. I filed a lawsuit against them, and arranged for 15 other people to file lawsuits. When they appeared in court against me, I served them with the 20 other lawsuits. So far, only 5 of 21 cases were heard, they have over $11,000 in judgments against them. I have not seen any spam from them since.

VoIP Users Only?

[fo0]

The Thread suggests that this will be a problem for VoIP users only; but it seems to me that the overseas callcenters will call whoever they want regardless of what type of carrier the call-recepient uses. I don't think it is less expensive for them to call another VoIP line than it is for them to call a land-line or cell phone, but maybe I'm wrong.

Another thing... Is there a way that VoIP numbers are indexed or listed? Is there such thing as a listed or unlisted VoIP line?

clarification?

[drew]

ok, so the slashdot summary makes it sound like only people who have VOIP service would have to worry about this, but as far as I can tell from reading the article, the problem is that if the spammers get VOIP service, it makes it cost effective for them to spam anyone, so once this catches on, we would all be at risk, right? i don't see anything in tfa about whether the spamee has to have VOIP for this to be a problem. or am i misreading something?