VoIP to Fuel Plague of 'Dialing for Dollars'/Spam

Ant writes "Broadband Reports says Internet News is exploring how telemarketers world-wide are realizing they can dodge long-distance costs (and U.S. "Do Not Call" restraints) by voice spamming VoIP users. Different from SPIT (spam over internet telephony) because it's not automated, an analyst in the article predicts homes and businesses could see some 150 calls a day from overseas call centers."

The ring that keeps on ringing

[erick99]

I am surprised that this hasn't happened sooner but I believe it will happen. I wonder what sort of culture shock we will have when our home telephones are rendered useless because they ring non-stop? I am getting just over 400 email spam a day so 100 to 150 phone calls a day (especially at a cost of only a penny or so each according to the article) seems believable. While spam filtering rids me of all but two or three email spam a day in my inbox, is there a technology that will do the same for my home phone. God, this sure will be interesting (and yes, I understand I have employed a bit of hyperbole).

Re:The ring that keeps on ringing

[dsginter]

Here's what I don't get:

There exist many methods for anti-spam authentication. Why hasn't someone implemented one of them in an "Email 2.0" style service with the single feature being "not compatible with existing email, including spam"? After the first service opened up for business, there would be more. And more. Until Spam was gone for good.

We can see that people are getting to the point of ditching it entirely so why not move to something that fixes the problem at the expense of backward compatibility? This befuddles me to no end. I'd sign up in a heartbeat and so would everyone email user that I know.

Can we just FUCK backward compatibility for once? Why is it so damn important?

Re:The ring that keeps on ringing

[porcupine8]

Why hasn't someone implemented one of them in an "Email 2.0" style service with the single feature being "not compatible with existing email, including spam"?

Why on earth would I (or anyone) use this? The entire point of email is communicating with people. If I got an "email 2.0" address, but nobody who needs to email me has one, what would be the point in me having it? And if it got popular enough that the people I want to communicate with all had it, wouldn't the spammers just get it, too?

Now, I could maybe understanding coming up with something like this for intra-company communications or something, where a specific list of people would get the new format of email and they could all talk to each other but nobody from the outside could email in. But they'd still need traditional email for any communications outside the company. And what company could do any business these days without emailing (or receiving email from) anyone outside?

I just can't see any way at all that something like that would work.

Re:The ring that keeps on ringing

[cas2000]

> There exist many methods for anti-spam
> authentication. Why hasn't someone implemented
> one of them in an "Email 2.0" style service with
> the single feature being "not compatible with
> existing email, including spam"? After the first
> service opened up for business, there would be
> more. And more. Until Spam was gone for good.

because that wouldn't work either.

idiot windows users would tell their mail software to remember their authentication password, and spammer viruses would be rewritten to look for those passwords and use them. within a very short time, the new "secure" authenticated mail protocol would be compromised by spammers.

as long as people are using insecure garbage like MS Windows & IE & Outlook on the net, there will be millions of spam zombies.

Re:The ring that keeps on ringing

I've developed an extension to an existing bot for a Russian "enterprise" allowing to perform exactly this.

Like anyone else, I hate my job some days. But man, if I did stuff like that for a living, I'd hate my life. What a loser.

Re:The ring that keeps on ringing

[morcheeba]

When I first got my "email 1.0" address, nobody that needed to email me had one. They got them eventually, though -- funny how that worked out :-)

Re:The ring that keeps on ringing

[PyroMosh]

So you basicly read everything anyway? Doesn't sount terribly useful to me.

I run my own domain. Aside from running a web site that's basicly just a dumping ground for files for me, I use it for my email.

If use myname@example.org as my primary email address, then I'll use that for giving out purposes to friends, etc.

Everyone else follow this simple format: If I sign up for a msn account, I'll use msn@example.org If I sign up for a carfax thingy, I'll use carfax@example.org It all forwards to myname@example.org anyway, but this way, if I ever recieve any spam, I instantly know where they got my address, and I can blacklist anything with that address in the header.

So far, I have 5 addresses blacklisted, from the past 3 years, simply because I'm careful about where I use my email address and what checkboxes are checked when I sign up for something.

I do not do this with my business sites, because well, frankly, I need my address published for those. They get a ton of spam. But I have a plan to work around that too.

Silly Idea

[fembots]

What happens if the cost of each almost-continuous call is incremental?

Say the first 10 VOIP calls are free, and if you make the 11th call within 5 minutes of the 10th call, you pay 1 cent, and if you make your 12th call within 5 minutes of your 11th call, you pay 2 cents, then 4 cents, 8 cents and so on.

Private callers shouldn't have to pay anything due to the engaging nature of personal calls.

Businesses will have to register to get exemption from the charges, thus easily identifiable.

Like spam filters, this won't stop spammers from spamming, but hopefully it's enough to make it less profitable.

We didn't see email spams coming, but we should definitely do something on VOIP when we have the opportunity.

Re:Silly Idea

[blanks]

Yes this would make it more expensive for the spammers to make the calls, and maybe it will keep some of the companies from following through, but with telemarketing if I remember correctly, the costs could be up to .25 per call (connected call) so anything less this this would be doable.

Also keep in mind that a way around this would be to have a dozens (hundreds?) of VOIP services, meaning you would just need a system to switch between "lines". And that technology all ready exists.

Better fix this

[BWJones]

"The average enterprise or household could see as much as 150 calls a day from these telemarketers. It has to happen, because it is a market force that takes the market feedback and makes it into a profitable approach."

Ah, so this is how they are going to use all that dark fiber. :-P

Seriously though, it would be in the phone companies best interest to figure out how to block this. After the legislation for the do not call list, calls to our home plummeted. And rightly so. If I have to deal with telemarketers calling my home again, I will simply have the phone company disconnect my land line, especially with the prospect of 100-150 calls/day. Most people that really need to get ahold of me immediately can use the cell phone or email/IM me anyway. As for calling people at work, I cannot figure out how businesses will tolerate this. Businesses will be more likely to pressure phone companies to limit this kind of activity as it impacts productivity.

So, I don't really care how they do it, but from an end users perspective......They can either fix the loopholes and prevent phone spam or they will lose business.

On another note. Serious question to all the Slashdotters: Has anyone here actually bought ANYTHING from a telemarketer who called you? I have never purchased any good or service solicited over the phone, and I am wondering who it is that actually keeps these knuckleheads in business.

Re:Better fix this

[blanks]

To answer your question, most telemarketing is either collections or credit cards, or charities. I have had many friends that have worked in collections and charities and you wouldnt belive the amount of positive sales they would get.

Re:Better fix this

[networkBoy]

get a 1-900 number. Simple.

All your friends have an unlisted number that is held private, or have a code to bypass the billing on the 1-900 line. Everyone else pays a buck a min. (15 min. minimum). I'll let them telemarketers pay me ~$180/Hour (figuring an average 5 min. call).
-nB

Re:Better fix this

[alienw]

Actually, the phone company would want to encourage it. Phone companies hate VoIP and would love to see it die.

However, I can't see this becoming a problem. VoIP traffic is very easy to block. If you get a telemarketer, block them. It's not like they can change their internet provider every other day, and VoIP traffic, being two-way, is rather difficult to proxy through a hijacked machine (unlike email). And it's rather difficult to move a call center to another country.

Vroom!

[greg_barton]

Gentlemen, start up your whitelists!

What?

[bigtallmofo]

You mean U.S. laws don't apply everywhere? We should get that law changed!

They will throw themselves upon the firewalls...

[FyRE666]

Russia, China, India... Who'd have thought these would be new sources of spam?! I routinely block these domains/net blocks from sending email into our networks (along with a few of the other well known spam sludge pits), so would it really be that difficult to firewall out all VOIP traffic from these places too? Maybe if enough people just cut them off they'd change their attitudes to providing havens for (mostly) American spam "companies".

In fact, I'd imagine these call centres would be easier to firewall off the 'net than spammers, as it would be harder to switch net blocks once a blackhole service was set up to list the offending address ranges.

Call Blocking?

[Ironsides]

So how long until someone hunts down those IPs and offers up a list for call blocking of them? Also, how long until someone writes a program that will DDoS of some form or another those same call centers or something similar that will harass the call centers?

Not automated. Hmm

[wowbagger]

So, when one of these turkeys calls me, I can keep them on the line until I traceroute where his call is coming from, then go after him and his ISP with any number of legal charges as well as possible DDoSs.

Yes, that sounds like a GREAT way to make money.

Re:Not automated. Hmm

[GeckoX]

Yeah, cause grandma jean has a whole trove of zombie machines out there just waiting to DDoS the first sucker that dares to spam her VOIP phone.

Common knowledge tells us that Telemarketing in general should not be a viable business. And yet, it is isn't it?

Re:Not automated. Hmm

Yeah, I got a spam that I went through the same spiel with. Checked the headers, did some dns lookups, etc. etc. Finally I found the responsible ISP.

Problem was, when I sent my subpoena to Novosibirsk all I got back was a legal notice saying, and I quote...

"In Soviet Russia, jurisdiction limits YOU."

The joys of computer controlled phones!

[garcia]

And with VoIP it would be quite easy to enable an easy to update whitelist for inbound calls. People could use something like the various spam blocking sites (i.e. Spamhaus) that would put and end to that crap.

There are so many possibilities for controlling this crap that I don't even want to go into it. Personally? I would use my addressbook (LDAP?) as the whitelist. Anyone else would get a message to find another way to contact me to be added to the whitelist, to enter the passcode to get through, or they be routed to /dev/null.

Anyone showing up as "UNKNOWN", "UNAVAILABLE", or originating numbers coming from outside the country would automatically be re-routed to /dev/null. I would sort of expect these options to be built into the software and easily enabled by end users as that would make the most sense.

Yeah, it could cause you to lose some callers. How many times do people call you that you don't know and that you actually want to hear from? I'll take the 1 caller a year that doesn't know the passcode and can't find another way to contact me.

YMMV.

Culture shock

[Tackhead]

> I wonder what sort of culture shock we will have when our home telephones are rendered useless because they ring non-stop?

It's already starting.

Ignoring people who have abandoned land-line phones for wireless, most of my friends are in the "phone by appointment only" mode.

If you want to talk to me on a land line, email (or IM) me first and tell me when you'll call. Otherwise, the damn thing stays unplugged, and/or with the ringer off. If I ain't expecting someone's call, it ain't getting answered.

Re:Culture shock

[panaceaa]

Maybe this works for you, but in my life things don't always go as planned. If my girlfriend is in an emergency situation (and it has happened), she contacts me by phone. Because it is an emergency, it may be from a phone number I do not recognize. She will likely not have access to email or IM before calling me. So a random call comes in from a random number... and guess what? I have to answer it because I care about her and it might be her. Until other less-obtrusive technologies like IM are ubiquitous and can be used in emergencies, this cannot change for me.

VOIP spam is a really scary and almost unavoidable future. To combat it, I only give out my cell phone to people I know. I always give businesses my home or work number. But if it starts to be a problem, I bet a lot of the profiling techniques already used for filtering email will start happening on phone networks. And thankfully, I have never heard of a VOIP open relay, so we'll have a better chance at stopping the problem at its source.

Herm wait . . .

[OverlordQ]

so the DNCL only covers POTS Spam? IMO my number is in there, so no matter where they're coming from or through, be it POTS or VoiP they can't call me, further more theres'a nice tidbit on that DNCL site:

33. Are telemarketing calls from overseas covered?

Yes. Any telemarketers calling U.S. consumers are covered, regardless of where they are calling from. If a company within the U.S. solicits sales through an overseas professional telemarketer, that U.S. company may be liable for any violations by the telemarketer. The FTC can initiate enforcement actions against such companies.

re-routing

[COMON$]

until I start re-routing their calls to each other. Think of it, a simple firewall that sits on your network that re-routs overseas calls to each other. Just keep a list of numbers and add new ones as they come in, completely automated...get a couple thousand Voice over IP users to do this and viola, problem solved. Old fashioned ping of death, DOS attacks. Perfectly legitimate because I am just returning their calls right???

We need laws, but tools too

[Frater+219]

We're going to need some basic trespassing legislation here: in brief, a recognition that my phone is my property and that your freedom of commercial speech does not extend to the use of my property to carry your speech at my costs.

However, we're also going to need some software tools. A lot of sites, my own workplace included, are rolling out VoIP systems. Some of these are COTS systems of various levels of quality. Others (like us) are using open systems like Asterisk PBX and SIP Express Router (SER). Currently, as far as I have seen neither the proprietary nor the open tools have what it takes regarding abuse rejection:

• Dictionary attack rejection. Any caller who makes a vast number of wrong numbers in a day is just trying to guess numbers, and should be rejected.
• Call rate limiting. A single caller IP address should not be able to make a vast number of simultaneous or near-simultaneous inbound calls.
• Site-local blocklisting. One good way of telling if an IP address is going to spam me is if it has spammed the guy the next office over. The VoIP PBX is a good place to aggregate abuse information. Asterisk has the beginnings of a blocklist system, but it's not quite there yet.
• Distributed blocklisting. DNSBLs have worked very well in the email world, where a single highly reliable list such as Spamhaus SBL-XBL can deflect over 50% of spam. We will need this ability in VoIP.
• Abuse reporting. If I'm getting VoIP abuse from your site, I need a way to report it to you or your ISP. Likewise, VoIP sites that want to be reputable should offer call recipients a way of reporting harassment, spamming, and other sorts of abuse.

Re:Silly Idea - We saw it coming

[Nom+du+Keyboard]

We didn't see email spams coming,

Actually we did. The infamous Green Card Lawyers carpet-bombing Usenet told everybody paying attention that we stop it now, or it will only get worse.

Problem with politicians is that they don't react to a problem until after it has grown out of control. And they don't listen to the people who do see it coming.

That's why to this day, CB radio skips clear around the world. They didn't listen to the experts about assigning frequencies. Even now, with spam a problem for everyone, there is little in the way of effective law against it.

Voicemail voicemail voicemail

[hoggoth]

"Hi this is John. I am screening my calls. Please leave a voicemail and I will call you back."
"Hi John, this is Pete. You just tried to call me, and left me voicemail about my attempted call a few minutes ago. Please call me back."

Re:New MaBell filter

[edudspg]

Anyone that runs a voip system can always have the system route UNKNOWN or ANONYMOUS callers to a computer based screening tool. One bored gent wrote an elaborate voice-mail maze for telemarketers to wander into.

Telemarketer Torture

So far the only prank SIP call I have received was one from a buddy that was testing his SIP knowledge and wanted to see if he could really make my phone ring.

Re:They will throw themselves upon the firewalls..

[Hoi+Polloi]

"Russia, China, India... Who'd have thought these would be new sources of spam?!"

Make sure you add to your list America's own 2nd/3rd world state, Florida.

Re:Cell phones -- missing the point

[Nom+du+Keyboard]

Hopefully, the cell phone companies see this coming and will start to work on technology to drop calls from known offenders.

You're missing the point here. The cell phone companies want you to use your phone. You don't have unlimited cell phone service. The more minutes you use, the more you pay. This is to their advantage, because where else are you going to go?

Re:Since it's Voice over IP...

[Big_Breaker]

The article is talking about marketting spam launched using VOIP on the caller side. The receiver will get the call on any old telephone hook-up IE POTS or VOIP.

A firewall won't do a thing to protect you. A caller ID based black list of challenge/response system could though.

Re:waste a telemarketers time

[rubycodez]

better yet, we need to port ELIZA to voice recognition/speach synthesis. Plug 'em into that, and it doesn't even matter if the recognition rate is say 60% or so.

Sad, But True.

[Threatis]

As someone who worked as a Telemarketer for about a year, i can tell you that this will happen. the company that I recently worked for was putting together a "voIP team" to tackle all the new tech popping up around it. Sad that this is the world we live in now, where people feel the only way to sell a product is to market it directy to someone over something as personal as a Telephone.

150 calls per day

[NoGuffCheck]

I dont think this will ever happen, Ive been in telemarketing for 5 years and the hardest sells are always the customers who receive more cold calls a day from other telemarketing companies. Now if everyone was getting 150 calls per day I dont care what the call costs are, paying my wage is too expensive for my boss if im never going to make a sale.

new acronym proposal...

[Lord+Prox]

PHLEGM PHoning Longdstance by Eurasian Gangs / Marketers

Sue them!!!

[www.sorehands.com]

Use the laws to file a lawsuit against the spammers that spam or the people who hire the spammers. Spamming is motivated by profit, lawsuits against spamers will remove that motivation.

I got spammed by Avtech Direct. I sent a demand letter, they were nasty in their response. I filed a lawsuit against them, and arranged for 15 other people to file lawsuits. When they appeared in court against me, I served them with the 20 other lawsuits. So far, only 5 of 21 cases were heard, they have over $11,000 in judgments against them. I have not seen any spam from them since.

Re:Sue them!!!

[Profane+MuthaFucka]

Go to the Sheriff with the judgement and hire him to go in and start confiscating property. Show up with the Sheriff to helpfully point out particular items that they should take. The Sheriff with sell the items at auction, take his cut, give you the rest. At that time you will have the opportunity to purchase (along with the rest of the public) some of the choice items that you suggested the Sheriff should take, cheap. If it weren't for mechanisms such as this, nobody would pay any judgements. Make the system work for you.

VoIP Users Only?

[fo0]

The Thread suggests that this will be a problem for VoIP users only; but it seems to me that the overseas callcenters will call whoever they want regardless of what type of carrier the call-recepient uses. I don't think it is less expensive for them to call another VoIP line than it is for them to call a land-line or cell phone, but maybe I'm wrong.

Another thing... Is there a way that VoIP numbers are indexed or listed? Is there such thing as a listed or unlisted VoIP line?

Re:IP Blocking?

[Big_Al_B]

It depends on how the telemarketer connects to the VoIP network. If they're coming in from the PSTN, then the source IP will be the PSTN gateway where they enter the IP world.

While this isn't so bad if the telemarketer is running their own analog-to-IP telephone adaptor/IAD/Asterisk etc., it is quite problematic if the gateway belongs to a major carrier for a large exchange (say, for example, in NYC.)

PSTN carriers can't risk common carrier status by filtering or denying access to telemarketers (e.g. they can't operate like an ISP with an AUP against spamming) so they can't stop the traffic themselves. And you could be cutting off connectivity to large portions of the PSTN every time you apply a filter. Even if it worked for awhile, eventually you would notice severe end-to-end connectivity problems.

No.

[www.sorehands.com]

It is based on what we think the fairness is. I don't think most people here would fault the MPAA for going that to someone who is copying DVDs and selling them on a street corner for $5/each.