State Attorneys Urge FCC To Combat Neighborhood Spoofing

Attorneys general from 35 states are urging the Federal Communications Commission to allow telephone companies to block illegally manipulated calls that appear to come from consumers' neighborhoods. From a report: The rule change could help reduce "spoofed" calls from numbers with the same area code as the consumer, or even calls from the consumer's own number. Combating junk marketing calls has been a top consumer protection priority for FCC Chairman Ajit Pai. The FCC last November adopted a set of robocall rules that allowed telephone companies to proactively block calls from invalid, unassigned or unused numbers. The agency then sought public comments on empowering telephone companies further. The attorneys general want to the FCC to create new rules specifically targeting neighborhood spoofing, they said in comments filed Oct. 9 with the agency.

Why not block all unverified POTS spoofing?

[Etcetera]

I realize certain infrastructure bits need to be able to do this, but why not a regulation that requires outbound data be verified to be under the control of the "real" sending entity? A service (Skype, say) initiating an outbound call with a user-entered number must first validate control (voice call or SMS, etc) and record/audit such validation before putting injecting it into the POTS.

Make that a best-practice at the ITU, but enforce it by regulation for domestic.

That just leaves international calls as suspect (which has long been the case anyways) and international-but-still-in-NANPA calls as notable (ditto).

Re:Why not block all unverified POTS spoofing?

[SoonerSkeene]

I work in an inbound-only call center (tech support for web host). If we call a client back, we spoof our number so the number they see on their caller ID is the same toll free number they called to reach us in the first place. We used to not do this, and every outbound call looked like it came from somewhere in Colorado (we're in Oklahoma), so it helped our customers in more than one way. First, they recognize it's us calling them back about their ticket, and two, they can call the number they saw on caller ID and reach us again. Previously the Colorado local number they saw went nowhere, it was just some bulk trunk line owned by Verizon and leased by our call ACD routing cloud software company. I'd argue it was worse for our clients when we couldn't spoof. They had no idea who was calling them, they get dead-air if they tried to call it back. Having said that, I'm sick of death of getting these "looks local" telemarketing recorded sales pitches, so much that I essentially treat phone calls like email now: safe senders only. If you aren't in my address book head of time, my phone doesn't even ring anymore. It's insane. I must get 3 a day.

Re:Why not block all unverified POTS spoofing?

[mentil]

How about an update to caller ID so that it shows both the true originating number, and the potentially-spoofed number? Worst case scenario you have to make 2 calls to succeed in calling someone back, but you'd always know what number to make a complaint about to the FCC/phone company.

Re:Why not block all unverified POTS spoofing?

[Strider-]

I run a (small) phone system, and you're absolutely right. We have 23 outbound lines (gotta love the PRI), and 100 DIDs (in our case, the whole 24xx block). When I generate an outbound call over the PRI, I can technically set the outbound number to whatever I want. The PSTN should reject that call if the ANI I generate is from a block that is not assigned to my PRI.

Re:Why not block all unverified POTS spoofing?

[tlhIngan]

Or just get rid of spoofing. What valid reason is there to spoof a number? The ONLY reason is so the person can't call you back directly and has to go to a central answering service. Companies love that, but that is their problem.

Lots of valid reasons to spoof.

1) Business - making outgoing calls uses a trunk line that doesn't necessarily result in a callable number. Instead, you spoof it so you can give the DID or main line number of company so the person being called can call back. Calling trunk lines does absolutely nothing (dead air, or it rings forever).

2) Call centers - they may handle dozens or hundreds of customers and may need to call you back. It would be nice if the number shown is the company you called, right? I mean, if you called Apple and they said they'd call you back, the number should be the Apple number you called, rather than some random call center number. If you're in urgent need of support and get "Unknown number" calls, you might ignore them, not realizing they're your support call being returned.

3) VoIP. Again, trunk lines. Be nice if someone was using VoIP for their phone that when they called out, their number showed up, right? Better than some random phone number of the trunk line that was used to complete the call to POTS. And since that number changes, it would make using VoIP almost impossible if no one picked up because of all the strange numbers they were getting. (It still happens where you get all 0's or something Then again, it's only VoIP - I mean, who uses it?

What should happen instead is the phone company filters what numbers can be spoofed. There's no reason for a business to spoof numbers that it doesn't own, and call centers already "own" the number used to reach it so they can spoof that. They should not be able to spoof random arbitrary numbers. VoIP providers have pools of numbers as well which can be used to limit their available spoof numbers.

Of course, if you really want to get rid of scammers, ban VoIP. That's it - that's the only way they can call from India and do their scams.

But of course, VoIP is too valuable and too "high tech" and modern. Perhaps we can ban spoofing VoIP, so every VoIP call shows up as 000-000-0000.which could be your friend with Vonage or Skype or other program, or an Indian scammer. After all, it's not our fault people use VoIP, right?

Re: That might be counterproductive

[Obfuscant]

If only there was a way to recognize the numbers of people you know. Maybe even have their name appear on the screen.

I think you completely missed the point of this entire discussion. The issue is that robo and spam callers can send any number and name data that they want, even that of your friends or neighbors. You can recognize the name, pick up the phone, and find out that someone at your number has requested information about back braces.

And unfortunately, the state AGs have missed out on one bit of technology that everyone thought was a good thing at the time: number portability. If I move from A to B and change cell providers, I can take my old phone number with me! If I used to live in 202-land but moved to 503-land, for example, I can keep my 202 area code number. Suppose I try calling my friend who I lived next door to in 202-land. There will be an inbound call to the central office serving his phone showing a 202 area code but coming from outside the 202 area. Does the phone company block that call as spam? It's not.

A related problem is VoIP. I have Vonage and when I signed up they had NO local numbers available for me. I could get a number in a city far away but in the same area code, or in a different area code altogether. I got a number that was local to my parents and family so they could call me toll-free. So, when I call someone next door to my brother the caller ID will show a local number. Does the phone company block that call because it must be spam?