T-Mobile Begins Verifying Calls To Protect Against Spam

T-Mobile is beginning to roll out support for call verification technology, which will confirm that a phone call is actually coming from the number listed on caller ID. From a report: Now, if one T-Mobile subscriber calls another T-Mobile subscriber, the person receiving the call will see a message saying "Caller Verified" if they have a supported phone. Unfortunately, there's only one supported phone -- Samsung Galaxy Note 9 -- for the time being. Call verification won't put a stop to spammy phone calls, but it will start to help people identify which calls are actually coming from real people. As anyone with a phone knows, spammers have relentlessly spoofed local phone numbers in recent years, making it appear that you're getting an incoming call from someone you may know. Call verification is meant to combat that.

T-mobile to T-mobile only?

[fred6666]

so it will block spammers spoofing T-Mobile's numbers to call other T-Mobile's customers. But won't block all other spoofers. As much as I'd like this to be a good start, I can't see how it can be useful.

Re: T-mobile to T-mobile only?

I see. I was hoping it worked with AT&T since we have both carriers

Re: T-mobile to T-mobile only?

[fred6666]

even if AT&T joined, spammers would spoof other numbers, or even better, non-mobile numbers

Re: T-mobile to T-mobile only?

Is the problem a GSM/CDMA thing or just general fragmentation?

Re: T-mobile to T-mobile only?

[olsmeister]

It's a start. What will need to happen then is for people to never answer a call from a non verified number, or even better a feature or app that doesn't ring or sends straight to voicemail.

Re: T-mobile to T-mobile only?

[Obfuscant]

or sends straight to voicemail.

Why do you want to waste time listening to spam voicemail? It's bad enough that there is a flaw in the system that allows spammers to dump directly into voice mail, saving them the few seconds per call for the system to forward their unanswered calls there.

For the GGP who talks about this blocking calls, no, it's pretty clear from TFS that this doesn't block anything. It marks verified calls as such, on the one model of phone that it works on. It really solves nothing.

Re: T-mobile to T-mobile only?

Maybe, it depends on the number. Often when carriers get a block of numbers, they share the same prefix. Odds are pretty good that this will weed them out from calling you so long as your number isn't ported.

Re: T-mobile to T-mobile only?

Why do you want to waste time listening to spam voicemail?

I don't waste time listening to voice mail at all - but all providers have voicemail anyway . . .

Re: T-mobile to T-mobile only?

I think thatâ(TM)s called TrapCall.

Re: T-mobile to T-mobile only?

[fred6666]

you'll only get calls from t-mobile customers then.

Also there might be a legitimate use for fake caller ids. Let's say I am using a voip application and want you to call me back on my cell phone, I may spoof myself.

Re: T-mobile to T-mobile only?

[bobbied]

This problem is not unique to cell calls, it happens on POTS lines too. It's been around for decades.

Re:T-mobile to T-mobile only?

[ceesco]

True, but probably around 50% of the spam calls I get are spoofed from my own NPA/NXX, presumably because it looks familiar. Since that would also likely be owned by T-Mobile, I don't see the harm in it. ANY reduction is a plus.

Re: T-mobile to T-mobile only?

It seems to be an US thing. Never heard it happening in Germany.

Re: T-mobile to T-mobile only?

[damn_registrars]

or sends straight to voicemail.

Why do you want to waste time listening to spam voicemail?

From my experience the spam calls almost never leave voicemail, if they are leaving a voicemail it's because I actually gave them my number at some point. The spam calls don't want to be called back as it could potentially lead to them being identified. After all, the vast majority of them - as mentioned in the summary - are spoofing numbers to begin with.

Re: T-mobile to T-mobile only?

[Obfuscant]

From my experience the spam calls almost never leave voicemail,

From mine, it is a semi-regular occurrence. I walk out of work and see voicemail with no missed call to go with it.

The spam calls don't want to be called back as it could potentially lead to them being identified.

Nothing about leaving voicemail requires leaving a valid callback number. Perhaps the callers who do this do, I don't know. It's usually Chinese gibberish.

Re: T-mobile to T-mobile only?

your legitimate reason to spoof seems to be entirely for your own convenience with no consideration for the massive inconvenience to millions of people that spoofing has created

Re:T-mobile to T-mobile only?

[Kyogreex]

I would think this would be less useful for stopping spoofers so much as letting customers know that they can trust particular calls.

Re:T-mobile to T-mobile only?

[vlueboy]

True, but probably around 50% of the spam calls I get are spoofed from my own NPA/NXX, presumably because it looks familiar

Mobile:
Not sure if you use a smartphone, but in mid 2018 F-droid added a "Blacklist Blocker" app (com.kaliturin.blacklist). "Blacklist" is a misnomer -- even the official description shows coverage for whitelisting or contacts-only or blacklisting. I am a new user and see that there are combinations of some of the above possible.

Setting the blacklist filter to "contains" for your 6 significant digits should help kill those obvious 10k neighbor spoofs. The "starts with" blacklist should block whole area codes, but I haven't tested if the 1 or the "+" are required in the input string --I get quite a bit of unique area codes so it'd take a long time training against the obvious, and then finding creative ways to block swathes without killing local calls from people who aren't close enough to be in my contact list yet but have received by personal business card ... or (gasp!) resume.

It would be nice if phone apps would just do a straight hangup. The voicemail door should be sacred --not completely dropping a "blocked" caller is stupid and I suspect the Android APIs are designed to be limited.

Landlines:
Fake caller ID is are bigger pain for my landline than my cell, even before finding blocking features in the past couple years. The cableco and the my expensive decade-old house phone fail to include regex support. Nomorobo's design forces a lingering single ring for blocked calls.

I've not done enough research but am fairly close to getting a combo of a Raspberry Pi plus an Obi 110 or similar model (I'm not sure if I missed any converters). Blocking neighbor calls isn't a new thing as seen a 2012 post mentioning blocking "xxx555xxxx" https://toao.net/503-blocking-...

There are some devices that force a sort Robot test on ALL non-whitelisted calls. One must manually enter "1" or some pre-configured number before the landline even rings, but some legit robocalls would be impacted and I'm not sure about multilanguage language support, and false positives / logging.

If this Tmobile thing proves to be as widespread as DKIM was for email, then perhaps in 10 years we'll be able to notice some positive changes (but predictably, better robots and human-assisted dialing will be involved)

Re: T-mobile to T-mobile only?

Personally, it's super rare that I get these kinds of calls on tmobile. I have their scam block feature (free) enabled, and what it does is prevent calls that don't appear to come from a valid carrier from being able to connect to your number. I simultaneously carry a Sprint phone, and Sprint is shit so they don't have that feature at all, and I get these calls all the time on that phone.

That scam block feature works really well. I think most tmobile customers either haven't heard of it, or are concerned that it might block legit calls (it's possible, but highly unlikely. I personally haven't heard of anybody not being able to reach me at a time that my phone didn't have logged as a call that I just didn't answer.)

Re:T-mobile to T-mobile only?

[fred6666]

they won't trust the call. The only thing they can trust is not being spoofed by other T-mobile customers

Re: T-mobile to T-mobile only?

[damn_registrars]

The spam calls don't want to be called back as it could potentially lead to them being identified.

Nothing about leaving voicemail requires leaving a valid callback number.

True, though it isn't very useful for the person who left the message to not leave a valid callback number. I have yet to get a voicemail that asked me to visit a website, send an email, send a text to a number that is not standard for my county, visit a physical location, etc (though I'm sure some exist).

Perhaps the callers who do this do, I don't know. It's usually Chinese gibberish.

I have been getting the Chinese singing spam at my phone at work. When I get them they come from a Chicago number (in my case right time zone wrong state). One time I answered one and started mashing buttons on the keypad and eventually got a live person who then asked me a question in Chinese. I said hello and he hung up. The correlation might not be meaningful but I haven't had the call since.

How about the spammers paying the telcos?

[Shaitan]

Seems like a feature that is all about unauthorized spam and not spam in general.

Re:How about the spammers paying the telcos?

[Obfuscant]

I'm fascinated that someone thinks there is such a thing as "authorized spam", as opposed to "unauthorized spam".

Re:How about the spammers paying the telcos?

[Shaitan]

"I'm fascinated that someone thinks there is such a thing as "authorized spam", as opposed to "unauthorized spam"."

Oh, are you one of those who thinks the authorized sort isn't spam? If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users? If I've signed up for texts about the latest sales from company x would you still classify that as spam?

By my account both are spam and are authorized or unauthorized from the perspectives of either t-mobile or the user though one doesn't necessarily agree with the other. Some guy in china selling Viagra is likely viewed as unauthorized by both.

Personally, I'm of the opinion that carriers should transit everything, with payment only coming from users, by default while expending effort to empower users to effectively block things. If implemented well they can block the carrier transiting the spam (to them) and/or block at their device at the users discretion with the carrier level block carrying the added benefit of alleviating load on their infrastructure. With a good API the user could employee third party smart tools to help with this task.

The last party who should have any discretion about what is blocked is the carrier let alone open support to build revenue streams based on abusing that sort of discretion.

Re:How about the spammers paying the telcos?

[Obfuscant]

Oh, are you one of those who thinks the authorized sort isn't spam?

The authorized sort of what? By DEFINITION, spam is unsolicited. If you authorize the contact, it is no longer spam. That means that calling something "unauthorized spam" is redundant, and implies you think there is "authorized spam". There is not.

If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users?

Of COURSE it is spam, because it is unauthorized, unsolicited contact.

What, are you one of those who thinks that the MEDIUM provider can authorize unsolicited commercial contacts to you? Why do you give them that authority?

If I've signed up for texts about the latest sales from company x would you still classify that as spam?

Of course not. And solicited texts are not the topic of this discussion.

Personally, I'm of the opinion that carriers should transit everything,

Unless they are instructed not to by the user. But this, too, is offtopic, because T-Mobile is not blocking anything with this new system.

Re:How about the spammers paying the telcos?

[Antique+Geekmeister]

There are multiple definitions for "spam". Bulk email and voicemail is considered spam by many people, even if it fits the legal requirements of the "CAN-SPAM" act and is from a company you've agreed, in writing, can contact you for commercial offers, or one for which you've opted in.

Re:How about the spammers paying the telcos?

Yep, this is just a way to monetize the spammers; to get a "verified" status, the revenue sharing model is needed between spammer and telco.

Our landline provider marking spam calls

Our caller ID box for a FIOS landline has been marking some calls as SPAM? for about six months. I wish this were true for all spam and spoofed calls. The latest, just two hours ago, was a medical scam with Caller ID "SPAM HEALTH CO."

Existential crisis for voice calling

[sinij]

I think excessive spam is existential crisis for voice calling. I no longer answer any calls from unknown numbers as chances of spam are near-certain. This has been going on for couple years, to the point that I permanently silenced voice call notifications on my phone - no vibrations, no ringing. Consequently, now it is much harder for legitimate callers to get through.

Re:Existential crisis for voice calling

[Oswald+McWeany]

I think excessive spam is existential crisis for voice calling. I no longer answer any calls from unknown numbers as chances of spam are near-certain. This has been going on for couple years, to the point that I permanently silenced voice call notifications on my phone - no vibrations, no ringing. Consequently, now it is much harder for legitimate callers to get through.

I have to answer because I'm always on call, before then I used to have a blacklist app on my phone which automatically sent to voice mail any number not in my contact list.

Re:Existential crisis for voice calling

U R a gigolo?

Re:Existential crisis for voice calling

I have to answer because I'm always on call,

On call for anyone, or just the company / selected corporate customers?

You can set an audible ringtone for those in your contact list - (if the number of legitimate callers are limited) and have "silence" as the default ringtone for others.

Re:Existential crisis for voice calling

[vlueboy]

I have to answer because I'm always on call,

On call for anyone, or just the company / selected corporate customers?

You can set an audible ringtone for those in your contact list - (if the number of legitimate callers are limited) and have "silence" as the default ringtone for others.

If something goes wrong and they're missing in action for a technical failure of their own making, it's not good enough to scapegoat an employee's unexpected / secret whitelists. Blame avoidance doesn't work that way.

Being on call requires being able to handle unforeseen circumstances, including getting non-silent calls from some vicepresident* stepping in for an answer while Rome is burning on your watch.

* eg: people whose personal numbers you'd never have been allowed to know in advance... and who have all right to swap said "known" numbers without prior notice after they get a new shiny smartphone.

Re:Existential crisis for voice calling

[Antique+Geekmeister]

I also have to accept unknown calls: I don't always have the phone numbers of every employee or contract partner who may have urgent business with me, especially when a surprising disaster occurs. I and some of my colleagues are the "third tier" of escalation for many different projects.

Been Available For A Long Time

[WankerWeasel]

AT&T and Verizon have provided services like this for over 2 years (Sprint may also). AT&T Call Protect is an app you can download to do so and it's free.

Re:Been Available For A Long Time

but the AT&T app does little or nothing to prevent the majority of scam calls (hate calling them spam calls..., they are scammers after all!) Maybe only after enough users report the number as a scam/fraud, and the caller being too stupid to change forged caller ID (that's a crime, right???) does the AT&T Call Protect app have any value. I think it is maybe of some good to soothe you because maybe you did 'something' to combat the problem by reporting them.

Re:Been Available For A Long Time

[omnichad]

An app does not have access to carrier ANI data that's routed with the call. So if you're spoofing using real local numbers, they can't mark those as spam. Otherwise that actual customer being spoofed would show as spam when they make outgoing calls.

Re:Been Available For A Long Time

[bobbied]

Yup.. The only 100% solution (or the only one that could possibly be 100%) is to *require* any call that enters a switch be from either a trusted source (such as another switch who only accepts trusted calls itself) or from untrusted PBX's for which you have validated the ANI, DNS, Billing number to be associated with that PBX's owner. That way spammers cannot spoof any number they want, but only numbers they are registered for or the call won't be routed.

How about you give us control?

[MikeRT]

I would prefer to just whitelist my contacts at this point. If I don't know you, I don't want to take a phone call from a seemingly random number. With all of the problems around strangers and kids, I can't believe that the industry is so pigheaded on making this a standard feature.

Re:How about you give us control?

[grasshoppa]

It's not a bad idea for those that can do it. Unfortunately, some of us communicate with new numbers daily.

I tried the whitelisting method a while back, and I missed too many business calls to make it worth while. Had to turn it off.

Re:How about you give us control?

[mark-t]

That sucks if you are doing something that requires you be ready to accept calls from people you don't personally know, such as during a job hunt, where you don't necessarily know the exact number that a person who may call you for an interview will show up as.

Re:How about you give us control?

[The-Ixian]

I started receiving an increasingly large number of phone calls over the last year or so. To the point now where I get at least one a day.

I screwed around with Tasker on my Android phone to see if I could set up a whitelist and wasn't really able to get it to do what I needed.

I ended up buying the pro version of "Calls Blacklist PRO" which, despite the name, actually can function as a whitelist as well.

Since installing that app, I have had zero spam calls and all of my normal calls come through just fine. It's perfect.

Re:How about you give us control?

[dissy]

I'm reversing the sentences of your post in my reply (disclosure to others)

With all of the problems around strangers and kids, I can't believe that the industry is so pigheaded on making this a standard feature.

Nearly everyone doesn't and can't use phones that way. No phone company will spend time and money on a feature that only a fraction of a fraction of a percent of their customers would like.
That said, I'm one of those lucky few who can and does exactly this, so maybe this will help:

I would prefer to just whitelist my contacts at this point. If I don't know you, I don't want to take a phone call from a seemingly random number.

One can do this on Android and iPhone fairly easily.

Android, free app called "Call Blocker"
https://play.google.com/store/apps/details?id=com.vladlee.callblocker&hl=en_US

Lets you only allow calls from contacts and a whitelist you can make.
There are lots of other apps to do basically this but I've only used this one.

iPhone is built in but is unintuitively is under settings and then "do not disturb"
Turn do not disturb on, and set to always silence.
Lower down is an "allow calls from" that overrides DnD, change it from none to contacts. Or check/uncheck contact groups if you use them.

The phone won't ring or display the call, but they will show up in your missed call log still.

Scam Likely

[ardmhacha]

I use T-Mobile and recently they have been marking some incoming calls as "Scam Likely"

Re:Scam Likely

That is a feature you can turn on or off. As is the even better feature "Scam Block" where instead of saying "Scan Likely" they just drop the call.

Re:Scam Likely

[vlueboy]

That is a feature you can turn on or off. As is the even better feature "Scam Block" where instead of saying "Scan Likely" they just drop the call.

The "scam likely" marker is free and convenient, and a default on some Tmobile phones, but still manages to tantalizingly wave at your face. That interrupts a few seconds of your life, and if you're playing music or listening to text-to-speech, there's not always a smooth transition back from that. IIRC the scam "block" feature is an upgrade that requires a monthly payment [~$5?] for their "effort." It's a bit like the old trialware and demo days where all the non-stupid features were behind a paywall...

What about spam calls "from" my phone number?

[UnknownSoldier]

It's disgusting that in this day and age we have to put up with spam calls that appear to be coming from the SAME bloody phone number as our phones!

I guess the telcos are more interested in money then respecting customer's time.

What can customers do to change the situation since the FCC appears to be doing fuck all about it ?

Re:What about spam calls "from" my phone number?

You can start a new telco that drop the "caller ID" numbers, and displays the real billable numbers instead. For the telco always knows who to bill for any call. They know the real number.

This will of course break some legitimate use cases for "caller ID spoofing", but that is not important. After all - all your paying customers will want this! Those who wish to spoof (legitimate or not) is a small minority so they simply won't be heard. This is how you break caller ID spoofing.

Re:What about spam calls "from" my phone number?

By law, they have to put the call thru. Contact the FCC if you want something done. Call verification is something.

Re:What about spam calls "from" my phone number?

[jbmartin6]

If you answer, is there a person on the other end pretending to be you?

Re:What about spam calls "from" my phone number?

[bobbied]

This is how mass confusion ensues and how you break cell calling...

Cell calls are routinely routed all over the place using source and destination numbers that only have a passing association with your handset. Unless you happen to be in your handset's home MSC (unlikely) then when you make a call, the ANI is not going to be your actual phone number, but a transitory number assigned by the MSC to the call you are making. For the voice circuits to get setup, this number has to map to a specific MSC so the switches can select the physical trunks to route the circuit onto. Your phone number only routes to your home MSC, from there it's remapped for routing purposes, same in reverse, when you call out.

Unfortunately this won't be an easy thing to change.

Re:What about spam calls "from" my phone number?

[bobbied]

If you answer, is there a person on the other end pretending to be you?

Can I then talk to myself and not be considered crazy? THAT's The real question.

Re:What about spam calls "from" my phone number?

Not anymore. FCC just changed it a couple months ago.

Re:What about spam calls "from" my phone number?

[mentil]

Probably since many people have their own number in their contact list, to call voice mail. That makes the phone ring for people who only let it ring for numbers on their contact list.

Re:What about spam calls "from" my phone number?

Bullshit. The solution is very simple. Have all the cell numbers in a global prefix, separate from all other prefixes. That is how it works in most any other country.

Re:What about spam calls "from" my phone number?

Ultimately, they have to be able to determine whom to bill for the call. The origin is KNOWN. But they allow spoofing. Forcing them to reveal the actual originating number would NOT be a difficult thing, but it WOULD cut into profits. Want to see how fast it could be done ? Add a $100/call fine for misidentified calls and watch all the majors fix it overnight.

Re:What about spam calls "from" my phone number?

[UnknownSoldier]

Do you have to talk out loud to be considered crazy ? :-)

Re:What about spam calls "from" my phone number?

What can customers do to change the situation since the FCC appears to be doing fuck all about it ?

Other than bend over for a different perspective?

/sarcasm off

Not much unfortunately. They've got us by the balls in more ways than one. That's not about to change anytime soon, but you can try and make people aware of the issue. Good luck with that though, given all the other bullshit we've got going on.

Re:What about spam calls "from" my phone number?

[UnknownSoldier]

No one gives a fuck about your political alignment or ideology.

Stop trying to push some bullshit narrative that is irreverent to the discussion at hand.

Re:What about spam calls "from" my phone number?

[amorsen]

You can start a new telco that drop the "caller ID" numbers, and displays the real billable numbers instead. For the telco always knows who to bill for any call. They know the real number.

They only know the real number for calls coming from their own customers. For calls received from another provider, all bets are off. This is why the T-Mobile solution only covers T-Mobile customers.

Re:What about spam calls "from" my phone number?

Moron.

Huh?

Coming from a country where the caller pays and it's free to receive calls on mobiles, spam calls to mobiles are non existent. I get the odd tech support scam to my landline.

Re:Huh?

Coming from a country where the caller pays and it's free to receive calls on mobiles, spam calls to mobiles are non existent. I get the odd tech support scam to my landline.

In the US there's no per-call charge anymore for the most part, either initiating or receiving to mobile or landline. There are few, if any, mobile plans anymore that don't include unlimited minutes.

Just block spam

[crow]

They need to just block anything that they can determine is spam. To start with, if the number is registered with the same carrier, it should be trivial to verify that the call is genuine, and drop it otherwise. Then they add something where they pass this verification on when sending calls outside the network, so if the call is from a number registered to Verizon, but Verizon hasn't verified it, it gets dropped, regardless of the carrier.

The lack of any system like this indicates that the phone companies don't want to solve the problem. I believe they make some small amount of money on putting calls through, and they don't want the volume of calls to drop.

Re:Just block spam

[omnichad]

Caller ID spoofing is still required by a lot of business telephone systems - especially regarding outgoing calls on an MLTS. They can really only vet their own numbers right now. And that probably isn't even enough to stop local number spoofing because of the number of wireless and landline carriers in a given area.

Re:Just block spam

Either the business owns the number or they don't. This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX. Doesn't mean the PBX should be allowed to spoof numbers willy-nilly. If there's some weird use case where a company wants to use numbers it doesn't own (maybe an outsourced call center, who knows) - too bad, so sad - they can always set their number as missing. And then people being called are free to ignore those calls.

Re: Just block spam

OK letâ(TM)s think about the edge cases:
1) call originates within T-Mobile network
2) call originated from AT&T or whoever corporate lines
Does it work with the second case? If not then there is little hope the carriers would roll something like this out across networks for a very long time

Re:Just block spam

[omnichad]

This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX.

And numbers can come from more than one carrier. This infrastructure doesn't exist yet. I own a phone number through Google Voice, but I spoof that number when calling out from my home PBX so that return calls hit my cell phone too.

Google Voice, in turn, spoofs the numbers of the caller when forwarding incoming calls to my cell so that I know who the forwarded calls are coming from. Google does not own the numbers at all here, but it's still a legal use case for spoofing the numbers.

Re:Just block spam

[bobbied]

Either the business owns the number or they don't. This requires some infrastructure on the carrier side to determine whether the number should be allowed to be set by the PBX. Doesn't mean the PBX should be allowed to spoof numbers willy-nilly. If there's some weird use case where a company wants to use numbers it doesn't own (maybe an outsourced call center, who knows) - too bad, so sad - they can always set their number as missing. And then people being called are free to ignore those calls.

They can also just forward the inbound call from specific numbers to the outsourced call center themselves. Yea it burns up two trunk lines per inbound call, but (as you say) to bad, so sad, consider it a cost of doing business.

Re:Just block spam

[RhettLivingston]

In similar fashion, my Google Home is set to spoof my cell's Verizon number whenever I use it to call out.

Re: Just block spam

it's not required. it's just a matter of convenience to those companies, and it's just a matter of convenience to the folks posting itt who use voip or whatever.

Just do the right thing and update

[hAckz0r]

Update the phone software system to get with the 21st century. A simple change, where the caller's provider takes a signed and registered cryptologic hash of the callers information and the receivers information and presents that during the call initiation, The receivers provider checks the certificate and verifies that the same provided information hashes to the exact same value, and that the certificate used matches the registered callers provider certificate, which is signed by a central governing authority in that country. At that point, the provider is verifying and attesting to the fact that the caller is who they say they are, and the provider is on the hook if the call was somehow spoofed within their own network.

Then add the feature where you push an extra button to encrypt the session

Re:Just do the right thing and update

[mark-t]

I would suggest that there should be no need for a governing authority... just an augmentation to the protocol for completing a call.

Right now a caller sends call display info, that can remain... what can happen at the recipients end is that the destination makes a sort of "half-call" back to the calling number, asking that number if it really called the destination. If there is no response, then the call display number can be considered unverified, but if the sending number affirms that yes, it really is calling that number, then the number can be considered verified. Everything else stays the same.

All numbers would therefore be unverified until a response is received, which should not take any longer to do than completing a connection to make a phone call (so perhaps one or two ring cycles). If a caller transmits a fake number, then your end will get no response, whether the number they transmit is a real number somewhere or not, because the number as it would be reached by your end isn't actually trying to call you, and your call display unit could show that it is unverified.

Spammers only use methods where they don't pay

[WCMI92]

Which is why this is meaningless.

Re:Spammers only use methods where they don't pay

Which is why we must make them pay! The next time a robo-caller calls you, press 1 to connect you with a real person. They have to pay that real person (even if they are some poor guy in India) to talk to you. The longer you keep them on the line the more it costs the spammer. Pretend you can't hear them. Pretend you are looking for your credit card while you watch TV instead. If every robo-call ended up connecting with a real person who had to put up with stuff like this, it would stop tomorrow. Right now they can robo-call a million people and only pay something for the 1% who might fall for their scam. We have to make it very expensive for spammers to find those 'suckers born every minute'.

Spammers don't use T-Mobile

This only works for calls between two phones on the T-Mobile network. Spammers don't use T-Mobile.

Only one phone, and only TMo to TMo?

[OneHundredAndTen]

Really? Why bother, TMo?

Re:Only one phone, and only TMo to TMo?

[Mousit]

Really? Why bother, TMo?

That limitation is temporary. I wish the summary had bothered to mention anything about the technical side of what T-Mobile's doing, because it's news for nerds after all.

What T-Mobile is implementing is a technical standard known as STIR/SHAKEN which is explicitly designed to prevent spoofed calls, among other things. Even the FCC itself (PDF) back in 2015/2016 was big on this particular framework for combating robocalls. So much so that one of the very, very few things Ajit Pai managed to do right for consumers was have the FCC require (PDF) that U.S. telecoms implement STIR/SHAKEN, and do so "without delay". Oh yeah, and they're required to interoperate.

So right now the Note9 is the first phone to support it. Others will follow. I'm sure Apple devices will get it quickly, probably with iOS 13 this year. And to respond to your specific complaint, it's "only TMo to TMo" right now because they're the first to implement the framework. Once the other telcos get their STIR/SHAKEN setups going, calls between networks should also be able to be verified.

And just for funsies, here's a full hour-long (!) video on the framework and how it works, as well its status in various countries, not just the U.S.

Re:Only one phone, and only TMo to TMo?

[mentil]

a technical standard known as STIR/SHAKEN

I bet spies just LOVE that.

Re:Only one phone, and only TMo to TMo?

Awesome, thanks!

Here 's a summary of the provider responses
Looks like there'll be several implementations this year.

Re:Only one phone, and only TMo to TMo?

[strikethree]

If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and sending random voltages down them... and the results of THAT will not leave my own network anyways.

No. If this requires technology on MY end as a consumer, then this is not about preventing spoofing, it is about tracking and gathering data, presumably to monetize it.

Re:Only one phone, and only TMo to TMo?

[Mousit]

If it requires any sort of technology on my own phone, then they are doing it WRONG. The telephone network is no different than the Internet network. If I am an ISP or Telecom provider, nothing enters my network without permission and nothing exits my network without permission. Source and destination, within my own network, is essentially guaranteed. I am not letting anything into my network without a known, by me, source and destination. There is ZERO room for "unknown" activity without cutting wires and sending random voltages down them... and the results of THAT will not leave my own network anyways.

No. If this requires technology on MY end as a consumer, then this is not about preventing spoofing, it is about tracking and gathering data, presumably to monetize it.

I gather you did not even glance at the linked whitepapers? I'll quote the relevant line. "Using STIR/SHAKEN, the call is authenticated by the calling party’s service provider that digitally signs the calling number. The called party’s service provider validates the digital signature to verify the calling party identity. The SHAKEN governance framework defines how service providers are authenticated and authorized by a certificate authority to digitally secure the calling number of telephone calls." Emphasis mine. STIR/SHAKEN in and of itself works between providers, and does not require technology on the consumer end device.

However, until (or rather, a big if..) STIR/SHAKEN becomes universal (or at least reaches a point where a critical mass/majority of providers have implemented it), a service provider can't feasibly block unverified calls wholesale. They could certainly offer the customer that as an option perhaps, with plenty of warnings about the caveats, but doing it by default would block tons of legitimate calls that are unverified through no fault of the calling party, but rather because their telecom provider simply hasn't implemented the tech yet. So, bearing that in mind, the end user needs some way to know which calls have been verified and which haven't so they can decide for themselves whether to answer or not. The small piece that does require the phone's participation is the part that makes the phone aware that this STIR/SHAKEN transaction is going on in the background between the service providers. i.e., the part where the phone literally displays "Call Verified" or "Call Unverified" on the screen. That's all. The actual verification process itself requires no participation on the phone's end. Basically, it's the same concept as Caller ID. CID signalling works whether your phone supports it or not. You only need tech in your phone if you want to actually see the CID data.

There is a reply from an AC on this thread too that linked to responses from telecom providers about their implementation status. They make plenty of mention that they will begin signing/verifying calls all calls originating from their networks, regardless of whether the customer can see it or not, though several mention working on "displays" for the customer to see the verification results.

Here's a better idea

Fix the broken system so that caller spoofing is impossible. It won't stop the robodiallers, spammers, etc., but it'll make it a lot easier to create definitive block lists.

For all phones please :)

[Lonewolf666]

I really could use something similar on my landline. The technical prerequisites for detecting and preventing caller ID spoofing are there, but where I live (Germany) CLIRO is sadly only available for special called parties like police and emergency services. CLIRO stands for Calling Line Identification Restriction Override and means that the real caller ID is always transferred.

But perhaps something like CLIRO Light could be introduced, where spoofed calls are automatically rejected at the telephone exchange, without or without notifying the called party. I would happily activate something like that. It would kill 90% of all spam calls because the spammers would run a much larger risk of being identified and fined.

Come on

About fucking time.

T-Mo doesn't care about your privacy

so they're preventing spam to the phone numbers that they sold to third parties in the first place.

F them, I'll stick with my current provider.

"authorized"

Oh, are you one of those who thinks the authorized sort isn't spam? If I'm a business who pays t-mobile to let me blast their customers is that not still spam to their users? If I've signed up for texts about the latest sales from company x would you still classify that as spam?

[Everyone see the problem with this paragraph? It comes up often in conversations where the verb "authorize" is used. Authorized by who? For adjudicating spam, the receiver's authorization is what matters.]

In your first example, the T-Mobile authorized the business to send the messages, but their authorization doesn't play a role in whether it's spam or not. The receiver didn't authorize, so therefore it's spam.

In your second example, the user signed up for messages (he authorized the vendor to send text), so it's not spam.

"Authorized spam" doesn't really make much sense. It's either an attempt to form an oxymoron (if "authorized" refers to the receiver) or it's deceitful (if "authorized" refers to an irrelevant party).

Re:"authorized"

[Shaitan]

"Authorized by who? For adjudicating spam, the receiver's authorization is what matters."

That is begging the question.

"In your first example, the T-Mobile authorized the business to send the messages, but their authorization doesn't play a role in whether it's spam or not."

Says you, and obviously me since that is the stance I took in the post you are agreeing with and repeating points from while taking a tone that suggests you are arguing. T-Mobile on the other hand would argue that they own the network and that mass and commercial messages THEY don't authorize constitute abusive and possibly a form of unauthorized systems access. T-Mobile could argue that even messages the user does want can be spamming their network.

""Authorized spam" doesn't really make much sense."

It does if other parties can and do have other ideas of spam and "authorized" than you, even if yours is the "right one." The post you originally argued with was using the term to point out and highlight what may well be shady practice by T-Mobile... if you are taking offense to it I'd have to question your motive because not having such a term makes it hard to distinguish between say a person sending a flyer with a roll of stamps and a business paying the USPS to drop everyone in a zip code with a mailer. As a user I want neither of them, the USPS might not want to call the zip code mailer spam.

"the user signed up for messages (he authorized the vendor to send text), so it's not spam"

Disagree, if I don't want to see it, it's spam whether I signed up for it or not. If you make me sign up for your mailing list to get a coupon, still spam. Everyone is trying to strongarm you into signing up for their crap or trick you into doing it accidentally or failing to provide a fine grain option allowing you to refuse advertising from them while still being signed up for business communication. Just because you authorize it, doesn't mean it isn't spam and your provider selling or endorsing it certainly doesn't mean it isn't spam.

Re:"authorized"

[Obfuscant]

That is begging the question.

No, it was precisely the point. Spam is UNAUTHORIZED, always. As soon as you authorize the contact, it is no longer spam BY DEFINITION. It may be commercial, it may be bulk, but it not unsolicited.

T-Mobile on the other hand would argue that they own the network and that mass and commercial messages THEY don't authorize constitute abusive and possibly a form of unauthorized systems access.

Oh for Christ's sake. There is nothing about them authorizing the messages, it has everything to do with the claimed SOURCE of the message (the caller ID data) matching the SOURCE of the message (the actual calling number as they know it from their own system information.) They can't authorize unsolicited junk messages to you, they don't have the authority, and THEY AREN'T CLAIMING THEY DO.

Disagree, if I don't want to see it, it's spam whether I signed up for it or not.

You are schizophrenic. If you signed up for the contact, then you authorized it and it is not spam. By definition. You may not want to see that specific message, but you did solicit it.

while taking a tone that suggests you are arguing.

Both of us are telling you that there is no such thing as "the authorized sort" of spam. Calling any spam "unauthorized spam" and then referring to "spam in general" means you think there is, indeed, authorized spam. This is IMPOSSIBLE. It does not exist.

And what T-Mobile is doing is not blocking spam -- of any kind. They make no such distinction. They are labeling some calls as likely scams because the caller ID data doesn't match their own verifiable caller source data. That's all. If you want to answer such calls, you are free to do so. If you don't want to, don't. Just don't fuck around with the definition of spam and try to argue that some spam is authorized and some is not.

Re:"authorized"

[Shaitan]

"And what T-Mobile is doing is not blocking spam -- of any kind. They make no such distinction. They are labeling some calls as likely scams because the caller ID data doesn't match their own verifiable caller source data. That's all."

For now in order to get better identification and exploit the new commercial opportunities afforded by net neutrality and if not T-mobile which admittedly is far from the worst along those lines it will be another carrier soon enough.

As for what is spam BY DEFINITION, there is no official and universal definition of this slang term and no amount of foaming at the mouth and asserting otherwise will make it so. I don't own one, you don't own one, and neither does anyone else. Opt-in, out-opt, at what point have you authorized it? Hell, messages from a script you yourself wrote blasting to your screen at annoying frequency is generally referred to as "spam." Pretty much any annoying and unwanted or bulk communication is considered spam. Why do you think everyone typically gets their own individual tagging capabilities for spam and not spam? We have some loose agreement on spam but individually do not agree on the details.

But using my definition available tools will work just fine targeting yours, targeting your definition I will still ultimately end up with a bunch of unwanted spam. Everything under the promotion tab in gmail is authorized spam.

Re:"authorized"

[Obfuscant]

For now in order to get better identification and exploit the new commercial opportunities afforded by net neutrality

This has nothing at all to do with net neutrality.

As for what is spam BY DEFINITION, there is no official and universal definition of this slang term

I'm sorry you came late to the party. Unsolicited commercial email. UCE. Unsolicited.

and no amount of foaming at the mouth and asserting otherwise will make it so.

That's right. Your foaming at the mouth about how you get spam after you signed up for a mailing list in exchange for a coupon for something doesn't make the email spam. It make it solicited.

Opt-in, out-opt, at what point have you authorized it?

I'm sorry that English is not your first language. At the point you authorized the email or contact. That is opting-in. When you sign up for it.

Hell, messages from a script you yourself wrote blasting to your screen at annoying frequency is generally referred to as "spam."

Only by morons who want to get worked up into a lather about all the spam they get.

Pretty much any annoying and unwanted or bulk communication is considered spam.

I emphasized the important bit. So you agree, if you have authorized it, thus saying you want it, it isn't spam. Good. Good bye.

Do people outside of the US have a phone system?

[bryanbrunton]

Is it just the United States that suffers from a non-functioning phone system?

Seriously, the US phone system is so over run with SPAM phone calls that land lines are useless and the problem is now destroying the cell system.

Do people in other countries suffer from the problem?

Re:Do people outside of the US have a phone system

[Registered+Coward+v2]

Is it just the United States that suffers from a non-functioning phone system?

Seriously, the US phone system is so over run with SPAM phone calls that land lines are useless and the problem is now destroying the cell system.

Do people in other countries suffer from the problem?

Anecdotally, I get very few spam / scam calls. I do get solicitations but those are from organizations where I regularly donate and thus do not mind them. Most of the spam I get is political calls during election season; and the occasional tech support / credit card rate scams.I work is slow I'll often play with the scammers for a while out of boredom. There's nothing like getting one to start screaming at you and laughing back at them.

Re:Do people outside of the US have a phone system

[bobbied]

In Europe, Calling Party Pays, is the rule, so spammers don't like to make spam calls to cell phones because it costs them money over POTS calls.

The phone system in the US suffers from being "first" and needing to provide backwards compatibility. We also have "called party pays" for cell phones, which means the spammers are free to call any phone number without any added cost.

So I'm not so quick to disparage the US's system, but obviously there are technologic solutions we need to apply here. I'm for requiring the verification and registration of all spoofed numbers, if it's not in the list and doesn't belong to you and you attempt to spoof a number, it gets routed to the great bit bucket and you get the "I'm sorry, your call cannot be completed as dialed..." intercept.

Too little, too late

[nospam007]

Now that almost nobody accepts calls and relies on texts and messaging, it's a bit late for that.

Question

[quonset]

Maybe it's just me, but if I see a call come from a number I don't know, I don't answer the phone.

Does this mean people have become Pavlovian to answering their phone regardless of anything else? Wouldn't it be easier to simply not answer the phone every time it rings? Or is that too simplistic?

Re:Question

That's good in theory but if its a business line that gets called by random customers or prospects you can't just ignore unknown numbers.

Re:Question

[amorsen]

The spammers are working on using numbers you DO know as caller-ID. It isn't widespread. Yet.

Re:Do people outside of the US have a phone system

Depends. I used to run operations in an east european subsidiary of Deutche Telecom. Local regulations required us that we overwrite any callerid sent to us by our customers that did not match the number plan that we have assigned to that customer. One day a marketing agency customer called us in panic, as apparently they were visited by some ... well built men ... upset about being constantly cold called about buying ads.

We also dropped any incoming call originating from outside our network claiming to be from a number within our numbering plan, the same as we did on the IP side. No source that claimed to be our own IPs coming form the upstream connections was allowed.

Why didn't caller ID have verification from the st

It's alarming that anybody can go to one of the many number-spoofing web sites, or download a number-spoofing app to their phone, and impersonate anyone.

  No tech skills required

  Most people take what displays on a Caller-ID as gospel, even if they heard of number spoofing. People can lose relationships, or even get beat up and killed over this (and I am sure there are many cases where this happened).

  It was very criminal for companies to NOT have designed in verification when Caller ID was drawn up, built, and then introduced to the public decades ago.

  How come it took until 2019 for any real security measures to be implimented?

Legitimate uses

[TheMeuge]

I am worried that in the hurry to curb inappropriate number spoofing, we'll lose the ability to legitimately use such a service. They should have a system to check if the user is AUTHORIZED to use a number.

For example, as a physician I use a dialing service to be able to place calls from my cell phone to my patients, which identify as coming from my office.

Re: Legitimate uses

i too am greatly concerned about your fucking convenience

Re:Why didn't caller ID have verification from the

[nerdonamotorcycle]

It's for the same reason that TCP/IP networks and most of the associated protocols (SMTP, telnet, etc.) originally did not have any security designed in. During the design phase, the assumption was made that only trusted entities were going to be connecting to the network. Turned out in both cases that that was a bad assumption, unfortunately.

I wish AT&T would do this

[JustAnotherOldGuy]

I wish AT&T would do this, as I get shitloads of calls on my AT&T service.

I've resorted to wildcard blocking certain partial numbers to help stifle it, but this is really something they could do on their end.