On Nov 7, 2008, at 12:28 PM, Trixter aka Bret McDanel wrote: > On Fri, 2008-11-07 at 11:24 -0800, John Todd wrote: >> It would be possible right now to create a filter mechanism that >> would >> allow you to whitelist/blacklist callers based on "Caller ID" in the >> From: header, using existing DNS tools with probably very few >> downsides. > > I do it with enum, if there is a response its blacklisted, the same > way > RBLs work, in fact at one time before you were with digium I had > approached you (John) about doing something like this, but it never > went > anywhere (dont feel bad others that had other infrastructure that was > better suited to do this also said yes then it went silent). I had > given up on doing this a couple years ago because I couldnt find > anyone > else particularly interested in actually going past the talking stage. > > I had even planned on doing different routes based on the call, which > would terminate locally of course, but that way you could flag calls > based on commercial, religious, political, scam, etc so that custom > responses could be generated at the end users desire for each group, > or > allow some types but not others. > > > There are some quirks in the way that asterisk deals with enum that > would make this less desirable, but they can be overcome. And because > its enum its not a single product solution, or a lot of new code, it > would literally be a dialplan change for anyone that wants it, and > enum > being a standard it should work in a reliable way regardless of what > switch technology was used, so long as it does enum.
As with most things, if there is an economic incentive, it will get done. The problem with "VoIP spam" is light, and there seems to be little incentive on even traditional telephony networks to outlay money to solve the problem. False positives are also a serious problem; no service provider wants to be in the situation of explaining why calls from Aunt Millie are sent to a legal-sounding announcement asking never to call again. Just like joe-jobbing, voice spammers will quickly figure out that they should send the caller ID of someone trusted, like a bank, or Aunt Millie. Other issues standing in the way of a centralized blacklist: a trust model for reporters and for clients, a reputable brokerage, a set of rules for addition/subtraction to the list, a lawsuit threat from blacklisted numbers, and the host of other nightmares that has already plagued the email spam methods. The privacy issue alone is nightmarish - some central system, not under my company's control, is going to see EVERY SINGLE caller ID that comes into my switches? Holy private information leakage, Batman! Please don't take this to be a discouragement of the process - I'm all in favor of such a tool, and I might even use it, and my comments are negative because I've put so much time into thinking about the problem and trying to come up with a workable method. But the technical solution is only about 1/4 of the total effort and problem set. Personally, it would be sufficient for me if I could just pick up the phone on a new inbound call, hear a telemarketer, press the (theoretical) "Spam" button on my phone, and then my _local_ phone system would never let that number through again. A distributed model is great and much more effective, but much more difficult to wrap one's arms around. As you say, Asterisk can do all these things easily already in the dialplan - now it's up to someone (you? e164.org? someone else?) to put it all together in a way that people will use (if they want to use it, which remains to be seen.) You might find this interface API interesting for some people who have already collected some set of e.164 addresses and allow for query and commentary and even some Asterisk AGI scripts for lookup/submission: http://whocalled.us/about PS: Somewhat related to this topic - I've never once received a "spam" SIP call, meaning a call from someone who I didn't want to hear from. This speaks to how disappointingly rarely SIP URIs are used as inbound calling pointers. I've often received "broken" calls (people testing their setups) but not "spam" calls. I'm just not sure the market exists for solutions to a problem that doesn't exist yet. This is different than using Asterisk to screen traditional PSTN calls for spammish nature, which we talk about above. JT --- John Todd [EMAIL PROTECTED] +1-256-428-6083 Asterisk Open Source Community Director _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
