Fun part is that just because it's a telnyx number with a checkmark, it
doesn't mean the call came from Telnyx, just that the call came from a
carrier that gave the call attestation A. As the carrier, we can see who
signed the call (it's an x509 certificate, signed by the STI-PA, with
the carrier's name and OCN in it) and hold them accountable for the
traffic, which is huge.
But that's where the confusion will lie - a customer might say well this
is a verizon wireless number, i'll yell at them! But the actual call
came in through Lumen, and they're the ones who can stop it. A carrier
can see the cert, but you can just get the verstat flag from the
P-Asserted-Identity field in the call to the handset and see that it
passed the tests for attestation A.
Just because you don't see a checkmark doesn't mean signatures aren't
happening. Attestation B and C aren't displayed on the handset (but are
seen in the carrier's systems) and most androids don't have a way to
display stir/shaken stuff yet. T-Mobile doesn't send the verstat header
to handsets they don't verify as s/s compliant (usually only ones they
sell). My trick was to sim swap into an iphone for a day, then back to
my android which started displaying the verification after that.
It's all new, but just because you don't see it doesn't mean it's not
there. Report the calls to your carrier, they have new tools to track
down the misbehavior.
On 7/2/21 8:32 AM, Nick Olsen wrote:
Not all have implemented it yet. But if you haven't. You were supposed
to implement some kind of robo calling mitigation plan (Or atleast
certify that you have one). At $dayjob we're fully deployed (inbound
and outbound).
I received my first ever STIR/SHAKEN signed (iPhone Check mark, highly
scientific) spam call on my personal Cell phone on 6/30. It was a
Telnyx number. Had the call terminated to $dayjob network. I fully
would have collected all various information and ticketed it with Telnyx.
Time will tell how truly effective this is. But we have better
originating information now (breadcrumbs) to follow back to the source.
On Thu, Jul 1, 2021 at 5:42 PM Andreas Ott <andr...@naund.org
<mailto:andr...@naund.org>> wrote:
On Thu, Jul 1, 2021 at 12:56 PM Keith Medcalf <kmedc...@dessus.com
<mailto:kmedc...@dessus.com>> wrote:
... and the end carrier is making money for terminating them.
Survey (of n=1) says: nothing has changed, aka the new technology
is not working. I just received the same kind of recorded message
call of "something something renew auto warranty" on my AT&T
u-Verse line. This time when I called back the displayed caller ID
number it was ring-no-answer, versus the previous "you have
reached a number that is no longer in service". By terminating the
call the carrier made probably more money than it would cost them
to enforce the new rules.
Other than the donotcall.gov <http://donotcall.gov> portal, is
there a new way to report the obvious failure of STIR/SHAKEN?
-andreas
