Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-11 Thread Michael Thomas
On 7/10/21 12:09 PM, b...@theworld.com wrote: No, the root of the problem is the telcos making billions on these robocalls. Make that illegal, start fining them billions (whatever it takes), and it will stop. We've already had this discussion on nanog, recently, and people who were in that

RE: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-10 Thread bzs
No, the root of the problem is the telcos making billions on these robocalls. Make that illegal, start fining them billions (whatever it takes), and it will stop. We've already had this discussion on nanog, recently, and people who were in that business stood up to affirm that yes indeed-y

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread goemon--- via NANOG
On Fri, 9 Jul 2021, K. Scott Helms wrote: Nothing will change immediately.  Having said that, I do expect that we will see much more effective enforcement.  The investigations will come from the ITG (Industry Traceback Group) with enforcement coming from FCC or FTC depending on the actual

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Michael Thomas
On 7/9/21 3:44 PM, Keith Medcalf wrote: On Friday, 9 July, 2021 16:32, K. Scott Helms wrote: Robocalls really aren't a product of the legacy PSTN. Today almost none of them originate from anywhere but VOIP. Now, you can certainly say that if SS7 had robust authentication mechanisms that we

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Michael Thomas
On 7/9/21 3:32 PM, K. Scott Helms wrote: On Fri, Jul 9, 2021 at 4:47 PM Michael Thomas > wrote: On 7/9/21 1:36 PM, K. Scott Helms wrote: > Nothing will change immediately.  Having said that, I do expect that > we will see much more effective

RE: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Keith Medcalf
>On Friday, 9 July, 2021 16:32, K. Scott Helms wrote: >Robocalls really aren't a product of the legacy PSTN. Today almost none >of them originate from anywhere but VOIP. Now, you can certainly say >that if SS7 had robust authentication mechanisms that we could then trust >caller ID (more) but

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread K. Scott Helms
On Fri, Jul 9, 2021 at 4:47 PM Michael Thomas wrote: > > On 7/9/21 1:36 PM, K. Scott Helms wrote: > > Nothing will change immediately. Having said that, I do expect that > > we will see much more effective enforcement. The investigations will > > come from the ITG (Industry Traceback Group)

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Michael Thomas
On 7/9/21 1:36 PM, K. Scott Helms wrote: Nothing will change immediately.  Having said that, I do expect that we will see much more effective enforcement. The investigations will come from the ITG (Industry Traceback Group) with enforcement coming from FCC or FTC depending on the actual

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread K. Scott Helms
Nothing will change immediately. Having said that, I do expect that we will see much more effective enforcement. The investigations will come from the ITG (Industry Traceback Group) with enforcement coming from FCC or FTC depending on the actual offense. The problem has been that it's been far

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread goemon--- via NANOG
On Fri, 9 Jul 2021, Michael Thomas wrote: Nothing has changed for me either. Color me surprised. The real proof will be to see if the originating domain can be determined, and whether the receiving domain does anything about it. Why would they do anything? The traffic is revenue. What is

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Michael Thomas
Nothing has changed for me either. Color me surprised. The real proof will be to see if the originating domain can be determined, and whether the receiving domain does anything about it. Mike On 7/9/21 9:42 AM, Brandon Svec via NANOG wrote: I’m getting the same or more, but did anyone really

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Brandon Svec via NANOG
I’m getting the same or more, but did anyone really expect they would stop July 1? It will take time for complaints to be tracked down and operators to take actions, right? Brandon On Fri, Jul 9, 2021 at 6:49 AM Josh Luthman wrote: > Subjectively speaking, I'm still getting the same amount of

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Josh Luthman
Subjectively speaking, I'm still getting the same amount of spam phone calls. I'm certainly getting a lot more spam SMS to my cell. Almost all of them in my entire life starting July 1... Josh Luthman 24/7 Help Desk: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Jeff Shultz
All I know is that I am getting a lot fewer bogus calls on my cell phone than I was this time last month. On Fri, Jul 9, 2021, 06:17 Ryan Finnesey via NANOG wrote: > This should help with Robo calls a lot. > > -Original Message- > From: NANOG On > Behalf Of Sean Donelan > Sent:

RE: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-09 Thread Ryan Finnesey via NANOG
This should help with Robo calls a lot. -Original Message- From: NANOG On Behalf Of Sean Donelan Sent: Wednesday, June 30, 2021 2:31 PM To: nanog@nanog.org Subject: SITR/SHAKEN implementation in effect today (June 30 2021) STIR/SHAKEN Broadly Implemented Starting Today

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-02 Thread Michael Thomas
People who are actually interested in this subject are well advised to read this thoroughly because it equally applies to SIP spam with a system far less complex and far fewer gaping security holes as STIR. https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf Mike On

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-02 Thread Michael Thomas
On 7/1/21 1:05 PM, Paul Timmins wrote: On 7/1/21 3:53 PM, Keith Medcalf wrote: And this is why this problem will not be solved. The "open relay" is making money from processing the calls, and the end carrier is making money for terminating them. Until fine(s) -- hopefully millions of

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-02 Thread Paul Timmins
Fun part is that just because it's a telnyx number with a checkmark, it doesn't mean the call came from Telnyx, just that the call came from a carrier that gave the call attestation A. As the carrier, we can see who signed the call (it's an x509 certificate, signed by the STI-PA, with the

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-02 Thread Nick Olsen
Not all have implemented it yet. But if you haven't. You were supposed to implement some kind of robo calling mitigation plan (Or atleast certify that you have one). At $dayjob we're fully deployed (inbound and outbound). I received my first ever STIR/SHAKEN signed (iPhone Check mark, highly

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-01 Thread Andreas Ott
On Thu, Jul 1, 2021 at 12:56 PM Keith Medcalf wrote: > ... and the end carrier is making money for terminating them. Survey (of n=1) says: nothing has changed, aka the new technology is not working. I just received the same kind of recorded message call of "something something renew auto

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-01 Thread Paul Timmins
On 7/1/21 3:53 PM, Keith Medcalf wrote: And this is why this problem will not be solved. The "open relay" is making money from processing the calls, and the end carrier is making money for terminating them. Until fine(s) -- hopefully millions of them, one for each improperly terminated

RE: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-07-01 Thread Keith Medcalf
>On Wednesday, 30 June, 2021 13:53, Michael Thomas wrote: >From an automated standpoint, I really don't care about whether a phone >number is authentic, I care about the domain that onramped it so I can >theoretically punish it. It's the people who are allowing the spoofing >that is the real

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-06-30 Thread Michael Thomas
On 6/30/21 12:17 PM, Paul Timmins wrote: On 6/30/21 2:56 PM, Michael Thomas wrote: Just because you can know (fsvo "know") that a call is allowed to assert a number doesn't change anything unless other actions are taken. With DKIM which is far simpler than STIR it would require reputation

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-06-30 Thread Paul Timmins
On 6/30/21 2:56 PM, Michael Thomas wrote: Just because you can know (fsvo "know") that a call is allowed to assert a number doesn't change anything unless other actions are taken. With DKIM which is far simpler than STIR it would require reputation systems that don't seem to have been

Re: SITR/SHAKEN implementation in effect today (June 30 2021)

2021-06-30 Thread Michael Thomas
On 6/30/21 11:30 AM, Sean Donelan wrote: STIR/SHAKEN Broadly Implemented Starting Today https://www.fcc.gov/document/stirshaken-broadly-implemented-starting-today WASHINGTON, June 30, 2021—FCC Acting Chairwoman Jessica Rosenworcel today announced that the largest voice service providers