I think the intent to block spoofing is to prevent people from using
telephone numbers they do not own. I once had a client that had the FBI
show up on his doorstep because they said they traced a call back to his
company. The number they were interested in was an unallocated TN in his
PBX. Apparently someone had gotten ahold of that TN and was using it for
nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never
understand why they can't use their skills to make money legally. Why
does one need to make mountains of money illegally when they can make
enough to support themselves legally? Many create such a boatload of
damage within a small amount of time that their poor innocent victims
are detrimentally impacted by. I guess they don't care who they hurt.
One can only hope Karma comes calling for them one day and reimburses
them ten fold.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
> "Spoofing" is the standard term, even used in FCC docs, to mean that a person
> is placing a call from telephone number X using a voice service S, where
> calls placed from the PSTN to X don't always traverse service S.
>
> Of course this happens in conventional SIP trunking and wholesale
> interconnect _all the time. _It's so prevalent and normal that it's hard to
> even wrap your telecom head around what the FCC and the US congress even
> means. Why would you assume S is a symmetrical service for both placing and
> receiving calls? Does someone really think UPS or Bank Of America or even
> then local Memorial Hospital are seriously placing calls from exactly one
> place, or using a different "phone line" for each outbound call?
>
> And they do understand that it's extremely common. Read some discussion in
> the latest FNRPM from last month --
>
> https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf
> Attending conferences in this space and listening to FCC staffers, there is
> actually no push that I perceive to eliminate spoofing. But, there IS a push
> to eliminate the blind trust that anybody has the right to call from a
> telephone number, simply because they use it to populate the From header. In
> the latest suggestions from the FCC, what we might see are additional steps
> of vetting to determine you do have the right to place calls from a telephone
> number and the proper name that should be provided on that number.
>
> As of today, the "Know Your Customer" policy and practices of legitimate
> service providers will ensure the SP takes steps to confirm the right to
> place calls from the telephone numbers they use as the calling part number
> for outbound calls.
>
> In your example, Twilio was screening your calling party numbers. They
> probably have a list of telephone numbers from which you can call. I'm almost
> certain they have a process by which you can provide evidence you have the
> right to call from those numbers, and they'll update the screen list.
>
> Mark R Lindsey
> Member of Technical Staff / VP
> +1-229-316-0013
> https://info.ecg.co/lindsey
>
> On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps
> <[email protected]> wrote:
>
>> I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's
>> going on, but I just ran into a 3rd party service for medical offices that
>> expects us to spoof Caller ID.
>>
>> The service works like this:
>> * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical
>> office
>> * It's after hours and they are busy with other calls
>> * Their phone system turns around and forwards my call to a 3rd-party number
>> (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>)
>> * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's
>> Office", so their system accesses his patient database and looks for my
>> patient record with the phone number 123-456-7890 and someone answers the
>> call saying "Thanks for calling Dr. Bob's office".
>>
>> My understanding is the ability to spoof Caller ID info across the PSTN is
>> going away.
>>
>> I tested, and I certainly can't do it with a Twilio SIP trunk.
>>
>> The main reason I'm curious is I have a customer that has their own phone
>> system that I help them manage (FreePBX linked to Twilio). They just
>> purchased an office that uses a 3rd-party phone provider (Weave) along with
>> this 3rd-party answering service, and they are somewhat upset that I can't
>> make it work with their existing phone system. The third-party answering
>> service doesn't have any way of interconnecting other than spoofing Caller
>> ID over the PSTN to a random number they assigned to the medical office.
>>
>> Are services like this going the way of the dodo? Are they having to set up
>> private SIP trunks between clients to get this functionality? Do some VoIP
>> providers allow you to spoof Caller ID for this purpose under some sort of
>> agreement?
>>
>> Thanks,
>>
>> -A _______________________________________________
>> VoiceOps mailing list -- [email protected]
>> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
>> To unsubscribe send an email to [email protected]
>
> _______________________________________________
> VoiceOps mailing list -- [email protected]
> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
> To unsubscribe send an email to [email protected]_______________________________________________
VoiceOps mailing list -- [email protected]
https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
To unsubscribe send an email to [email protected]
