Make a free way to identify persons that call your phone number. This would prevent
Some spam calls.
5 Likes
Good idea, but technology is against you. With land lines you could type *69 and it would tell you the number that called you. Today you get the number for free, but it can be inaccurate. Dialing *68 will disable the Caller ID for the next outbound / external call only. It is probably pretty easy to have software dial that before the phone number to block their ID. “What does * 87 do on your phone? — The Daily VPN”
- There is a federal law preventing phone “spoofing”, or using invalid ID information. “Caller ID Spoofing | Federal Communications Commission” and “Federal Register :: Truth in Caller ID Rules”. It does not seem to stop Spammers or Robocalls, especially if they are calling from a foreign country.
- Interesting article about the hazards of phone “spoofing”. Check out the “using caller ID spoofing to facilitate SIM swapping fraud” info. Scary.
- There are free phone apps you can download that let you use a different phone number, not associated with you, that allows you to call or text someone. A Google or Duck Duck Go search shows many of them.
- I have been on the Federal and State No Call Lists for years but I still get them.
I wish you luck.
3 Likes
Caller ID lookups exist (I use one for my day job frequently) - search Caller ID Test (you have to provide an e-mail address and you can make up to 5 queries a day). But I will tell you it is of little use.
Most of the phone numbers the spammers use are not used by anybody and are being used at random (so for example all the calls I get on my cell phone are from the same area code as my cell phone - even though they are calling from elsewhere).
There is a mandate to implement STIR/SHAKEN, a protocol that verifies the authenticity of the calling party, and reject or flag calls that don’t meet the criteria. While the major telephone companies have implemented it, there are some that are doing actions to help spammers get around it (at the risk of being forced out of business) - The FCC is cracking down on those who are not in compliance, and several hundred telephone companies have already been disconnected from the US network (along with millions of dollars in penalties), so we are winning the war, but we can’t declare victory yet. There are also additional enforcement rules coming in the next 24 months that will further close those workarounds.
2 Likes
The government could require every entity doing business in USA to be registered in a searchable database with required telephone numbers and email addresses that will be used. We could also have a database where citizens could report calls that are not found in the database, and an enforcement arm that would find these illegal entities, and stop them. Hopefully with fines large enough to fund the whole operation.
1 Like
I don’t know why this hasn’t happened yet technologically: Don’t most calls calls route through the internet now? Two-way (direct) traffic on the internet requires both ends to have an IP address for the other end; the only way around that is to have an intermediate server which speaks to both ends. If the phone circuit worked the same—return traffic being routed to the caller ID number—it would prevent caller ID spoofing.
Who would maintain that database and verify it for accuracy? Several individual states already require telemarketers to register with them, in addition to remaining in compliance with the Federal “Telephone Consumer Protection Act” (“TCPA”) and the Federal “Telemarketing Sales Rule” (“TSR”). It’s complex enough that most legitimate telemarketers have one or more people dedicated to insuring that they remain in compliance.
All of this has been around for years, add to that the recent technological advancement called “STIR/SHAKEN” that is meant to deny calls if they are using an unauthorized number (and participation by the telephone companies is mandatory).
There is already such a database to report calls as part of the “Do Not Call” list. The FCC does monitor those reports, and will pursue the worst of the bad actors. The problem is too many of the bad actors use spoofing and are originating from outside the United States, making identifying and pursuing them difficult.
That is the purpose of STIR/SHAKEN, to provide a chain of trust as the calls are passed from one service provider to another (there’s also a reputation score, and most wireless providers will deny the call outright or at minimum mark it as spam to the called party). Most calls do route over Internet now, with some exceptions.
You are correct - but there are a lot of intermediate servers involved. There’s also converters that convert legacy phone circuits into Internet traffic. Since the Legacy phone circuits can’t work with STIR/SHAKEN the chain of trust is broken. Also when calls originate outside the US, the call is supposed to have STIR/SHAKEN applied at the point it enters the US network (what’s called a gateway) - the problem is the gateway operators being used by the bad actors are not checking for spoofing and just passing the calls with a wrong trust score or invalid STIR/SHAKEN value.
The FCC is aggressively going after these “rogue” gateway operators, and well over a thousand have already been disconnected from the US network. Sadly some of the worst have figured out if they get shut down they set up a new business with “new” owners (usually a relative or partner) and get a new STIR/SHAKEN key and resume operating until they’re caught and shut down again (similar to the serial squatters that once they finally get evicted from one victim’s house they just move into the next and the cycle repeats)
With STIR/SHAKEN, the first company the call originates on is supposed to look and say that I see a call from number x originating on a circuit from company y - is number x in our system affiliated with company y? If yes, allow the call, if no, don’t allow the call.
Again we’re back to the “rogue” gateways - they don’t have a database to validate against (although they should be able to identify the number as coming from an international origin with a US number, and deny it based on that - but the “rogue” operators won’t do that).
All calls that traverse the internet actually have a message that looks like an e-mail address, basically [phone number]@[host IP address], the called party is formatted the same way - the phone numbers are in an international standard format (what we in the industry call E.164) - but as the call pass through the intermediate systems those host IP addresses may get modified, but also an additional line is added at each step along the way showing each point of travel (look at an e-mail’s hidden headers for a good example of what it looks like).
Sorry for the wordy response, I’ve been in the telecom business (primarily supporting private enterprises) for nearly 30 years, and deal with STIR/SHAKEN compliance on a daily basis.
1 Like
Most agreed.