Hacker News new | past | comments | ask | show | jobs | submit login
The FCC Has Fined Robocallers $208M, Collected $6,790 (wsj.com)
914 points by simonebrunozzi 26 days ago | hide | past | web | favorite | 413 comments

A lot of people point out that telecom companies should do something but aren't because it's lucrative for them or too expensive to fix.

Are telecom companies not realizing how much they are hurting themselves with this in the long term? People will stop using phone numbers altogether. Using the phone has become such a pain, at least in the US, that whenever I can, I used different ways of communicating. WhatsApp, iMesage, Skype, etc. The incessant robocalls have definitely motivated me to move away from traditional phone calls faster than I would otherwise.

Lastly, maybe this is what these companies want, i.e., that I just use their data plan, but then that makes me way less likely to stay loyal.

They are slow to act because it is unclear whether it is justified in the law for them to block what they believe is spam or if a customer wants to receive a call.

Section 202 of Telecommunications Act details that telecoms cannot discriminate connections so they have been unwilling to block spam if it can lead to breaking the law[1]. The FCC has been trying to change that by rolling out new guidance on what can definitely be blocked[2]. One of the new rules defines a new legal safe harbor for carriers that block calls that are unauthenticated using a new protocol that is expected to be rolled out by year end, 2019.

[1]: https://www.law.cornell.edu/uscode/text/47/202 [2]: https://www.fcc.gov/document/fcc-affirms-robocall-blocking-d...

They don't have to block anything. Just make sure that any caller id number is validated and registered to the company making calls. I shouldn't be receiving calls from local numbers that are actually Indian call centers threatening that the police are on their way unless I pay my IRS bill with iTunes gift cards.

Services like twilio avoid this easily by simply requiring me to purchase the callback number or at least validate that I have control of the callback number I want to use.

As I understand it, there is no way to validate caller ID when it comes from another carrier. They're testing STIR/SHAKEN which supposedly fixed this, although I'm unclear on how long that will really take to roll out and actually be turned. I'm also unsure how well it will actually work, I haven't looked at how it will be implemented.

While robocalling should be blocked, they need to give consumers power to block their own calls by forwarding the originator information. The CallerID simply allows for deception, but if you provide the originator information and I know the call is coming from a country where I don't know anyone (whether it be the number, a voip address, or a shady phone company) I can preemptively block them adblock/ubo style and share that list collectively with my friends and the internet. Anything short is only going to delay the death of the relevancy of the phone number.

"Are telecom companies not realizing how much they are hurting themselves"

After seeing cable companies fail to get into the internet, I'm convinced companies try to stop progress instead of embracing it. They don't see progress as an opportunity, but rather as a threat. They don't realize how much they are hurting themselves.

I read an interesting article on here about the rise of the cell phone camera, the amount of R&D into it compared to traditional cameras, and how slowly traditional camera manufacturers have progressed. Sure, cell phones have to overcome a smaller sensor... but traditional camera sales have been obliterated.

The go to example of this will always be Kodak.

Steven Sasson invented the first digital camera (and a device to display it on) in 1975 while working at R&D at Kodak. He had a fully functional DSLR by 1989, complete with memory cards. Kodak never released his work, never manufactured that camera. They kept the patent of the work and sat on it, and when others tried to innovate and create a digital camera, Kodak sued them with that patent and kept suing people right up until the patent ran out in 2007. By 2012, the company was bankrupt.

Innovation, true innovation that really pushes technology forward, is anathema to the average business.

A "use it or lose it" clause would be great for patent law.

While I appreciate how hard it would be to implement properly, I don't think that should be an impediment to getting the process started.

>While I appreciate how hard it would be to implement properly

Isn't that part of what it means to acquire a patent? Trying to get a patent on something that I don't yet know how to actually implement should be denied, right?

Nope. It's actually best practice to get one even without an implementation because usually the threat of a lawsuit is enough of a chilling effect to keep the competition guessing.

Of course the risk is that if someone else challenges you on it, and you can't provide the implementation, you can have your patent invalidated.

At least that's my understanding of the tactics of patent warfare.

>Kodak never released his work, never manufactured that camera

other than selling $20 million worth of 1991 Kodak DCS 100, and following it with many more advanced models ....

Selling just under 1000 refitted nikon cameras over 4 years doesn't seem like pushing digital cameras hard. They even brought the nikon bodies through retail.[0]

If that's not dragging your feet I don't know what is. They could have defined the marked for professional digital cameras. Instead they just proved that a digital nikon would work nicely.


That is one of several reasons that innovation in the U.S. is mortally wounded.

> Kodak never released his work, never manufactured that camera. They kept the patent of the work and sat on it, and when others tried to innovate and create a digital camera, Kodak sued them with that patent and kept suing people right up until the patent ran out in 2007. By 2012, the company was bankrupt.

I bought a Kodak digital camera in the 90s, and other brands too, so I doubt that version of events.

did you buy a Kodak dslr, or just a digital camera? I'm guessing there's some difference?

You're right there's a difference and it wasn't a DSLR. The comment I responded to wasn't entirely clear that Kodak only blocked the development of a digital DSLR, if that's what was meant.

> when others tried to innovate and create a digital camera, Kodak sued them

This is especially true of big companies or companies that only have a few competitors, which is why it's high time to save American capitalism with a round of good old fashioned trust busting.

Somewhat related, can anyone explain why in the world Fox would allow the entire World Series to be sponsored by YouTube Live? They have to be a competitive threat, no?

I don’t believe Fox is a competitor with YouTube Live; doesn’t YTL include Fox as one of its streaming channels? Particularly with NBC’s Hulu and ABC’s Disney+, they may actually see YTL taking off as a good thing.

Fox probably has very little choice. YouTube TV's sponsorship agreement is with MLB. I can't imagine MLB's World Series broadcast contract with Fox gives them much if any say in the matter.

I'm already there wanting to stop using phone numbers. So. Much. There.

I haven't had a "land line" in multiple-decades. My short list of "the next thing" requires:

- Ability to install on a mobile device without any connection to a "phone number." Phone numbers in my mind are dead. - Skip the synchronous social convention of calling. Everything should be async by default. You don't ever cause someone's device to interrupt them. This is already culturally "accepted" with SMS. Unopened messages are deleted after some number of days. - With permission, these asynchronous messages should be forwardable. You give permission in advance of course, and then you can avoid having to repeat yourself again and again. - TMDA style whitelisting for unknown public keys wishing for contact. Addresses need some kind of seniority (older than 30-days) and some reasonable integration into the network at large (vouching connections between other people with "skin in the game", akin to a shared reputation--If I could remember the name of that early social network that tried to do this, avogato.org? Something like that.) - Mesh networking forever. Decentralize it all.

This is not something that I think can be a "startup," because this needs to be a protocol, not tied to any firm. If anyone's software works with the protocol, then let the "best installable" win. The closest thing to this right now is Scuttlebutt protocol and if someone could re-introduce contact sharing via "bumping" (using the accelerometer and GPS location and time together) devices together to exchange public keys, that particular bit of UX could go a long way to making it easier to adopt. However, the worst part of Scuttlebutt's capabilities has been the storage consumption for very popular identities that often consumes all the available memory on smaller devices. It needs data-storage hygenics--some way for the end-user to state what kind of data they want to keep and what they wish to ignore.

> I haven't had a "land line" in multiple-decades.

I'd love to have a land line but it completely stopped working decades ago. After deregulation, no one was responsible.

Countless attempts to get anyone to fix it were in vain.

This year I saw a thick line completely knocked down by a fallen tree. I called the power company. They said it was a telephone line not a power line. And that there wasn't anyone left for them to contact to get it fixed. Asking around I found it actually didn't matter. No one was actually using it. No one has land lines any more. The technology is obsolete, irrelevant, and should be removed.

The technology is also more reliable than modern wireless

I remember many times where everything else was out of service except the good old POTS line...


I grew up in a very wooded area myself. And it was also my experience that when the electricity was out, the phone lines would still tend to work.

It's funny how some regions insist on not burying their communication lines. Or maybe funny how others insist on burying. Because like so many things it's a tradeoff, what you win in reliability nines you loose in bandwidth trailing zeros. Upgrading underground infrastructure is so damn expensive.

I live in Central Kansas. In our house there's next to no cell service. We could switch providers, but then we'd be in a dead area every time we drove a few miles. No carrier has good coverage in our area. Without a landline we would even have trouble calling 911. Thankfully POTS is still alive here at least.

Until I moved to my current locale, I had pretty reliable landline service from century link and frontier, I've not tried to order a land line from AT&T yet, but it's theoretically possible.

Yeah but phone companies are still selling you the data plans.

Is there a reason the FCC can't fine the telecoms for allowing the illegal calls? My guess is they'd fix the problem pretty quick.

They could easily fine the carrier that is interconnecting the robo callers. The telecom lobby doesn’t want to fix the issues since they make money from robo callers and also selling services to block the robo callers.

The souce may very well be outdide the US, with no sure way to spot spam. I'm all against imperial hegemony and all, but i doubt the UN eould care if they sent some stealth bombers after the spamers.

International carriers still interconnect with a us carrier to deliver the calls. Spam is really easy to detect. Short call durations and lots of different call to numbers.

Even just giving origin information would help, if the local end of the interconnect ensured calls show the international dial-code as a minimum then that would help; instead we get (in UK) international calls (India, primarily) with caller ID showing a local number (sometimes your own number, I think) ... the interconnect certainly shouldn't be facilitating that.

That's easier said than done.

SS7 its the primarily utilized protocol stack nowadays. The PTSN (Public Telephone Switching Network) and the Internet have been combined for a while now.

The problematic part of SS7 is it allows for setting arbitrary unauthenticated origination info in the rough equivalent of a "From" field in the initiation process.

There are attempts ongoing to attempt to implement a "Web of Trust" layer a la TLS on in front of the preexisting telephony infrastructure in the form of STIR/SHAKEN, but it'll have some of the same warts that current "Web of Trust" implementations now currently suffer.

It was my understanding that in PSTN at country-level boundaries the operators choose to forward calls, and do billing and such recording: at that point they decide whether to put the call to the local country network or not. If the call has meta-data as if its come from the local country then they could drop the call request, but they establish the voice call [because call senders pay more than call receivers, presumably].

Is that incorrect?


Telecoms aren't responsible for who uses their service, or what they do on it—thats why they are classified as a utility.

Sure, but there could be DMCA-style “you’re not liable, unless we point it out to you and you don’t act on the information” mechanisms.

It feels super reasonable to ask for telecoms to blacklist stuff after complaints

They are currently empowered to do that already. You just have to give explicit consent.

Can we get that same logic applied to data transmissions occurring on the same circuits then?

Define "illegal call" and how you'd classify that before the call happens. You'll see why it's not done.

Yoy don't need to classify it before it happens. You classify it after it happens.

The context was:

> fine the telecoms for allowing the illegal calls

You can certainly fine companies for making illegal calls. But you can't easily fine telcos for allowing them. That requires you to know the call is going to be illegal.

That is exactley why centralized solutions are winning the market over decentralized ones. No one wants to deal with evil actors within decentralized system.

Users are even ready to give up open protocol for proprietary one (imessage, etc).

Spam filters work OK. They just take a lot of work to develop and aren't perfect.

Closed platforms can also be spammed. Twitch, HN comments, etc.

They are indeed hurting their business for short term profits. Due to a number of robocalls I receive, I decided to ignore and block all calls from landline numbers. 99% of landline call I receive, are from robocalls these days. If someone wants to call me with a landline number, they must inform me first and I will store their number on my phone.

That's pretty clever, I didn't even consider this as an option. How do you block landlines?

I currently have 'do not disturb' on and whitelist my contacts but it's not ideal.

In my country, landlines starts with certain code. So I simply ignore and block any number that starts with those code. I hate robocalls. I wish there was a way to reject all calls coming from numbers who aren't on my contact list.

> I wish there was a way to reject all calls coming from numbers who aren't on my contact list.

What kind of phone do you have? There are definitely Android apps that do this. This is the one I happen to use, there are many others: https://play.google.com/store/apps/details?id=com.grus.callb...

I am using an iPhone. I wouldn't mind switching back to Android just for this feature.

This is already built into iOS, no 3rd-party software required (which would probably just siphon off your contacts).

Just go to: Settings > Phone > Silence Unknown Callers

(Calls from unknown numbers will be silenced, sent to voicemail, and displayed in the Recents list.

Incoming calls will continue to ring from people in your contacts, recent outgoing calls, and Siri Suggestions)

Blocking all unknown numbers is fairly standard.

Defining a silent ringtone by default, and a non-silent one for your contacts, is another.

Better management tools on phones themselves would be a bonus.

My phone is always on silent. Unless I am expecting a very important call. I prefer not to be notified. I am even tempted to invest some time and write an app that does exactly what I want -> Reject all calls from unknown numbers.

I've opted out of PSTN entirely, for the past few years.

That's my goal too.

If you don't mind my asking, why?

I've identified a few possibly concerns:

- Privacy.

- Avoiding distraction.

- Cost.


To avoid distraction. Majority of calls I received from landline numbers, are from robocalls.

Thanks, interesting, and understandable.

long term thinking is in short supply because nothing in our economy incentivizes it.

this comment has been a rollecoaster. I've been downvoted I think 6 times and had an equal amount of upvotes. Speaks volume about the composition of this forum.

Many services and businesses will not do business with you if you do not have a phone number. The most common example would be delivery services, but there are many others.

Have people been able to get around these limitations? and how is it done? I hate having a phone as much as anyone else.

> Have people been able to get around these limitations? and how is it done?

Just put in random crap. 555-555-5555 works almost everywhere. They don't want to call you anyway, that costs way more than an email.

Thank you, it had not occurred to me to just make one up. Some services will verify with text message, but many do not.

Actually... I think you just convinced me to switch. I think I'm going to permanently enable do not disturb for anyone not on my call list.

Why would it make you more or less likely to stay loyal? Phone numbers are already portable, so you don't need to stay loyal currently.

Yes, there is already quite a bit of flexibility to move with your number. Maybe "loyalty" is not the best word.

What I meant to say is that, right now, my provider is the one who has substantial control over my main id of communication, i.e. phone number. This adds additional friction to move to a different provider, but also move across borders and so on. As my way of communicating moves onto other services, the telcos do not control my id anymore. Everything becomes easier and less friction. For example, if I could, I would probably buy a data plan from one telco and a phone number from another, and I would experiment with my data much more, shop around etc.

> there is already quite a bit of flexibility to move with your number

Oh yeah?

I've been paying for number portability for I guess at least 30 years.

I was just told by my cell provider this week that as of next month the 3G networks are being shut down and I have to buy a new phone from them.

I said sure, I already have an unactivated no-contract phone I got on clearance, let's transfer my number to that one.

They said, sorry, no can do, you can only transfer the number to a phone you bought from us.

I said wait I've been paying for number transferability, something I didn't even want, for literally decades, and you're saying I can't do it?

In the end I bought a $15 flip phone, switched carriers, and now have a stupid new number.

Number portability is a fiction and a scam. I paid that fee for 30 years and it did nothing. Fuck everyone involved in making me pay for that scam. Almost but not quite as bad as insurance, another total scam that never pays and is designed for suckers.

Are you in the US? I assume not because I have never heard of a "number transferability" fee, in the US it is required that carriers allow numbers to be ported out by law, for free

Just got rid of my landline this month. Just too many robocalls at all hours. Never anything that I need to hear about.

How is loyalty a concern if they're all doing it? Who are you going to go to?

The solution is simple, and I've proposed it before.

If someone used spoofing to break the law, there's strict liability for some kind of statutory damages, say $100, applicable to everyone across the chain. I.e. I can sue Verizon for sending the call to my phone, Verizon can sue whoever connected to their network, they can sue whoever spoofed on their network, etc.

This will quickly lead to networks requiring proof of authorization or at least posting some kind of bond to be allowed to spoof numbers.

And there's no real downside. Nobody has a pressing need to spoof but not enough to post a bond convincing the phone networks that they won't break the law.

> The solution is simple, and I've proposed it before.

Actually, I think the solution is even simpler, and is already in place here in Europe: Make all calls cost a minimum of $0.25 to the caller.

The issue right now is that having a robot call a million phone lines costs basically peanuts. If a million phone calls cost $250,000 instead, then this sort of spam calling wouldn't be effective anymore.

And you don't have to wonder what it looks like. In Europe and the UK, the caller has always paid for the entire connection, including the airtime of mobile phones. It doesn't cost you a dime to receive calls on your mobile phone in the UK; but it costs the caller around 20p per minute. As a result, robocalling mobile phones is not cost effective.

No need for complicated regulatory intervention in this case.

So if I buy a $20 prepaid cell phone for cash and use it to robocall ten of my friends, they'd share $1000?

A network shouldn't allow a $20 prepaid cell phone to spoof numbers. Give it one number, if it starts spamming it can easily be blocked.

Yes, my $20 prepaid cell phone would only have one number, and would be blocked after my friends report the robocalls.

But whence comes the $1000 my friends are now owed, for the calls made before their complaints were filed?

I specified the fine would be for spoofing that broke the laws.

That would eliminate spoofing, which would make it much easier to identify where the bad calls are actually coming from.

Stating the obvious: you won't be able to buy a $20 burner without an ID and deposit if it can cause your carrier to incur a $1000 fine.

Yeah, a fail2ban would be great. Bell labs ushered in a lot of our infrastructure, it isn't like baby bells haven't been involved in the ecosystem that creates these tools, it looks like they aren't willing to lose any traffic.

Yeah, let's throw out the entire idea, because it is not perfect. Spoofing is the main problem here. If that was blocked the $20 disposable phone would be much harder and more expensive to exploit (his many disposable phones they would have to use to perform a single successful campaign?

Clearly you missed the part where the OP said SPOOFING of numbers.

Spoofing is a huge security issue, robocalling is annoying.

Things don't happen in a vacuum, don't be so dismissive. There would probably have been put something in place to stop a $20 sim from doing these things in the first place.

You could, but you also need to take into account the number travels with the SIM, not the handset.

The SIM is you. People already buy burner SIM's, and many countries have started to implement tighter controls on SIM purchasing in order to aid law enforcement's ability to track down telephony enabled crime.

So carriers are responsible for policing the content of calls?

I can think of no more blatant way to ruin net neutrality.

Not the content. The caller ID.

I agree, anyone, everywhere and anywhere in "the chain" is liable immediately - - that will change things promptly as Telecoms will not allow themselves to be liable . . .

I see people here saying that spoofed numbers is the problem. Maybe it's a big part of it, but at the end of the day, the phone companies are complicit with the criminals because there's no good reason that these robocalls can't be treated like a DoS attack.

These crooks make millions, of calls every year. My first employer was apparently making robocalls, though none of us were aware of it(there was a call center with actual human beings), and they were cracked down on by the FTC a few years ago.


The way I see it, there's no good technological reason why a system couldn't detect millions of calls coming from one place, compare that with the number of complaints and number-spoofs, and trigger an investigation. The dinosaur phone system needs to either go extinct or be reformed, and the telecom companies don't give a fuck. Every time I've asked either T-mobile or AT&T to block the relentless robocalls, they tell me to install some 3rd party Android app that fails to effectively block calls.

Yup. It’s amusing to see people think there is some hard technical problem here.

Tie the problem of robocalls to the telcos losing money, and this problem will solve itself in months.

And then they'll add on a monthly robocall prevention fee to your bill. :P

They're testing the waters for that already, https://www.zdnet.com/article/at-t-to-auto-block-fraud-roboc...

These new telco blockers only work on VOIP lines, not copper-wire POTS phones. The service is not even available for POTS, it's only the major telcos creating a /r/selfhosted RoboKiller who make it available for the kinds of phone lines that go down in a power outage..

I got two unwanted robocalls in the last twenty years (central europe). This seems like a profoundly american issue.

Lucky you. Approximately no one in the countries that these calls originate from speaks any central European language, so they don't call.

AFAIK they're not a problem here in Australia either, and the language here could (charitably) be called English. I've never received one of these calls.

Aussie here, I get the odd one on mobile, but get a couple a week on my land line numbers.

Land line numbers are also registered with Do Not Call, but doesn't make any difference.

Answer the call and there will be either:

1) a few second pause and then a person will drop in with the call centre voice noise in the background.

2) a few second pause and if there is no sound (you saying "hello") it will hang up.

Those are usually from international call centres. In terms of locally based ones, got a couple during the election with a recorded voice saying "this is an important message from XYZ politician".

I'm in the UK. I get about 2-3 a week on the landline, 1-2 a week on the mobile. 30% "This is Microsoft/your ISP, your computer is hacked", 30% "You were involved in an accident that wasn't your fault", 10% oven cleaning services. I suspect that English speaking scammer call centres are a reason for this.

Unwanted calls are an issue in France as well afaik. Not necessarily robocalls but the fact that there isn't a way to opt out from advertising calls (in contrast to Germany's Robinson-Liste) is very annoying.

There is a do not call list (i don't know how it compares to Robinson). It's called Bloctel. But it's not really effective.

Americans are not uniformly harassed, and I am sure people in your country aren't either, so your sneering conclusion is baseless.

#robocall complaints (USA, 2018): 3.8 million

#robocall complaints (Germany, 2018): 13375



The word "uniformly" is key here, and why many generalizations fail, as well as being unfair and offensive.

I'd also doubt assumptions such as people are equally likely to report, it's equally easy to report, counting is done the same way, etc., so I don't think your response is sufficient to characterize the average.

It would literally be a day. They pass the legislation and they would stop.

The lack of political will and the form of legislation are the questions.

If the rule is that telcos must eat the cost of a scam, they will drag it out in court and the consumer must still prove it.

If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.

At some point they may even come to a consensus and protocol that protects the customer.

I prefer this option.

There may be other options. Just don’t put the burden on the individual customer.

Edit: Even better, allow bounties so that lawyers can start hunting for robocalls that went through.

Set up a government department with a dozen people and a thousand phone lines distributed around the country and with different telcos. Record every call received. Fine telco $100k for every robocall. Increase fines steeply over time.

Way too complicated. Much easier would be to get a warrant for a trap and trace on the line known to be receiving these calls. Then disconnect the robocall lines.

> If the rule is that telcos must eat the cost of a scam, they will drag it out in court and the consumer must still prove it.

> If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.

I don't necessarily see these as guaranteed outcomes. You don't see this kind of behavior for banks, which are generally the ones liable for credit card fraud.

> It’s amusing to see people think there is some hard technical problem here.

One of the primary users of robocalls are politicians. I'm sure they'll get right on legislating against it. /sarc

(US) Politicians already gave themselves a loophole into unlimited unsolicited spam. So cleaning up other spammers would strengthen the quality of their spam channel, as consumers would be less jaded/more likely to pick up.

My non-tech savvy 82yo father has made a similar point to me: all these garbage phone calls that I get every day make me not trust ANY phone call that I receive. You'd think this would upset legitimate businesses that need to make calls.

Business would be a bit better if there weren’t robocalls. But free-rider/coordination challenges make it difficult for the diffuse category of all businesses to group together and fight it.

Does that loophole also apply to political action committees?

Yes. If the content of the message is "political speech" it is exempted from CAN-SPAM (which also covers cell phone calls) as an extension of first ammendment rights, regardless of who is doing the speaking.


> (which also covers cell phone calls)

No, you are absolutely wrong. CAN-SPAM law for email is under the FTC's regulation and does nothing to restrict the ability of marketers to send initial unsolicited mailings. This isn't a first amendment question of exemption, the FTC is not authorized by statute to regulate noncommercial activity like a political campaign.

TCPA regulations for cellphone marketing are under the auspices of the FCC. You cannot send unsolicited commercial SMS and calls legally (there are some exemptions for pollsters and nonprofits). TCPA law also applies to political campaigns: https://www.fcc.gov/political-campaign-robocalls-robotexts

Architecturally there's no binding between phone number and subscriber identity except at the very edge of the network, for the very smallest retail customers. There is a design to federate this binding throughout the ecosystem using a PKI called STIR/SHAKEN [0], but it's absolutely a hard technical problem to get that rolled out 100% without breaking things.

[0] https://transnexus.com/whitepapers/shaken-as/

To do that they’d have to turn the open system into a walled garden. They’d simply stop taking incoming calls from networks they didn’t trust. This would be exactly the same as saying ‘email providers can easily solve the spam problem, they should just adopt the Facebook Messenger model’.

> because there's no good reason that these robocalls can't be treated like a DoS attack

The problem here is that the origin can be spoofed.

You are imagining a system where a telco like T-Mobile connects the caller directly to you. That's not how it works. The connection chain could look like this.

bad caller 111-1111 -> A -> B -> C -> T-Mobile -> you 999-9999

All T-Mobile knows is that 111-1111 is calling 999-9999 and that the call was routed from C, it does not know about A, B, or the true identity of the bad caller.

That's also why spoofed attacks are also a problem on the Internet. These systems were not made with spoofing in mind, and it will cost a lot of money to get these companies to switch over to a new system seamlessly that can detect spoofing.

So then T-Mob calls the NOC at C. Tells them to get this stopped and they have 24 hours, or they'll depeer.

6 hour later, C's NOC calls B's NOC, saying to knock it off, and they have 18 hours or they're getting booted.

6 hours later, B's NOC calls A's NOC, saying to knock it off, and they have 12 hours to figure it out or they're getting booted.

In under 12 more hours, A cuts off 111-1111.

If peeringDB is to be believed, big providers all require their peers to have a 24/7 NOC number to call.

I agree completely. I work for a small ISP and we sometimes do the same thing for significant bad actors abusing our network. A phone call to the NOC of the ISP hosting the abuser or the NOC of their upstream transit providers usually gets the ball rolling pretty quickly.

That approach is obviously not very effective in a DDoS scenario, but as I understand it these robocalls typically originate from a handful of different VoIP termination services -- as opposed to tens of thousands of hosts in a DDoS scenario.

Exactly. Creating a proactive system might be difficult, but the apparatus is all there for being reactive.

Yet this has been going on for years, so I suspect shenanigans by providers too happy to continue charging their Tier7 peers for access.

I think this a great challenge to propose to the HN crowd. Who wouldn’t pay for a system that truly eliminates the annoyance of spam calls? What about a private network that people could subscribe to that uses a decentralized social credit system? Or one that uses a monitoring gateway to track the number of calls originating from a number (either internal or external to the subscriber group), and treats mass callers with extreme prejudice. A blacklist of known spammers could be applied first as a default (rather than as an add-on app). If you wanted to get really creative, you could give subscribers the tools to add numbers to their own black list far more easily than they now can, and maybe even block whole geographic regions.

> Who wouldn’t pay for a system that truly eliminates the annoyance of spam calls?

Anyone in a region with sensible legislation.

How does T-Mobile know there's a problem worth calling the C NOC about? One way is to see the frequency and duration of calls. Lots of very short calls indicate spammy behavior. So if you are B, you offer SIP trunking at below cost to legitimate customers, so that you can mix their call flow with the much more lucrative, 100% robocall traffic from A, and thereby stay on favorable terms with C.

I worked in this business briefly, the economics are fascinating. Your average mom and pop restaurant is very likely buying its VoIP transit from an entity like "B" in this story.

> How does T-Mobile know there's a problem worth calling the C NOC about? One way is to see the frequency and duration of calls.

Or make it easier for consumers to report spam calls. For example, dial *666 after hanging up on the spammer and it reports the last call as spam. Enough abuse reports originating from a particular carrier and T-Mobile knows there's a problem. That's basically how it works for email spam and other forms of Internet abuse.

Android seems to make it convenient to report and supposedly block spam calls these days - so where do those reports go?

AT&T Also has a dedicated app for reporting the callers.

I would pay to have a "AT&T Certified" icon on incoming phone calls. Maybe the carriers can set up peering agreements and both AT&T and Verizon work. The vast majority of people I care about are on those carriers and I can forget about the rest.

It's very hard to reform the whole system, but you have to start somewhere and this could be how.

> I would pay to have a "AT&T Certified" icon on incoming phone calls.

Call verification is already here and rolling out progressively. System is called STIR/SHAKEN. iOS supports it as of 13.something. The UX is terrible though, all you see is a checkmark after the caller in the call log. Android might have a better situation on some phones, this system is carrier dependent. More about it here: https://www.fcc.gov/call-authentication

There are scenarios where it doesn't work. Calls routed through Google Voice to my T-Mobile line will never show this checkmark. Also, not showing it onscreen for unknown incoming calls defeats the purpose, really not sure what Apple was thinking.

I wonder if Twilio will support that. I route my GV to Twilio and then to T-Mobile to run custom logic on incoming phone calls (like filtering out all incoming calls that match the first 6 numbers of my number). Would be nice to passthrough verification.

That is a really great idea. Every time this comes up it boils down to "phones are old and complicated, and there are a billion unique telcos". Great. But if I only do legit business over 3 of them, why not indicate if I am leaving the "trusted zone"?

How much is "a lot", though? We already have $billions sloshing around in telecom.

I don't know but I would imagine it would be as annoying as getting everyone to switch from ipv4 to ipv6 in 1 or 2 years.

If T-Mobile doesn't know who is really the originator, how the cost of call gets attributed? Wouldn't this mean I can just use their network without paying them as no one know how to identify me?

How do you determine what 111-1111 is? CID? ANI? Some other means?

I'd be happy with at least providing the actual source name and number, in addition to the CNAM. CNAM must still be associated with the same source account (and ideally enforced, somehow).

Best of both worlds.

What do you mean the actual number? The number is set by the caller as part of the SIP INVITE

The phone company has a source number for calls coming from outside their system for billing purposes. I want that number.

Edit: At a minimum, an out of system call should display what system / exchange it originates from. That at least helps solve neighbor spoofing.

Yeah it's bonkers they allow this still. No good actor ISP is going to knowingly let improperly sourced traffic transit networks...

Oh how I wish that was actually true.

I mean, yes there are bad actor ISP's that allow it, but his statement is accurate due to the caveat.

The middle (ntt, gtt, tata, etc) of the internet doesn't know what is or isn't spoofed. The folks at the edge own that responsibility and most colo/hosting shops allow their customers to spoof. Their upstreams are powerless against them since they'll take their money elsewhere.

Lol, that’s not the definition of “powerless”. There are many ISPs more than willing to reject peering with dumpsters.

Not talking about peering. Talking about transit-customer relationships. Think large hosting shops who say they can't afford to do uRPF on their customers because they've got so many multihomed users and the IP address space is fluid. Or smaller regional networks selling low cost transit. Some folks just have arbitrary limits (you must have x asns behind you for us to remove urpf)

Yeah, one would think that a national phone carrier would only send through properly sourced data. But I can tell you from experience that no, they let through garbage. I regularly see "phone numbers" like "11111111111111" or "0000000000" or even "01120155512121234". They act like they're the phone company and don't have to care ...

I don't know how Google Voice did it, but I rarely if ever got a robocall when I had Google Voice. After leaving Sprint (and losing Google Voice after years of having it) I get them all the time. T-Mobile catches a few here and there, but I get so many damn spam calls. I just have my phone on mute.

GV's block of phone numbers is probably considered low-value targets. Scammers get more value by talking to customers from big telcos. It's the whole "you don't have to outrun the bear, just your friend" kind of thing.

That's changed- I get calls all the time on my GV number. I think the initial "success" might have been due to the number blocks being previously flagged as unused. Especially when the minimum block size was still 10,000.

I'd say I get an equal number of robo-calls to my cell phone number, and my Google Voice number which forwards to it. Might have something to do with the area code.

This is exactly correct. The phone companies could charge $9/minute to any call originator who wasn't showing the actual number on the call, and this activity would stop. Conversely, the FCC could make any telco that carries a robo call 50% liable for any fines associated with that robo call. That too would stop this crap in its tracks.

"The phone companies could charge $9/minute to any call originator who wasn't showing the actual number on the call"

How could this work in the current environment, given that:

- termination rates (the rates paid to the recipient's phone company for delivering the call) are regulated, and can't be set arbitrarily high

- phone companies have no way to check whether the outbound caller ID I present is also a valid inbound number for me

- even if they did, it's cheap to get a number in every area code (maybe $1/month/number) and cheap (1 cent per minute) to have calls to that number to delivered to me via VoIP (so I can rightly claim that the outbound caller ID matches my 'actual number')

If you could enforce that the outbound caller ID matched a valid inbound number, that would solve a lot of problems. (1) if a number is used for spam a lot it’s gonna get blocked; rotating through a bunch of numbers per area code does get somewhat more expensive over time (and they could probably enforce a fee for connecting/transferring a number). (2) it solves the problem where regular people get accused of spamming because they were spoofed, (3) it solves the problem of fake law enforcement or government agencies “calling” you from legit LE phone numbers.

Sure, spammers could still get tons of numbers, but straight up spoofing would vanish, and that’s a big enough win.

They could charge 0.01 per call and it would stop.

Hiding the originating number/account is the entire profit center for the LECs. My impression is that they're not going to give it up without legislation.

The short version is the ani/ALI is totally traceable, they don't want to be on the hook for it, and the FTC/FCC don't try very hard at all to deal with the problem.

It’s possible, but telcos won’t do anything without a regulation, and because a few politically influential companies in tiny states make a lot of money, that won’t happen.

Isn't modern phone infrastructure all over IP for the backbone, anyway? I was under the impression that it was only the line to the house that was analog.

Digital, yes. IP, unlikely. Given that most of these companies are traditional phone carriers, it is more likely to be ATM (https://en.m.wikipedia.org/wiki/Asynchronous_transfer_mode)

No, not all. You can still get copper-wire POTS lines.

Telecoms can't block calls. They are not legally allowed to do it.

We can and do block calls under certain circumstances, i.e from Invalid or Unallocated ANIs.

This doesn't appear to be universal then, because I've been told by Telcos in the UK and France that they will not block calls even when the presented number is impossible.

It was made clear that any call that was made to one of my numbers would be delivered irrespective of any faulty components visible to me in the SIP header.

Well this is certainly jurisdiction-dependent.

e.g. the CRTC has policy 2018-484, Implementation of universal network-level blocking of calls with blatantly illegitimate caller identification: https://crtc.gc.ca/eng/archive/2018/2018-484.htm

CRTC gave telcos twelve months to implement, and it seems to have largely been implemented within that time frame.

My phone can, but spoofing obviously circumvents that.

If I need a phone number (and a phone), I go to T-Mobile, sign up with my credit card and get a phone number. Whoever is giving me this phone number, I think, should be held responsible if I'm doing stupid calls.

The companies issuing the ability to robo-callers to do their work are enabling robo-callers to do their work (scams).

Last time I tried to trace down a call, I stopped at a company called OnVoy and got distracted with other issues...

If I need a phone number (and a phone), I go to T-Mobile, sign up with my credit card and get a phone number. Whoever is giving me this phone number, I think, should be held responsible if I'm doing stupid calls.

Not a good idea. I get where you’re coming from, but we don’t hold ISPs accountable for people using the internet badly. That would be a change for the worse.

Imagine if Comcast had to terminate your service due to something someone posted while using your wifi.

That already happens:

"AT&T Threatens Persistent Pirates With Account Termination"


The question isn't "can this be done?" It is: can this be done, fairly, effectively, reasonably, and with appropriate safeguards?

The fundamental principle of regulation is that it applies methods and actions which can be harmful if misused. The key is to ensure they're not misused. Not to ban the concept of regulation entirely.

I think corporations should not be treated as people. No carrier should be able to block me if I’m being an asshole, but they definitely should if I’m a corporation and harassing their customers for a living.

It's better this way. Slippery slope and all. Before you think I'm being alarmist, google drag queen storytime.

Edit: if you're downvoting, look it up, there are convicted child sex offenders doing this.

Convicted child sex offenders doing what? I googled "drag queen story hour" and I have no idea how it connects to call blocking and telecoms.

Example of slippery slope.

I'm still not following. What do you consider "drag queen storytime" a slippery slope to/from? For that matter, which end of the slope is it?

Are you aware that the "slippery slope argument" is a logical fallacy? https://en.wikipedia.org/wiki/Slippery_slope

So you just saying that telecoms has to kill hen that laid a golden egg

What a nonsense

What's wrong with relying on your terminal device to decide whether to ring the call? That's the definition of a smartphone. In fact, Android has native spam blocking: https://www.forbes.com/sites/brookecrothers/2018/12/30/in-20... but it's quite reasonable for you to install whatever filtering app you choose.

If you don't feel safe installing software on your phone, that's a problem with your phone OS.

What's wrong is I shouldn't have to, the fact that incoming crap-calls with spoofed IDs get through at all is a problem with the network.

I use Android's built-in spam blocking and have received 7 spam calls since Nov 1. It only blocked 1 of these.

Now pretend that you're providing solutions for devices that aren't cellphones.

I enabled the Silence Unknown Callers feature [0] in iOS and haven’t answered a spam call since. The downside is that it sends every call from unknown numbers to voicemail, including legitimate ones. It’s a worthwhile trade-off.

[0] https://support.apple.com/en-us/HT207099

The majority of spam calls come from the same area code as my phone number, but its not the area code that I live in. I'd love this feature to be area code specific - it would give the granularity I need to block spam but allow for unknown numbers from where I now live.

Number Shield on iOS will allow you to block all calls beginning in an area code, but lets through any numbers in your contact list.

I tried it, and within a week I missed an important call. I was waiting by the phone, and it just never arrived. I realized too late that it had been silenced. It's very frustrating that we can't just get something like a spam filter, rather than a blanket "silence everything unknown."

Yeah part of the problem is there are tons of legitimate businesses out there that will do important things only over the phone, from obviously an unknown number, where if you miss the call it becomes a big hassle to get back in touch with them. Happens with banks and other financial institutions, doctors offices, deliveries and all kinds of other services.

It would kind of solve the problem if a norm emerged that these types of companies first send a confirmation email with the phone number they'll be calling from so you can add it to your caller id. But it's a lot of extra work for people and I think it's probably asking too much of the average non technical user.

Even better, why couldn't we have something like SSL certificates or DKIM for phone calls? People for the most part understand the lock icon and a verified flag in a user interface. Then a call could be signed to know that it's coming from a particular entity.

It seems like some other countries have solved this problem by moving away from regular sms and phone calls and instead letting a private company own all communication, like WeChat in China. Which obviously is quite problematic in other ways, but honestly at this point that would be an improvement in my opinion, if businesses started only contacting me through Facebook Messenger or Whatsapp so I could see who every message is associated with.

I was working on a system like this years ago. I called it choicelist, and submitted a paper to the FTC spam forum.

It was a user configurable white list solution in which an entity can specify all the ways they may contact you (numbers, addresses, and optionally signing or encryption public keys), and you can white list the organization as a whole.

Messages purporting to come from one of these organizations that fails the self specified check can be safely ignored.

At the time, blockchains didn't exist, and the missing piece of the puzzle was a distributed database not controlled by any central organization.

Business opportunity.

I agree there’s a business here, but will walled gardens let the solution work optimally? Apple locks down their phone and messaging apis so that nobody can use them.

Basically: selling the ability for a company to make phone calls from numerous systems all of which appear to originate at a single, designated, known, and generally callee-approved, number.

Needn't be a walled garden.

Though migrations from PSTN to various alternatives is also fairly likely. Much of the present "social media" / apps space is actually probably a jostling for supremacy / positioning in this regard.

T-Mobile does spam filtering; not sure about other carriers. The default configuration (or at least I think it is, because I don't remember changing it) is to tag the calls by setting the Caller-ID to the name "Scam Likely". You can then configure your phone to respond differently to calls from that ID (e.g. disable ringer). Alternately, if you trust their filtering enough, you can have those calls blocked so they don't ring through to the phone at all. I think it's been working fairly well for me, but I also rarely get legitimate calls from anyone other than a handful of friends/family who are in my contacts list, so I can't be too sure of the false-positive rate.

Info: https://support.t-mobile.com/docs/DOC-38784

Unfortunately when I use our conference system’s “call my phone” feature it almost always shows the number as “scam likely”. So I guess the scammers are using the same block of numbers as the conference system.

Is your outbound system spoofing a number so they all appear to be from the same one? If so, that might be why.

I updated to the beta specifically for this feature. But, like anything else like this, was worried missing important calls. I get a notification immediately about a missed call (which I'll probably soon try and turn off), I'm a lot more aggressive about adding businesses to my address book (someone else said they whitelist phone numbers you've made calls to even if they're not in your address book), and I kind of expect important calls to leave a voicemail.

iOS also has a call blocking and identification interface apps can hook into. I haven't found a good spam call blocker app though.

Try Nomorobo - took robocalls down by at least 90% for me, and I gladly pay ~$20US / year to not have flow interrupts. Works on iOS, free for VOIP numbers.

You don’t have voicemail setup?

I signed up with a SIP provider, Anveo, and set up an incoming call flow that’s very close to what Google Voice does - with one change, that being incoming callers who are unknown must press any key to be connected. Robocallers will never do this, humans will, so I’ve got a 100% reject rate on robots.

No familiarity with SIP.

Can it intercept calls to a cell phone with a carrier issued number?

Sssssorta. The cool thing is you need no familiarity with the SIP protocol.

What you'd do is port your cell number to the provider, get a new cell number, and then set up a call flow that answers the number, eventually forwarding to your real phone after the caller has a chance to record their name and hit a key.

What about returning a call? do you dial your sip number and input the number you want to be connected to?

I think calling folks back from a number different than what they dialed to reach me.. might defeat the purpose. Thanks for sharing your setup.

That is an option - the other thing you can do is get a Softphone app on your phone and log into the service with it. They work with text messages as well.

That is the one downside of this is now having two numbers to deal with. I was getting so many garbage calls though, the trade off has been worth it.

Don't you get spam calls directly to your phone now (this is the problem I have with Google Voice)?

Yes, but once you've got this "call screening" set up on your formerly primary phone number, you can safely set your phone to discard all calls from people not on your contacts list.

This introduces two ways of working with the service - either you set the service to show "your" phone number as the calling party, and then listen to the name when picking up, or you ignore this and use the softphone app for all calls.

Ah! Good to know. I was curious if I’d have to update all my friends, family, etc with my new number!

I really appreciate the info!

Same here, I was so happy when I saw that they added that setting. It doesn't send unknown numbers to voicemail if you've called them in the past. It's a pretty good heuristic. It solved the problem for me. If some doctor's office really needs to reach me and I have never called them first, I guess they can leave a voicemail.

I use this too, and it's worth the trade off for me too.

I just wish that apps or services that might call you (Uber, your cell carrier etc) could/would use the iOS call identification API to allow known calls through.

No one worthwhile even calls me that is not in my contacts. If I have a new friend, I text them, we add as contacts, boom that person will always be a contact. For business related calls, I'm always fine with those going to Voicemail and responding when convenient.

Same. Honestly, I really like this as a permanent solution. I think what we need now is a plug-in that has a strict “safe list” as opposed to the way it was being treated before with block lists.

The only calls I worry about not getting are legitimate callers from callers who aren’t allowed to leave VMs.

Same here, and I believe the next natural step is for companies to switch to calling on Whatsapp etc.

I'm excited to see improvements and results to the Google Assistant's on-device call screening. It's a step up from voicemail but I'm not sure how willing people will be to participate. For example, someone calling from a doctor's office might only be able to speak to a specific person. For privacy reasons, they call from blocked number and won't specify who they are until they've at least asked that they're speaking with the right person.

Lots of these robocalls are fraudulent. They say nonsense like they're the FBI acting on behalf of the IRS, with a warrant for my arrest. If somebody ran a scam like that through the USPS, they'd become a guest of the US Bureau of Prisons for a few years. Internet DoSers get prison time too. But not these parasites.

If the scammers are offshore, an arrest or two in the customs hall at an airport will get peoples' attention.

Prison time, big fines, and restitution will be a more effective deterrent than what we have today. The American Graffiti (1974) writers correctly described the current system of uncollected fines. https://getyarn.io/yarn-clip/6cac9bde-4762-41c2-8b76-264eba9...

Even if hard time doesn't deter these people, a few big cases will at least let the federal government project the illusion they're doing something about it.

The problem is also that a lot of them are not in the US. We can’t touch them usually.

Unless they leave the country.

If/when they visit a country with... any... positive relations with US/Canada, pounce.

And cutoff their bankers from the US financial system.

India won’t be happy if it starts to lose its call-centre industry as a whole because of some bad actors.

India and the US have extradition treaties.

There’s a lot of ways to put on the pressure.

I once needed to get my own health insurance plan for three months. I googled "short term health insurance" and went to one of the first websites I found. I put in my contact info ONCE. For the next six weeks I had maybe 75+ health insurance brokers calling me and texting me. Just blowing up my phone at all hours of the day. Some would try and make contact multiple times so I'd block their numbers from call and text. They would then switch phone numbers. I ended up having 50+ numbers on my block list.

I was so frustrated I just decided to pay out of pocket for all my medical expenses those three months.

I have a question, why are robocalls such a problem in the U.S.A.? As far as I know, they aren’t in Germany (or if they are, not on that level, I never got one).

There are a lot of people living outside the USA who can speak English. Both legitimate and fraudulent English-language call centers are easier to set up internationally than German-language call centers. The robo part of the call can obviously be automated from anywhere but there are actual humans pretending to be from "Apple Support" when a target responds.

That raises another question: are other Anglosphere countries flooded by scam calls like the USA?

Oddly, in Canada, many of the spam calls I receive aren't in English. (Mostly Mandarin, though Google indicates it's a problem in the US too: https://www.npr.org/2018/05/10/609117134/chinese-robocalls-b...)

Yep, I'm one of the people in the US that gets those. It's about an even split between those and calls about my bank account (for a bank I have no account at), with only a tiny number of others.

Canada definitely is. It is clustered, but there are days when there are a dozen scam calls (a recent one outright spoofs the governments phone number, and then calls you back with a spoofed police number).

I get some of it in Norway. English speaking call centers running scams. A lot of it comes from foreign numbers though, so it is easy enough to at least ignore.

Yeah, I get questionable foreign country numbers as well, but I never accept those.

They're rare in Australia (though I haven't had a fixed line for years now, so maybe mobile phones have a different targeting profile).

Interestingly, there's been an uptick lately but the recorded messages are all in Chinese.


So it’s possible to show a local number when the call is arriving from another part of the world? That seems strange or rather insane, but would explain how the problem happens ;)

Sometimes they show up spoofed to a local area code. Sometimes they show up as from the 800 area code, which is not specific to any geographical region in the United States and is also used by legitimate call centers. My bank's customer service number is an 800 number, for example.

I don't know if easily spoofable phone numbers are unique to the US. But even if they are not, international scam-calling operations are going to predominantly target English speakers since English offers lower language-understanding barriers and a lot of high income potential victims.

Yeah, but when the call is originating from outside the US? Why would that be allowed?

Do you know what an Indian call center is?

A huge amount of international phone traffic comes to the US every day

Hm, guess that would be the pro/con with us not being able to easily set up virtual numbers here. But otoh I wonder why the UK doesn’t seem to suffer in the same way. Same lack of easy virtual numbers?

I might be mistaken but are not mobile numbers in the UK in their special area code/exchange so calling them costs extra? Calling landlines does not seem to be profitable anymore (my home landline gets almost 0 calls now, my work phone gets maybe 3-4 calls a week) so the scammers only want to call mobile numbers and in the US it's not different from calling a landline while it might cost extra in the UK.

They'll buy tons of phone numbers from all over so they always have local numbers to call from. They just use VOIP software to route it to wherever the call center is located. As far as their provider is concerned, they're probably just a local business. Or, at most, a local number for a foreign company.

Phone numbers can be spoofed, anyway. If you call back a robocall spam number, you'll reach a very confused human. And I've received a bunch of robocalls from my own number.

As I said in another comment, why allow international numbers to spoof national numbers?

In the parent's description, it's not spoofing at all. They've purchased real american (local) phone numbers, and are routing calls through them through other means (like internet...). There's no telephone network level trickery or spoofing going on.

Not always. They will spoof legitimate numbers that they don't own. If you call them back you'll usually get some very confused person who just got a bunch of calls accusing them of making spam calls.

Ah. Any idea why it wouldn’t be a problem (from what I’ve heard) in the UK then?

I live in NZ and I've received maybe 1 or 2 in my lifetime. I'm not aware of any particular legal/technical measures in place here to stop them.

I'm in the US and have gotten a non-trivial percentage of spam calls in Spanish and Mandarin. I don't think it's just the language issue.

UK... no. Sometimes to landlines, rarely to mobiles. I have never personally got one.

It wasn't too much of a problem, but it has escalated quickly in the last couple of years, especially with people figuring out how to change or spoof CNAM data, which is what shows up on caller ID. For a while, they'd use numbers only a couple of digits off from yours, or have a set pattern (like add 4 to each of your last 3 digits). Now people don't answer local calls, so they've moved on to neighboring area codes.

I assume that some sort of software has hit the market automating the process, but I don't know.

So it’s purely the spoofing?

I looked at Wikipedia, and we have "CLIP" (Calling Line Identification Presentation) and "CLIP no screening" (essentially spoofed numbers). Spoofing a number that you don’t own the rights for is a crime.

So it looks like we have spoofing but only in a sane way, is the other kind of spoofing legal in the US? Or is there some other underlying problem?

No, there's an increase in not-spoofed (afaik) calls too. Plus some of the callers have figured out different tricks, like multiple brief calls to bypass do-not-disturb settings, or as an attempt to get the person to call back the caller ID number.

For me, at least, the calls also seem to be highly clustered, whether spoofed or not, for whatever reason.

As far as I know, spoofing is left to phone company policy, which says it needs to be an associated number, like the same company or same address. I think part of the problem is they don't have a way to actually verify this for out of system calls. And technology has made setting up spam lines on small remote systems feasable.

This is speculation, but I suspect it would be considered criminal fraud if it's done as part of a bigger crime. I don't think it's a crime in-and-of itself, but other than that, idk.

Could be a matter of population. 300 million residents vs 83 million means they have a larger pool of gullible people to target. I don’t mean that to sound mean, really. It’s just a fact that this is a numbers game for these scammers and they want to find the most number of people who will fall for what they’re peddling and milk them for everything they can.

Probably also much more likely to hit a boomer as an easier target than your average British citizen.

Because of the fines you can get it's not worth it.

As an American, I’m curious as well.

because old people are easily scammed

So many knee-jerk “obvious” solutions in comments here, some with gratuitous violent fantasies to boot. Might I suggest that you look at how your proposed solution compares to other, older, suggestion on how the then-new email spam problem used to be suggested to be fixed:


Also, this is a mostly exclusively a U.S. problem. In Europe, we basically just don’t ever get “robocalls”, and have ever only heard about them in stories from the U.S. Anyone proposing a complicated technological change should explain why this is necessary when Europe seems to have found a solution already.

There's no real email spoofing problem anymore because we have signatures proving the source on every email.

There's a phone spoofing problem because carriers are allowing spoofing, when they don't have to.

> * There's no real email spoofing problem anymore because we have signatures proving the source on every email.*

(I assume that you are referring to DKIM, and not OpenPGP or S/MIME, since the latter two are obviously not frequently used.)

DKIM signatures (not to mention DMARC to actually require a signature) are not actually that common either. Spoofing is mostly still rejected by a combination of plain old SPF and spam filtering of the mail contents. All in my experience, of course.

> There's a phone spoofing problem because carriers are allowing spoofing, when they don't have to.

Is this what Europe is doing which the U.S. isn’t? If it is, then you’re probably right. I don’t actually know. I’m just saying that whatever Europe is doing is evidently working, and any other proposed solution would have some significant benefit and proof of efficacy to be considered over a proven concept.

UK person here - while I can't speak for the whole of Europe, robocalls and fraudulent calls are a big problem here.

At least for the fraudulent calls, they seem to exclusively come from India, so I presume they mainly target English speaking countries. Typically they claim to be from BT, Microsoft or "your ISP", and try to convince you to install dodgy software on the basis that "your computer has been sending out viruses". This software then messes up your PC or at least makes it look like it, so you shell out some cash for the fraudsters to "fix it". My understanding is that if you fall for this kind of thing, your number also gets passed on or sold to more serious fraudsters.

Robocalls here for the past 5 years or so seem to mainly be from scummy ambulance-chasing solicitors ("we've been notified you were in an accident, contact us now about your claim", that kind of thing).

Who is paying for the incoming call in Europe (honest question)? If it is caller only - perhaps it is a reason? In my home country, where receiver of the call does not pay for the call, robocalling would be uterly unprofitable.

I'm in Europe (NL) and get a lot of robocalls. Seems to have died down a bit nowadays in favor of fake SMS to replace my debit card but it's all the same spam to me.

There needs to be postage imposed on connecting calls between systems, payable to the person called, and potentially refundable upon lack of complaint for being unsolicited.

This could work for email spam, as well.

Bonus if people get to set their own postage rates.

Well there was a guy in the UK who set up a premium number after getting sick of cold sales calls. All companies get his 10p/minute number as contact (he gets 7p of that). Only friends and family get the real underlying number.


I like the idea, but it doesn't solve the problem of when your real number makes it onto call lists.

But I do like the idea of giving out a 1-900 number to people. It would certainly get some interesting reactions, depending on context.

There are few available phone numbers which aren't already on numerous telemarketing / robospam systems. Exhaustive wardialing is highly tractable.

I've had numerous recent mobile and/or office numbers beseiged by dunning and marketing calls, apparently aimed at earlier holders (if even targeted at all).

Is there even a list? I had assumed they were just umm...enumerating all the numbers.

It's called a termination fee, and it already exists. Alas, it's payable to the receiving operator, not the receiving person - meaning that your telco actually makes money on every single spam call you get. Talk about perverse incentives!


What I'm describing would need to be large enough to be a deterrent, in regards to being truthful or not (or solicited vs unsolicited). That's why I like the idea of something pre-paid but refundable.

There might also be something of value in only refunding the fee to the CNAM entity, which would at least offer some incentive to not lie about being associated.

Sure, because that totally would never be abused to facilitate illegal payments or to launder funds.

It would obviously all have a paper trail. I don't see how it would have any advantages over check, money order, wired funds, etc.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact