Hacker News new | past | comments | ask | show | jobs | submit login
Report Phone Spam – Shut down robocallers and text spammers (reportphonespam.org)
407 points by troydavis 10 months ago | hide | past | favorite | 327 comments
Do you receive unsolicited phone calls or SMS/text spam? I made a free public service site explaining how to find the telecom carrier that is responsible for the spammer's (real) phone number and report the abuse to them – so the carrier can terminate their service.

It works, and it feels like magic.

Background: Earlier this year, I wrote an HN comment[1] explaining how to find the telecom carrier responsible for a robocall or SMS spam campaign. Those steps aren't documented anywhere else, even though they're actually pretty easy.

This info deserved to be much more visible, so now it is: https://reportphonespam.org/

As my site says, most reputable telecom carriers don't want unsolicited messages on their network or phone numbers. In order to disconnect their abusive customers, they need to hear about the abuse. That's where you come in. In a few minutes, you can report abuse to the responsible carrier, who will investigate and often shut off the spammer's phone number(s).

[1]: https://news.ycombinator.com/item?id=34570065#34570835




I wish we could euthanize this garbage, antiquated phone system. It shouldn't be expected/required that every adult has a phone number when the system is so irredeemably broken and dangerous.

If the web didn't have HTTPS, it would be illegal to conduct sensitive business over it. Yet we're stuck with this entrenched telephone system, the best we can do is STIR/SHAKEN, and that's not real security.


100%. My son got sick at school last week and I ignored the call from the school nurse because I have been so thoroughly conditioned by daily scam calls to ignore any unrecognized number. It’s insane that this is still a problem.


The exact same thing happened to me last week. My son got sick at school, enough so that they ended up calling the paramedics. But I had been spammed so much the week before with spoofed phone numbers from my area code that I had my phone on "Do Not Disturb" allowing only people in my contact list through. I thought it would be fine since the school's phone number is in my contact list.

Unfortunately the school's systems were down and so they weren't able to call me from the school's regular phone system. They called from random personal cell phones, so that went straight to voicemail. It wasn't until someone was literally sent to my house to bang on my door that I got notification of my child's medical emergency. They were about to administer medication that would NOT have been okay to give him, and I was lucky to be able to contact them and tell them to hold off before they did it.

Never mind reporting them to a phone provider. If something had happened to my son I swear to God I would have gone full Liam Neeson "what I do have are a very particular set of skills" on the jackass who's running that specific phone spam operation.


One slightly better solution is to get a Voip number from a distant area code in a place you’ve never been and know no one. Only give that number to people you want to actually call you. Then you can safely ignore all calls from that area code.


I feel very lucky to have a phone number from when I lived in northern NY for a few years. There are 4 people from that area code that I might ever want a phone call from, and they are all in my address book. Any other 315 number is safe to ignore.


I'm reasonably nearby the major city that has my cell phone's area code but I'm in a different area code and most people who are in the city who could even potentially call me are in my contact list. (For a long time I used to regularly get calls from areacode-exchange-random 4 digits which I knew to safely ignore/block.)


I guess this is the problem: you have to answer before you know what it is about. With email, you can immediately at least read the title of the email, or even the contents, before deciding if you want to respond or not.


I have defaulted to No Phone/Voice Calls for over 5+ years. By default, everyone is blocked, and I maintain a whitelist (a group named "!DND") of numbers who can go through — school numbers, including quite a lot of teachers, the bus driver, and the bus assistant can get through. This is working so far.


I could see this failing because the nurse's phone number is different than the school. Any large institution usually has multiple lines.


Depends on how their PBX is set up, but often those lines—even if they have separate incoming numbers—will all have the same outgoing number.


Which is ironically done by spoofing the number, which is why it's so easy for scammers to spoof numbers.


I remember how shocked I was when I first learned how insecure caller-ID is. I was setting up a VOIP PBX for the small business I was taking over from my father after he passed away unexpectedly. I hadn't been able to get into his (telco-hosted) voicemail, until I happened to call the number from the new VOIP line. Since I had the caller-ID set to the same number, the voicemail system not only bypassed the greeting, but it automatically logged me in (it was set to bypass the PIN when calling from the same line).

I tell people that caller-ID should be trusted as much as the return address on an envelope. Perhaps I can soon update my guidance now that STIR/SHAKEN is (apparently) near full rollout.


Did the school at least leave a legit voicemail? (Curious)


Yeah, I don’t get people complaining about important missed calls.

Yeah, I may miss these occasionally, but I see them almost immediately if they leave a voicemail — and they should, if it’s important — and then call them back, and apologize for the missed call, which they always empathize with.

I lose at most a minute or two, which is totally acceptable.


I think this is cultural. I've never ever left a voice message, and never will. I've also never received one, the few I get are robocallers not understanding no one picked up.

If you want me to pick up, send an sms explaining what it's about.


Many of us here grew up in the answering machine era where leaving a message was normal, expected behavior- when phones were not carried on your person.


I'm always struck in these threads how much variation there is. I doubt I receive one SPAM/scam text or phone call a week. It would seem weird that I'd want to make myself potentially unreachable to avoid the odd junk. I guess if I got multiple per day I'd need a different strategy.


Ironically back in the answering machine era you could screen your calls as they were coming in, short-circuiting this entire loop.


And what's old is new again, both Android and (newly) iPhone have live voicemail screening features!


A school nurse probably doesn't have SMS capabilities on their school phone, and might not be willing to share their private number (I certainly wouldn't in that position).

I rarely leave voicemails, but I will when it's urgent.


A school nurse is certainly expected to leave a message with a callback number. There are hundreds of millions of ways to leave a callback number that isn't 1 specific number you want. But "leave nothing" obviously isn't an acceptable solution, and leaving a personal cell number as a callback is a more acceptable one.

tl;dr: leave message+number, how you do so is up to you


Absolutely. The person I was replying to said that voicemail was not a reasonable option. If the nurse needed to send an SMS their only option may be to use a personal device, and it isn't reasonable to expect educators and staff to provide personal contact information to parents.

The proper procedure is for the nurse to leave a voicemail with their school-provided contact number (either the school office or a way to dial them directly that isn't their personal number).


However, since voice mail isn't common where I live, I also get all communication through text. Most systems send out texts. It's how I communicate with the plumber, my dentist etc. Basically never talk over phone with anyone.


I have literally never in my life received or left a voicemail, or even know someone who ever did... and I also wouldn't expect anyone to listen to the one I leave on their phone.


Your school should offer alternate forms of contact, including texting and email


get an android and use "screen my call"


Useful for an individual tactic, not really a solution to the large scale problem.


The solution (well, one at least) to the large scale problem is for everyone to call their representative as long as it takes to implement necessary penalty regulation. All the US based people complaining here can start doing it today.


If you have a kid and are ignoring calls, that is crazy.


You're right. How about we all try this? The next time anyone's in a meeting together talking about a production incident or quarterly planning or whatever, they're going to tell everyone else to STFU and wait while they take every random call they get on the off chance it's their kid's school trying to get through to them. Does that seem reasonable to you?


No, because it isn't reasonable. What would be reasonable is for the individual receiving the call to excuse themself leaving the rest of the meeting to carry on. Isn't this already the standard?


When over 95% of the calls you receive are spam, it's not reasonable to excuse yourself from meetings whenever you get a phone call.

I mean, unless you just don't want to be in meetings. Which is okay.


Well he’s 12, in the care of competent adults at a public school less than a mile away. But sure, I guess I should have been perfect.


I also have a 12yo (and three younger kids), and I have missed calls from school as well.


Maybe, but that's the world we live in now. If it's crazy, it's an inevitable sort of crazy. Get enough spam calls, and even if you know you might get a valid call from an unknown number, you'll find yourself treating them all as spam just the same. We really, really don't do well with repeated false alarms.

It's how our brains operate, and the fact that the spam keeps on coming just reinforces it. If the call is legitimate and time sensitive, you hope they'll leave a voicemail or, better yet, follow up with a text message.


Is there a word for describing becoming desensitized from false alarms? A similar situation is instead of a shared calendar for OOF status (at work) we are asked to send a calendar invite to our team and immediate team. My calendar is filled with “doctor appointment” invitations from people I don’t often interact with or need to know their in-office status. I started missing meetings and appointments because I was so desensitized from appointment reminders that were meaningless, I’d just ignore the notification because they were rarely valid. Since then I’ve tried automatically deleting out of office invites but they don’t always follow the same format. I’m apparently alone here because I brought this up as an issue and no one else felt like it was a practice that needed to change.


I've heard alarm fatigue used. I think it originated in a healthcare context.


I've also heard the term alarm fatigue. Pretty sure I heard it in the context of cybersecurity where security admins will get complacent if there's too many false alarms and potentially miss legitimate attacks.


>If the web didn't have HTTPS, it would be illegal to conduct sensitive business over it.

Source? According to this timeline[1], e-commerence with credit cards predate SSL. Therefore I'm not really convinced that there's some law against it, except for laws that were introduced after SSL was a thing.

[1] https://en.wikipedia.org/wiki/E-commerce#Timeline


...and why would there be? People are free to be stupid if they want.

I really hate this attitude that every little danger has to be regulated.


E-commerce predates opening The Internet for commercial entities. In 1988 or 89 I ordered some Unix book, maybe the 4.3BSD daemon book, via email that I got from Nyx, which was a dialup Usenet server at University of Denver. Sent a credit card number over SMTP email.


I remember "buying" something online and having to physically mail a check with the order # on the info line.


Been there, done that. Also sent a credit card number split across two emails “for security.”


It's not so much law, as far as I'm aware, as the PCI/DSS requirements made by the credit card companies. Since they'll stop doing business with you if you don't follow their requirements, for all practical purposes, they have the force of law.

You could probably get sued for negligence if you process card details over an unencrypted connection, but that's nothing compared to the damage your business will take if the card companies decide that you're on the naughty list.


Sure, since we do have TLS on the web card companies can require we use it. That doesn't mean that they would just disallow all online transactions if we did no have easy encryption available. Security is after all never the primary concern - if it was you would not interacting with other people and computers at all.


You can rest assured that the phone company 100% securely knows who to bill for the call. They just aren’t telling you.


In America’s “receiver pays their part” system I wouldn’t be too sure. In the rest of the world, the caller/texter pays 100% of the charge, but in the US you’re charged per text and minutes received.

Once you add a “free call” entity on the other side (like Google Voice) then no one is charged to make the call.

Additionally, plenty of people “sell” their real number and there are android apps routing internet call through the victim’s real number. In this case, even if the person is charged, it’s not necessarily the spammer.


> , but in the US you’re charged per text and minutes received

I doubt 99%+ of end users in the US have been charged for non international minutes or non international text in the last decade or even 15 years.


The bill the end user receives being zero doesn't change how telecom billing is set up. The fact that it's "Free" and costs are hidden from the user in America isn't exactly uncommon.


If the phone companies are billing each other, they don’t they have to know who to bill, per tinus_hn’s comment?


Lol, no. "[call|charging] [data|detail] records" (CDRs) are batch transferred over FTP, followed by a pseudo ETL into a billing system. It (mostly) works, but it's an archaic mess.


To be fair, T-Mobile and AT&T are on sFTP nowadays.


I wouldn’t exactly say STIR/SHAKEN isn’t real security. The protocol works fine (like HTTPS), the issue right now is that the Certificate Authority network is still being built out and attestation isn’t enforced by carriers yet. Things should steadily improve now that the protocol itself is deployed.


The sad part is that it only got really really broken when it got digitised, i.e. IP telephony. Preventing number spoofing was trivial and a solved problem back when the phone system was still "antiquated". These design flaws were added surprisingly recently.


It already takes me 45 minutes of my time to get a hold of a support person of my own carrier and I'm a paying customer.

I commend the effort, but getting a human to answer a support hotline call in order to report a spammer number is so comically difficult and ineffective that I can't see a significant amount of people participating. Why doesn't my carrier have an automated system allowing them to communicate with the originating carrier, triggered by the "report spam" button in my telephone OS?


Because contrary to the page, they don't really care about the spam that much. Now, if more people started calling the support for every spam they get... that would translate to some real cost.


Who would bear that cost though? My prediction would be the customers again, because they would make the phone support harder to reach than it already is as a "solution" to the increased demand for phone support.


Partially yes, longer support waits. But there's a threshold where the agents either need to be available or the reviews / opinions about a telco go too low, so it can't be just ignored.

I just don't have sympathy though - ideally people would DoS all the telco and local government lines until the issue is fixed. It's just stupid how many years this exists without obvious solutions.


Now if someone were to make one of those pizza ordering LLM agents do the calling for them...

I suppose that would be like spamming the carriers. Not sure that's better, but it might make them act.


All costs by customers: support increase from 45 mins to 4.5 hours would be one one those.

Also, the more spammers reported the less to bill for the calls. As less spam calls.


In the UK, you just forward the text to "7726" which is SPAM on a keypad. It's a requirement from the regulator.

https://www.ofcom.org.uk/phones-telecoms-and-internet/advice...


In the US, 7726 just goes to the receiving carrier (that is, your wireless provider), not the sending carrier. It can help your carrier filter the messages (eventually, sometimes…), but it doesn’t actually stop them.


Does a forwarded text retain the envelope?


Presumably they can compare the message body against recent text messages they've given you.

(also, this works in the US too)


If memory serves, it replies asking for the sender's number when necessary.


In Norway it is an offence with penalties per infringing call to cold call anyone who has registered their number with the Brønnøysund registry more than 30 days ago (the equivalent of the Telephone Preference Service).


The US has the same thing for a very long time with the National Do Not Call registry: https://www.donotcall.gov/

The problem is that it's nearly impossible to enforce this. Would be curious to know if Norway has had any better luck.


Well something must be working because I have only had one cold call in the last ten years. We never got very many but now it's so rare as to be worth remarking on if it happens. That one cold call turned out to have been a mistake on the part of an otherwise well behaved company who were very apologetic when I pointed out that my number was on the register.

Companies do occasionally get fined.

I have had a couple of calls from outside the country but I generally just don't answer unrecognized numbers from outside the countries that I have a connection with.


I don't know about Norway, but the UK Telephone Preference Service does issue a number of fines for the line marketing calls they are responsible for, with enforcement via the Information Commissioner's Office (ICO, the GDPR people too): https://www.tpsonline.org.uk/pages/enforcement

Obviously if scammers are willing to commit serious fraud that will definitely result in prison if caught, they're probably not too worried about that. Along with scams, silent calls also fall under Ofcom's jurisdiction: https://www.ofcom.org.uk/complaints/complain-about-phones-or...


I got a spam call seemingly “from Verizon” (their main number) on my Verizon phone.

I called them and told them and they said “oh yeah that happens all the time don’t pick up when we call”

That’s when I realized we’ll never win. The spammers have won.


> That’s when I realized we’ll never win. The spammers have won.

It's tough, but it's not helpful that people don't know the face of the enemy. The fight isn't with just some stereotypical "spammers". Advertisers and marketing departments are spammers, and they've destroyed phone as a medium, much like they did it to physical mail, radio, broadcast TV, cable TV, and now streaming and the Web in general. We won't make progress until we realize that most spammers are operating 100% legally, and phone networks both participate in it and make money from it.


Nah. We're talking about spam texts and phone calls. That stuff isn't legal.

Yeah what everyone else does is creepy af, and _should be illegal_, but that's not the facts on the ground today.


Imho the normalisation of agressive advertising and inhuman communication with customers is what make spamming profitable.. they are not that different from legit orgs.


100%

These guys are just doing what the ad guys are doing but it’s for fraud.

The fraud is only half of it.


The creepy af stuff being legal is one of the cracks that the illegal stuff uses to leak through.

Those cracks need to be sealed, but there's enough creepy af industry lobbying that it won't happen because money.

There's money in them thar retirement villages.


I don't really grok this argument. Google's panopticon is not facilitating or causing the Car Warranty calls, or text messages about my package waiting at the 'usps facility'.


I see the lack of any kind of privacy controls or regulation as facilitating the selling of personal information (= legal). This information is, in turn, bought and used by companies behind these scams.

Google's panopticon started this desperate grab for personal contact information (see recent discussions here on HN around Smart TVs as another one of the outgrowths of this) in it's ability to turn it into advertising profit on a previously unprecedented scale.

This is separate to telecomms companies seeming lack of ability to control or monitor what's on their networks. Which is also a regulation / enforcement problem. However, there are functions that are 'allowed' on telecomms networks to facilitate 'business' (eg. overseas companies being able to spoof local numbers so that people actually answer their calls), such that this 'feature' is then exploited by scammers - when, arguably, the whole 'feature' is a scam in the first place.

https://www.abc.net.au/news/2018-05-03/mobiles-and-landlines...

(I'm sure I read an article somewhere that described the ability to spoof local numbers as a business decision to allow overseas marketers to sell their wares locally without fear of their calls not being answered. Trying to find it. I may be mistaken.)

Edit: services such as virtual phone numbers, such as these:

https://callhippo.com/blog/country/virtual-phone-number-prov...

https://www.numeroesim.com/how-to-get-an-australian-phone-nu...

https://virtual-local-numbers.com/countries/65-australia.htm...

This is likely coming from the purely 'if it can be abused it shouldn't exist' bias, which may mean I've taken a step closer to becoming an old luddite, but it feels as if, if this is possible, then the entire infrastructure can't be trusted any more - and people consciously choosing to just not answer their phones for any unrecognised number feels like confirmation of this stance.


What an utter technological failure. How and why is this even (still) possible?


Why are ads a thing on cable? On the web? It's literally the same problem, and since this site's audience is likely more familiar with the latter, it should be clear it's not a technological failure, but a social/legal one.


YouTube ads have no ability to interrupt my day-to-day life out of the blue, and also don't poison a legitimately useful communication medium for personal relationships.

Phone spam is much more harmful than ads you kinda-sorta opt into, IMO.


Ads are not the same thing as impersonation, lying about who you are and where you are calling from.

Cable is not full of ads that say they are from AT&T and you need to contact them about your bill at <number> but the ad isn't from AT&T and the number goes to a scam call center.


Yes, but most scam calls aren't impersonations either.

I bet if you tallied it up, there's many more people being tricked into taking on bullshit contracts with legitimate companies[0] and losing much more money in total, than there are victims of actual impersonation scams. I firmly believe both schemes are morally equivalent, and that one of them is still considered legal only means we should push firmly for a change in laws.

Even the impersonation angle isn't clear-cut. When a telco calls me with their newest scam, it's always via a third-party call centre they outsource this job to. Where I live, it's also historically has been a major source of contact and personal information for scammers - always a "disgruntled employee" leaving and "covertly" taking the customer database with them.

--

[0] - Telcos are my go-to examples here, they're notorious for borderline fraud. For example, just under a year ago, a billion-dollar telecommunications corporation named after a color, one of three major telcos in my country, tried to scam my own grandmother hard, after my grandfather passed away, and almost succeeded. More generally, after many years of near-misses and one or two mistakes, most people in my family learned to never talk to phone companies cold-calling with offers.


> Yes, but most scam calls aren't impersonations either.

Most of the spam texts I get lately are from non-US numbers claiming to be USPS trying to resolve a delivery exception.


All of the spam calls that are an annoyance to me are clearly spoofed numbers from my home area code.

That’s impersonation.

I know they are spoofing numbers because my own numbers gets spoofed as well. Real people call me back and leave voicemails saying I’m the one who called them.

None of this is standard advertising.


Ads are not illegal. Spam is regulated by laws like the TCPA for sms and CAN-SPAM for email.


The spammers have won only because the phone system (in which the phone companies are complicit) is designed to let them win.

When you get a call from Verizon's number, they know the actual originator of the call (or perhaps they know it up to some known-to-be-not-so-trustworthy-source). They know that the number is not Verizon's phone number.

But the phone company chooses to blindly display the spoofed caller ID. Note that T-Mobile will block their equivalent of these calls (not that T-Mobile isn't to be blamed for other things, such as sending their own spam texts).

So it is Verizon's choice to lie to you on behalf of these scammers, and the FCC allows them to do it.


What systems rely on spoofed called ID-s? I would assume carriers don't like this too much, but so much legacy crap is built on this that they are just rolling with it and just accepting the bad rep for spam.


AFAIK, just about any time you get a call from a business - the specific desk phone that you were called from has a number, but they prefer to ID as the receptionist or the menu system so you'll get that when you call back.


Is that really caller ID spoofing though? Presumably the desk phone does not have an individual external line and it all goes trought a central phone exchange. If that exchange is responsible for both the public phone number and the internal phones then it using the public number for outgoing calls is not really the same as a third party claiming to be calling from a number that they don't own.


The point is that there is no validation of these numbers. I can call you and list my caller ID as your own number, and when you get a call from me, it will show up on your phone as being from your number. And the phone company will say "Oh no there's nothing we can do about this!"


That’s bad. I do know T-Mobile blocks calls to their phones spoofing the 1-800-TMOBILE number as of a few years ago.


damn, sometimes tricks like that let you receive free calls from your tech-savvy friends while roaming ;)


Again, spammers are the reason we can't have nice things.


Just disable all calls. That’s what I do. Real people call you on whatsapp or other similar apps.


Not sure where you are in the world but in the US having a phone number and receiving voice calls is pretty much required to participate in society. And using WhatsApp or other similar solutions is not very common.


I live in SF so not sure what you're talking about


Not in my experience. I’ve used WhatsApp while in China on one business trip because other things were blocked/less reliable, but so many people I know or interact with don’t even know what WhatsApp is. Voice call, text, email, Facebook messenger, Slack, Teams, LinkedIn, sure, but not WhatsApp. I can’t trade WhatsApp messages with most of my friends, family, bank, mechanic, doctor, or hairdresser. The more traditional of those are going to call or email, the younger ones will text or facebook messenger, and work stuff is currently mostly Slack.


my parents would probably say something along the lines of 'what is whatsapp'. My sister would say 'i dont use that' my wife would say 'yet another freeking app?!' my tech friends would say 'no i am not signing up for yet another account'


On iOS at least you can block calls from outside your contact list. Which is what I do.

Anyone outside my contact list can leave a voicemail.


I've been reporting spam calls and texts to the FCC for a few years now. Does it do anything? I don't know, certainly not immediately, and the problem persists.

I tried the method spelled out here for my latest batch of "Your USPS package has arrived" texts, but the phone numbers (example: +63 936 631 6676) just give an "invalid number" response. Not unexpected.

Every official channel seems to be failing us on this one. Spam calls still exist, spam texts still exist, and even fake government websites still exist. I don't understand why a .com site like https ://usps.com-helpnk.com/ is still up.


Like others, I'm confused about how there's so much variation between countries on this one.

In the US, the calls and texts are a plague. If you've had a phone number for a few years you're probably getting multiple texts and calls a day, even if you are on the Do Not Call registry, from advertisers of every type and scammers alike. Lots of people have apps for blocking spam and they still get through.

In the Netherlands I'm also on a do not call registry, and I get nearly zero spam calls or texts. There is the occasional scammer SMS, and I get a spam call maybe once every 2-3 months, usually for nonprofit fundraising.

In developing countries you're spammed by both the telco and third party advertisers within minutes of activating a prepaid SIM card. The telco is almost certainly delivering the advertisements.

My guess is that the penalties and enforcement behind violating do-not-call registry in the Netherlands (EU?) are just much stronger than in the US. It still does not explain the lack of low-quality spam / scam messages from people who are unlikely to be dissuaded by regulation.

The only thing I can think of is that there is better authentication for accessing the Dutch telephone network (and better incentives for the telcos) which allow the providers to prevent or shut down spam numbers quickly.


Could the percentage of occupied Dutch phone codes be lower than the USA? There may be a smaller pay off.


You mean area codes (all Dutch mobiles are on one area code - 06) or do you mean the proportion of available phone numbers to phone users?

The latter would imply that spammers are 'wardialing' phone numbers but that seems really unlikely to me as it would be incredibly easy for telcos to detect and prevent.


I meant the second. The hypothesis of with a few smart tweaks such as valid area codes, etc. I've yet to have text spam use my name, whereas email spam is around 10% for me.


This was many years ago but I was trying to set up a Twilio number in the Netherlands to do a crank call on a friend there. I thought it would be as straightforward as the US(ie. Just sign up, add some money and pick a number from their available pool). No....from what I recall you need to submit an actual physical address and there was some mechanism for verifying I think as it failed the first time I tried. Now I think I managed to eventually get some random shop registered but for spamming, I don't think that would last as it would get flagged eventually. I don't know if they still do this sort of verification but if anything it is probably more strict now.


It's the same in Germany. You need an address and a passport or national ID card before you can get an IP address or phone number.


I disagree with the posted page that the telecoms are interested in stopping spam. If they really cared, they would have addressed it by now. I suspect they are somehow making money from the spam callers.


> telecoms are interested in stopping spam. If they really cared, they would have addressed it by now

I'm not so sure about this. No one (except for, obviously, spammers) benefits from email spam, every mailhost and network admin is most certainly interested in stopping it (to some extent), and yet my mailbox can prove that spam is still very much alive.

Solving spam problems in a highly distributed large federation of networks is not simple.

However, I think there are less telecoms than LIRs and mail systems out there, and they typically have better control over who their clients are (less hacking, though I could be wrong), and there's not enough pressure on them (spammy mailhost's gonna get banned by every RDNSBL real quick, telcos - I don't know, but I guess not so much?), so I can certainly agree that telecoms have issues with their incentives. I could be wrong about this, though - I don't really know much about the telephone industry.


The analogy doesn't hold because anyone can send an email to anyone else on any service at any time.

You can't exactly just climb up a telephone pole and tap off a few phone numbers for yourself. You have to explicitly enter into a contract with a service provider to use their infrastructure.

Spammers and scammers are wasting infrastructure resources that the telcos could be allocating to users. The telco can just cut your access off if you abuse it.

If I spin up an email server, no one entity can stop me sending email to anyone else. Gmail or Outlook or other services can block me individually, but there is no centralized network and no central authority that can refuse my connection. [0]

I suspect that telcos don't want to do anything about abuse because it's a very large fraction of their total traffic. The artificially higher utilization of the network gives them more justification for their prices or gives them some sort of good boy points for having x number of users. I don't really know how any of that works, just a wild guess.

[0] There are centralized blacklists and other ways to communicate that a sender should be widely blocked, but that's not the same as a telco refusing to physically connect you


> You have to explicitly enter into a contract with a service provider to use their infrastructure.

Exactly. And proper providers make legitimate users jump through so many hoops. E.g. with Twilio I can't even send text messages to US long codes (regular numbers) anymore without assigning "campaigns" and giving sample text messages... All I wanted is that my users can pick a phone number and use SMS as an interface to send commands and queries. They (US government and Twilio) don't even let me do that in order to "fight spam".

> I suspect that telcos don't want to do anything about abuse because it's a very large fraction of their total traffic.

Same here. They keep adding process and restrictions on legitimate users to prove that they're working on it, but I don't think they really want to.

Sure, there are probably fishy international service providers that house legitimate AND spam traffic and are hard to block. But phone networks are much more centralized than email and should have better abilities to fight spam if they really wanted to (but instead keep profiting from it)


> The analogy doesn't hold because anyone can send an email to anyone else on any service at any time.

Sorry, but I disagree. You can't just open a utility cabinet and establish TCP connections with random mail servers either. You have to explicitly enter a contract with a service provider to connect to Internet too.

And every mail system out there uses a bunch of precautions, like SPF, DMARC and of course it refers to some DNSBLs. I just cannot imagine any operational Internet-facing general-purpose SMTP system that doesn't.

Most ISPs out there outright filter out any tcp/25 traffic for their customers, residental or hosted. Typically (in case of server hosting) or less typically (in case of residental network access) this block can be lifted by going through some sort of pinky-swear "won't spam" KYC, but if you abuse it, you'll get booted off the platform real fast. And if it's too weak, the provider will very soon find themselves and their customers unable to send anything.

Because if a LIR doesn't respond to spam reports from their system, RDNSBL bans will very rapidly grow from just a single IP to progressively larger and larger subnet and then the whole AS. And getting out of a DNSBL isn't exactly fun. So network operators really hate email spam - it brings them nothing but headaches.

And that's why virtually all spam today comes from infected or hacked machines, and not some malicious people running a spam server.

I don't know where telephony spam comes from - as I've said I don't have much experience with this side of telecom, but I wouldn't be surprised if a vast majority of it would be from hacked/unsecured VoIP systems. I believe unscrupulous phone companies may be able to pull something, selling access to spammers, but that's probably once-or-twice-in-lifetime thing, because they won't be able to BS that they were hacked or something after a few incidents. (I highly doubt phone companies don't have a culture of blocking abusive peers. Internet operators surely do.)


I have a VPS I pay $15 a year for, and it hosts my own email server. I've got all the security bells and whistles.

Sure, my provider could ban me if they cared enough, but it's pretty much trivial to set up a new one.

And as you said, some of the email spammers use botnets. Which is yet another order of magnitude removed from the hassle of getting a telco to hook you up on the sort of scale we're talking about.

And sure, we have all sorts of institutional protections and blacklists to prevent spam, and yet we all still get flooded with spam. The only effective way out so far has been server-side spam filtering, which cannot be implemented in the phone network as long as caller ID spoofing is still allowed.

Call and text spam come through the same channels as any legitimate business. These people have the same kinds of commercial contracts as any business, and as far as the telco is concerned, their traffic is completely normal and legitimate.

That's the problem we're discussing: the telcos are not enforcing the anti-spam laws. They seem perfectly content to let these bad actors operate on their network. There is no subterfuge, no hacking, no foul play of any kind to get their traffic onto the network. The telcos simply let it happen.

The telcos also explicitly allow anyone to spoof caller ID so that the receiving customer can never know the true number they're being called from. The customer can never block the spammer because they just generate a new number each time.

Email spam and phone spam are not the same problem at all. Not even close. Email spam is simply people abusing the technology in spite of everyone's best-effort attempts to stop it.

Phone spam is institutionalized. The telcos have made a deliberate decision to allow this, and not offer any way for customers to protect themselves. Again, despite laws existing which should force them to stop the abusive traffic.


> there is no centralized network and no central authority that can refuse my connection

Your ISP/host can refuse service (assuming somebody convinces them to take that step). That doesn't mean you can't find another, but they are your connection to the Internet.


> You have to explicitly enter into a contract with a service provider to use their infrastructure

Sounds like you’ve never used Twilio before - or any other API-based SMS system


Isn't Twilio your service provider in that case?


Ehm you need to create an account, accept their TOS, enter billing information and then some.

They can easily disable your account should you break the TOS (or for any reason really)

Not quite the same as hosting an email server somewhere


Have you tried recently? There’s a ton of regulation mandated paperwork and registration required these days.


> Solving spam problems in a highly distributed large federation of networks is not simple.

I agree and disagree with this statement:

1. The distributed system can't solve the spam problem, because it's not a technical problem.

2. The population can immediately solve the spam problem by responding in the affirmative to every single request they get.

What makes spam profitable is the quality of the responses - right now only the marks respond, so every response is valuable to the spammer as it is a lead that will almost certainly result in money.

If the spammer sends out 3m SMS/robocall messages, and gets 5 responses, those responses are worth actual money!

OTOH, if the spammer sent out 3m SMS/robocall messages, and got 3m responses (of which only 5 are worth money), then the spam would quickly stop.

IOW, by self-selecting into one of two groups (will give you money/won't give you money) we are making spam profitable.

This is the only way to stop spam of any kind - poison the database.


I usually answer the spam calls and then try to keep a human on the line as long as possible. I get almost no spam calls on my phone now (although I'm not necessarily claiming this is a direct result).


When you say 'poison the database' in the case if sms/robocalls what exactly would that involve?


> When you say 'poison the database' in the case if sms/robocalls what exactly would that involve?

It involves never blocking any SMS/robocall: for SMS always reply in the affirmative (i.e. you want an agent to phone you), for robocalls, keep the call active for as long as you can, and reply in the affirmative for future contact.

You do that, knowing full-well that you aren't going to be buying anything.

If even half the population did that, spam SMS and robocalls would become too expensive to do anymore.


When you consider that most of this stuff originates from places outside of jurisdictions of any place that would ever consider doing something about it, you realize that legislation is worth much less than the paper it's never printed on.


It's that time I get to repeat: The US is a big enough destination that threatening to drop incoming calls would work. Much like the EU online privacy regulations has international effects, the US can play the game too. It's extremely unlikely that a legit telco anywhere in the world would choose to continue spam and lose the ability to call the US. (Telcos peer to other telcos/interconnects explicitly and can force custom agreements)


> The US is a big enough destination that threatening to drop incoming calls would work.

They should threaten to drop outgoing calls too. That’d eliminate all the useless offshore call centers.


Some sort of quite tall wall, perhaps made of fire…


i don't know about being tall. by any definition i'm familiar within context, 1RU is about the smallest possible.


In some cases it definitely seems to be the carriers making money.

I’ve never really had any issues at all with SMS spam in the UK and Europe - but I’m currently in Thailand where it’s awful! When you buy a new SIM card at the airport, the spamming starts within an hour or so. I count 18 sent yesterday alone, once every hour or so during the day.

I believe it is actually the carrier (true.th) sending them as they all follow a similar format and seem to arrive with a somewhat predictable regularity.

They even have an automated number (*137) you can call and supposedly turn off spam, but it doesn’t work: “System will cancel spam SMS within 24 hour. Thank you for using!”. Yeah right.

Only solution on iOS seems to be to disable notifications for SMS from unknown senders in System Settings. Then, at least, they only annoy you when you actually look at the messages app.


Carriers could solve the spam problem overnight by disconnecting about 3 or 4 countries from the rest of the world. However popular that action may be, it would not be legal.


The world has already decided to disconnect 5 countries from the global banking system, effectively keeping them locked in the dark ages....


ya but now they are the racist carrier. racism hunts. witch hunts. in the far future these 2 events will look no different


A few questions (in good faith) for discussion:

- How do you feel about the telcoms reading/filtering your texts?

- Where do you feel these controls would be most appropriately applied? Sender or recipient or both?

- How would you define SMS spam for filtering? Should the messages be manually reviewed or automatically filtered based on volume/content?

- Should recipient telcoms filter potentially malicious or spammy voice calls?


Texts are not encrypted anyway, your telecom can already read and filter your texts, and there’s been several instances of it happening.

Eg: https://www.reddit.com/r/tmobile/comments/17aqv1z/tmobile_li...


With booking systems that use texts for appointment confirmation, several companies end up using the same group of phone numbers due to the service that sends the text having limited phone numbers.

Some of the companies are quite spammy. It’s frustrating as blocking the number risks blocking real ‘you have an appointment at xxx’ type messages.


I think you underestimate how ineptly run a lot of these highly-regulated, legacy industries actually are.

They care, but in the way most people care about not being fat. They still can’t make the necessary lifestyle changes to do anything about it even if it is their most ardent wish.


(This is a US-based response response about the US phone system.)

Because it's a political problem, not an engineering or business problem.

In order to prevent monopolies, we have very strict requirements about carrying all calls that enter the network. Otherwise, phone companies would randomly block each other as part of anti-competitive tactics to push each other out of business.

The telephone spammers take advantage of these laws, because it is very difficult to legally block a spam call. Your phone provider must carry all phone calls without any prejudice!

(So I'm about to get very close to the line about hacker news's "no politics" guideline. Please consider that spammers "hack the law" and "hack politics" before you flag me. Instead, I would appreciate it if you take a minute or two to fact check my opinion disguised as fact.)

The primary way out of this is by a legal change, not by an engineering change or culture change: We must update our laws so that it is very difficult to make and carry spam calls on the telephone network.

I personally believe that one way to do this is to require that all phone calls provide rich metadata to the phone that is ringing. I really should know who is calling me, and the phone company that originates that call should be responsible for verifying it. I would even consider a requirement that makes it trivial, or automatic, to "lift the corporate veil" on who owns the company that is calling me. Otherwise there should be strict penalties for a phone network that allows originating calls with phony or spoofed metadata.

(I also don't think anyone has a right to make a 100% anonymous phone call. I think we can figure out how to allow people who need to make anonymous phone calls to make them, without exposing the entire phone network to SPAM.)

Ultimately, every phone call that enters the phone network needs to have a strict and auditable chain of liability.

In reality, if our laws included a requirement for strict metadata, and then a requirement to make an "abusive phone call" button really obvious, we could figure this out pretty quickly: at this point it becomes a simple reputation system.

Finally, we need laws that prohibit co-opting the phone network for marketing. We may want to start with prohibiting unsolicited commercial and political calls. We need to make sure that there are no loopholes, where the company you bought something from 2 years ago is still free to call you as if you have an ongoing relationship. We need to recognize that pulling out one's phone and looking at who is calling is really a significant burden to us, and that our government should protect us from companies and politicians who think that they have the right to interrupt our day at any moment to listen to a sales pitch.

If you really care and want to put time into this, advocate politically. (And remember that hacker news is not supposed to be political.) Don't waste your time reading instructions about how to report spam.


NB: There's no HN guideline against discussing politics, though political submissions are somewhat discouraged.

Where political comments are problematic is generally where they run up against other guidelines, notably:

Eschew flamebait. Avoid generic tangents. Omit internet tropes.

The other red line is accounts that principally push political viewpoints.

A fair bit of political discussion tends toward each of these. Avoid those rails, however, and you're good.

Dang's posted often on what does and doesn't work with political discussion, see: <https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...>

I'd specifically point at: <https://news.ycombinator.com/item?id=34481375>

Where a problem, such as robocalls / spam phone calls, really is fundamentally one of politics and policy, discussing those political and policy elements is entirely appropriate.


Of course, that would require the politicians to first opt their own political calls in to the existing (if largely useless) measures such as the Do Not Call registry.


There are rules in place specifically for political calls and texts: https://www.fcc.gov/rules-political-campaign-calls-and-texts

Notably they can't use autodialers without having prior consent from you.


> If they really cared, they would have addressed it by now.

They care, but not enough to spend what is required to address it.


Less that spam makes them money, more than doing nothing about spam doesn’t cost them money.


All the responses to this post have been an amusing read. Apparently this forum is too young to remember all the Guyana phone sex scam numbers from the 80s and 90s…


I can't see how it can be any other way than you mention.

Is it conceivable that they don't have control of who is using their network, and how they're using it?

It's not like they've just landed on the planet with this big telecoms network to manage. They created them, they set the rules, they own the gates.

It's purely profit driven, no question.

In the exact same way that Google and Meta claim to not be able to police advertising on their own fucking networks.


The architecture of the telephone network was designed by a complex series of historical monopolies (across multiple countries), federal regulators, and state regulators. Because of this history, the providers have a surprisingly small degree of control over the traffic that passes through their network. This is, in a regulatory sense, what it means to be a common carrier.


My admittedly cynical view, then, is that the structure has outgrown it's usefulness.

Features are being added, which enable phone number spoofing and other shenanigans, at some point deep in the network, such that common carriers, at the tips of the network, have no control over.

Thus creating a scammers/spammers paradise.


> USPS package texts

Try reporting it directly to the US Postal Inspector. From: https://www.uspis.gov/news/scam-article/smishing-package-tra...

> Have you received unsolicited mobile text messages with an unfamiliar or strange web link that indicates a USPS delivery requires a response from you? If you never signed up for a USPS tracking request for a specific package, then don’t click the link! This type of text message is a scam called smishing.

> To report USPS related smishing, send an email to spam@uspis.gov.

> Without clicking on the web link, copy the body of the suspicious text message and paste into a new email.*

> Provide your name in the email, and also attach a screenshot of the text message showing the phone number of the sender and the date sent.*

> Include any relevant details in your email, for example: if you clicked the link, if you lost money, if you provided any personal information, or if you experienced any impacts to your credit or person.

> The Postal Inspection Service will contact you if more information is needed.

> Forward the smishing/text message to 7726 (this will assist with reporting the scam phone number).


lol. They will do absolutely nothing.


My own experience is that reporting to Google's Safe Browsing whatever is a waste of time. A lot of scam sites geo-block or redirect to a random news site when visiting from $OutsideTargetArea, so that seems to break a lot of/most automated screening.


> example: +63 936 631 6676

It’s unlikely to work for phone numbers outside the US. Sorry :( For typical 10-digit US numbers, the carrier search sites work well, as does Twilio’s carrier lookup API.


Thank you for putting together this resource!

I read the rest of the FAQ, signed up for Twilio, and their API worked to identify the number.


I used to report spam calls, but quit when I received one from my own number, the number of the phone on which I received the call.


I've had some luck with reporting phishing domains to their registrars. It doesn't always work, but I have gotten a few taken down that way.


Yeah, I too noticed the similarity in approaches. Generally I've not had good luck with reporting spam domains because the registrars are sketchy. Makes me wonder if reporting spam calls is going to have the same lack of success.


yeah i don't understand whether the government even does anything or if they treat it like an off and on switch due to attention or negligence

there's some impressive anti-scammer youtube content, and it seems to be a growing trend, maybe this is just capitalism doing what it does best? advertisers putting money in front of combative interventions.

https://www.youtube.com/watch?v=dWzz3NeDz3E

https://www.youtube.com/watch?v=jUHFpfVPUYc


This is enabled by essentially free communication --- while it's probably not feasible to go back to the rates Ma Bell used to charge so as to fund their infrastructure (and generous pensions, and stock dividends)....

Why not have a system where a small amount of money is put in escrow when a call is placed? If the person who answered the call is displeased by it, they can punch in a command at the keypad after the call to claim the money.


> Why not have a system where ...

Because phone operators make money on all those robocalls, and have so far decided they'll make more money allowing it, than trying to obstruct it.

And, I mean, what are you going to do? Change your phone operator? They're all the same. Switch to using WhatsApp/Signal/etc. for calls? Sure, but you're still paying some telco for the mobile data plan.

That's the problem: all the actors with leverage here are happily making money on the scheme; regular customers... have no leverage.


This is equivalent to having a “premium number” (like the pay by minute or per txt)


Step 1 - ignore the callerID and engage with scammer to get their real number. Because us carriers can't be bothered to tell you where a call is actually coming from.


In 2023, if you're using a major commercial provider, and the caller ID is a US-originating number you're more likely to see accurate Caller ID than not. STIR/SHAKEN has been widely adopted, and networks now have permission to drop calls providing inaccurate digital signature.

Even as of last year caller ID accuracy was bad.


It is still ridiculously easy to spoof a number. I'm on Verizon with the enhanced caller ID, and it happens consistently on a weekly basis.


That's an issue with Verizon then. They should be able to see that the number is spoofed, as it will have a lower/lack of attestation from the originating carrier.

Stir shaken doesn't prevent spoofing but it lets terminating carriers validate that the number is legit before sending the call to their customer.

My old team implemented stir shaken for one of the large voip carriers.


The best part of all of the number spoofing is now I get real calls from real people who are "calling back" the spam call they received from my number.

So I'm getting double-hit by the fact that somehow you're just allowed to place calls from a number you don't own and that's considered a valid part of the phone system still in 2023.


I get that this is for businesses (mostly) so every outward call seems to originate from a single number, but why in the hell can't there be a verification that the number originated from that specific business? Isn't everything digital now? Just do NATing with phone numbers.


That’s basically what STIR/SHAKEN is designed to do, what you’re talking about is going to be handled by the certificate authorities. Carriers are ramping up the way they flag or restrict unverified calls as the system is more widely implemented. Echoes of how HTTPS slowly became universal.


Yeah that's what I don't understand. It should be 100% impossible to spoof some random number no matter what, and spoofing a business number should be heavily authenticated to make sure that only the business the owns that phone number can do it.


Is there any reason to think that this would work for political party donation spam? Do the telecom carriers that provide services for all those horrific text messages about how the other party is going to install a dictator unless you donate to them right now actually care enough to punish those?


From firsthand experience, yes, it works for unsolicited political party donation messages. Not 100% of the time, but way more than 0%.

These wholesale carriers know that recipients will flag unsolicited political messages as spam (to the recipient's wireless provider), and they don't want consumer wireless providers to block or heavily rate-limit messages from their phone numbers. The political campaigns cycle through phone numbers, so their unsolicited messages can "taint" many phone numbers - which will affect other customers' campaigns. The wholesale carrier's incentives aren't perfectly aligned with your incentives, but they're not totally different.


It's also common practice to hard drop abusive campaigns that do not respond to STOP, HELP and similar keywords at the provider's SMSC, and just collect the revenue from them texting your clients.

The 10DLC cartel wants to fine instances of unsolicited text messaging up to $20,000 per instance, hence why there is a big pushback against registering with this unsanctioned, not FCC mandated organization called The Carrier Registry (TCR).

TCR has been a nightmare to work with for those that do participate in their bureaucracy. You fill out pages of forms with everything from EINs/SSNs to the owners and co-owners of the firm and exact examples of what they plan to text, then 6 months or so later the TCR says "Oh, sucks to be you, we're invalidating all current registered companies, pay $50 to register again and fill out entirely different forms!

Also, T-Mobile is tacking on a new inactivity fee of $xx a month per business if your client doesn't message a T-Mobile number every few days :D"


In the US you can report them to the FCC: https://www.fcc.gov/rules-political-campaign-calls-and-texts

Keep in mind that sometimes they can skirt the rules by not using automation per se. Instead, they have a bunch of volunteers sit in a room (or online) with special apps that distribute a phone number list (often from NGPVan or the Republican equivalent, forget what it's called) between the individual devices. Then each human has to click "send" or "call". It still gets routed through their VOIP systems, but because there's a human in the loop, it's no longer fully automated... just like 90%, enough to get around the FCC rules.

It's pretty sketch. I went to one of those volunteer parties before I realized that's what they're doing.

Thankfully Google Fi does a really good job at blocking this kind of spam, texts or calls.


Just to clarify for anyone reading, this meets the FCC's requirements (ie, it's legal and the FCC won't do anything about it), but it generally is not allowed by the terms of use of the underlying wholesale carrier.

So, you should still report it to the sending carrier.

Background: Most larger, reputable US-based wholesale carriers have policies that are similar to the CTIA's guidelines for political campaigns: https://www.ctia.org/news/political-text-messaging-engaging-... . CTIA sets a much higher threshold, including opt-in permission.

This is a bit like the FCC's definition of email spam (a very low bar - what's legal) vs. a mainstream email service provider's terms of use (a much higher bar - what they permit you to send through them).


Thanks for this clarification/differentiation!


No. There are no requirements that politicians respect your communication preferences, honor your opt-out requests, or handle your data. At the end of the election cycle, everything is torn down, voter files get copied to local party databases, state party databases, federal party databases, preferred contractors for campaign infrastructure, any interested consultants, and on and on. There are no limits and the data handling reflects this. You can, at best, opt out from a given campaign for the current election cycle.


I started receiving these in August and so far have filed 311 complaints with the FCC to no apparent effect.


I think reporting to the FCC is a waste of time (https://news.ycombinator.com/item?id=34570065#34570669). Following the steps on this site - reporting to the responsible carrier - is nowhere near perfect, but sure beats pretending like the FCC might do something.


My solution since 2002: don't answer the phone.


Same here but every time I post that on this site I get replies about how they have to answer the phone because their kid could have fallen down a well and their wife could be in a coma and the police would be trying to contact them and if they don’t jump to answer the phone every time it rings their entire family could be murdered.

So IDK. It seems to be a problem, I just don’t have enough of a life for it to be for me.


You can cut through a surprising amount of spam by just reading the voicemail after letting an unknown number ring. If they didn't bother to leave one it was either not at all important or the vast majority of spam calls. If they did leave a voicemail you can generally tell whether it seems even remotely legitimate and, if it does, call back at the number. E.g. if you have a kid and the school calls they will leave something generic like "It's so and so elementary calling for <your name>..." you call the school's main number back and say "so and so called looking for me" and get directed to them.

OTOH it seems if you ever answer these even once you're no longer a random number to try you're immediately marked as a real person who can be tricked into answering at least some calls and will never hear the end of the endless ringing.


This might be a cultural thing, but at least in Australia nobody under the age of 60 would ever leave a voicemail.

If you're deliberately making yourself hard to contact this way, a lot of people will just stop calling you.


This is genuinely pretty shocking to me. Would e.g. the person calling from the school about your kid getting hurt during recess just hang up and assume you'll call back immediately during the workday on the basis you had a missed call?

If you mean for people you have relations with (friends/family/coworkers) most here gave up memorizing numbers a long time ago and none of those would show as an unknown number. This is common enough here in the US that the iPhone has a built in feature to only ring for known contacts and for unknowns only notify voicemails.


Does anyone still has voicemail enabled in the first place? Can't remember the last time I was connected to one. Can't remember last time I had one attached to my number either.

(Geo context: Poland, EU)


UK here, called my phone company many many years ago and had them disable voicemail. It's now impossible to leave me a voicemail. It's fantastic. In all those years I've never (that I know of) missed an important call, people call back if they need to.


If you don't have voicemail, they will send you an SMS. Parent's main point IMO was that if the call was really something important, the person on the other end will leave a message of some sort.


The person on the other end doesn't know if you are making yourself deliberately hard to contact, or if you are genuinely unable to answer the phone call.

This strategy works fine in my experience. Most important calls I get are from people already in my address book. If I'm in a job hunting phase, I'll answer calls from numbers I don't recognize during time frames when I am expecting them (e.g. the policy is relaxed for the duration of a job hunt). But, outside of that, it's hard to imagine a call from someone I don't know that is so important I can't let it go to voicemail, but so unimportant that the caller will deign not to leave a voicemail to let me know this is really important.


Wait a second, do you pick up any call you receive? IME Australia is one of the worst places with regards to spam calls (by far the worst out of all countries I lived in), if I allow calls from numbers not already in my contacts, I get an average of around 10 spam calls per week. If it's something important like my daughter's school or strata or the lawyer, they do leave voicemails.


Honestly pre-COVID I got spam calls maybe once a quarter. After giving out my number every second time I left the house, that number is more like a few times a week.

I would say I am pretty privacy conscious (when possible), so this may not be the average person's experience.


I run two numbers: one for trusted people like work, family and friends, and one that I assume is going to be spam.


The problem with this strategy is that sooner or later, the spammers will find your "trusted" number. After all, phone numbers are easily enumerable...


My friends wouldn't leave a voicemail but a nurse at my doctors office absolutely would.


That's surprising to me, almost everyone I know will leave voicemail. Recruiters especially, which tends to be myst of my legitimate phone calls TBH!

Though with people of my age "cold calling" isn't all that common, typically you text the person first to make sure they are available and keen on a call. Unless it's an emergency of some sort, of course.


Lol. T-Mobile has gotten good at flagging spam calls as "Scam Likely", but for the landline I do the same thing. (I don't believe landline carriers...at least in the US...were forced to implement Stir/Shaken, so it gets the full brunt.) My logic is always that if it's important, they'll leave a message. The landline message also includes the three escalating (line disconnected) SIT tones, which I would like to think helps. But if the spammer uses speech-to-text technology, I'm screwed.

> Instead, report the phone number that the call instructs you to contact.

Under the above scenario most callers aren't dumb enough to leave a message, and I'd be concerned that actually engaging with anybody would increase the number of calls, at least in the short term.

If you're a staffer running the honeypot lines at the FCC, it would be fine because you can go home at the end of the day, but for a personal number I would need convincing. Would love to hear testimonials from anyone who tried this technique and their interpretation of the results.


That said, who doesn't send SMS texts also, at least in the US?


Just use whatsapp -.-


I'd assume police/hospital would leave a voice mail?


I simply have a whitelist of numbers I'll answer.


Every time you post...with a brand new account?

You don't even have any submissions, yet.


Some folks cycle throwaways over time instead of allowing a consistent identity to be built. The guidelines request nicely against doing so but some always do anyways of course.


That's because HN prioritizes aesthetics over privacy and won't allow you to delete your account and all its comments.


Being able to delete an account allows you to decide to remove your information from the site after a certain point. Cycling accounts is about not letting someone who looks at a single account at any time find enough information to piece together your identity at any point. Both are privacy related but the former is not a lead-in to the latter.

As one who'd also like to see the ability to fully delete your HN account for privacy reasons I still think summarizing the alternative reasons as only aesthetics sells the counterarguments a bit short...

... but overall I'm getting myself and the whole conversation extremely off topic here. Probably best to discuss this in a thread about privacy on HN instead of one on robocallers.


doesnt matter anyway there is a 'ai' that can troll thru the posts and figure you back out. unless you change the way you type and the words you use every time too.


One thing I've noticed is that the majority of the spam calls I have received historically have had the same originating area code as my phone number. Perhaps this was number spoofing, or perhaps it was using local VoIP numbers to make spam calls. In either case, it was a great flag for "this call goes to voicemail" because I hadn't lived there in over ten years, I didn't grow up there, and anybody who needs to contact me without a "Hey this is _____" text/voicemail is already in my address book.

It also means that if I pick up calls from numbers originating in <current locale area codes>, it usually IS somebody I need to speak with. No hassle filter to help answer the right calls and ignore the spam.


My ATT mobile stopped getting spam calls in mid 2022. It was quite a sudden drop off between the couple years before that.


US cellular did too, but it's picked back up in the last month or so. So I'm guessing scammers figured out the system again.


I had someone call Friday night. I sent it to voice mail and they immediately hung up and called back. It happed again and I sent it to voice mail again. On the third call in under a minute I thought something must be wrong and maybe this was a friend of a friend in trouble. I answered and they said “Are you interested in selling your house at 1234….”

I hung up, mad at myself for falling for it, and at them for being so ballsy. Then they texted (it came through as an iMessage so I’m assuming it’s their real number) and they said “not sure what happened but we got cut off!”


Apple might be more incentivized to deal with spam using their communication rails more than a typical SMS provider. It might be worth at least marking this as spam in Messages.


>> My solution since 2002: don't answer the phone.

I have two children. Doesnt happen often, but I've received calls from my kids' school. Twice the kids got hurt on the playground and needed to be picked up. The call can from a random number from someone at the school, not the main number.

I have also received calls from pharmacies about order verification for much needed prescriptions. And received calls from doctors' offices about last minute re-scheduling.

Not answering voice calls seems like a solution that works 99% of the time and drastically fails 1%


I’ve disabled calls on iOS and it failed like twice in two years. Once it was a doctor appointment, and I’ve now learned to use their system to do online calls instead. The second time it was some insurance claim, which forced them to give up and send me an email after calling me a number of times.

I’d say at this point let the system fail if they don’t have email or whatsapp or something else they can use to reach you.


Send all unknown numbers (not in contact list) direct to voicemail...easy peasy. 99% spam calls don't leave voicemail and visual voicemail lets me delete and block quick. Very minimal intrusion into my device and time.

Couldn't imagine taking the steps in this post to try and block a number that's probably already been replaced with a new one by the time it takes for anything to be done.


If I did this, I wouldn’t have a job


^ this. In iOS you can disable them entirely which is what I’ve done for years now.


And call the number back.


What about people who are spamming/scamming on WhatsApp? There's some spamming scammer claiming to be working as a recruiter for my biz, but we've never hired a recruiter, certainly aren't hiring, and this guy is running around without any credibility saying he works for us. Doesn't even have an email address at our domain, just some random UK cellphone number, but is apparently based in China after he forgot to translate one of his messages to someone from Chinese.

Asks people if they would like a "task" to complete for £10 as a test for recruitment.


Real question: What is the end goal? Do you think if the person agrees to the test for recruitment, they will be groomed for a bigger financial scam?


I would imagine they're outsourcing crap time-consuming jobs they get given on Fiverr and its ilk that ChatGPT can't blag a passable end result for, i.e., multimedia or research about present stuff. They may spend money, but the contractor has simply outsourced it—they're still going to make something.

As it's a "test", the candidate is likely to put a lot of time and effort into making it as good as they can to impress.


The amount of spam I get since I left Googles old number service is insane. Whats worse is some will say reply stop to stop and just send you more bullshit.


most of the time, STOP, UNSUBSCRIBE (or clicking any link) marks the phone number or email as hot, and gets sold for more money in the market.


I wanted to note that for email this generally isn’t the case. Really spammy spam generally is easy to catch, I don’t think I’ve seen any in over a year. Any legitimate business generally adheres to unsubscribe requests. So if you unsubscribe from stuff hitting your mailbox generally you’ll stop getting it. My mailbox pretty much only gets signal to it, almost zero noise.


Sir, this is Wendy's.

No need to note; the topic is telephone and SMS. Everyone is probably familiar with spam mail and unsubscribing from it.

Email is still manageable and less personally invasive than someone calling you or sending a message at random.


just wanted to add an exception, the non-generally part example.

https://docs.google.com/spreadsheets/d/e/2PACX-1vSdZyRvDd0ES...

this is the log of email spam I am getting since about few years now. The sheet doesn't list any email link, but each one of that link is unique, the soam machine sends me 10x spam if I accidentally click it.


Yes, but there are also "fake legitimate business" spam and phishing emails. If you hit unsubscribe on that, you will absolutely be marked as a hot email to target.


I only do unsubscribe for email for things I'm sure I subscribed to, the actual spammy stuff, that ends up being reported by me as spam.


Years ago, I switched my home "land line" to a VOIP service provider. This provider allows you to build a simple set of actions which will occur when a call comes in.

Mine works like this:

    Is the call from a fax machine? 
        If yes, take the fax and send the fax to my e-mail.
        If no, move to the next step.
    Is the call from a number that's on my whitelist?
        If yes, ring my phone.
        If no, move to the next step.
    Play a recording of my voice saying, "Please press 5 to be connected."
    Keep repeating this recording for 30 seconds.
        If the caller presses 5, ring my phone.
        If 30 seconds elapse and 5 is not pressed, hang up.
No more robo-calls for me. Zero. Gone. I check the logs and I'm still receiving many calls a day from random numbers, but none makes it through the test.

I know that if everyone did this, scammers would figure out a way around it, but for the last 7 years, it's completely solved my problem.


That's a simple phone CAPTCHA that can stop robocalls, but human spammers can easily bypass it, so you likely don't get such calls.

I think just sending all calls to voicemail and urging callers to leave a message if it's important should stop all spam. No human spammer will want you to call them back, and most of their numbers are spoofed, so you couldn't anyway.


I'm very curious to know what service this is and how much it costs? I would love, LOVE to implement something like this for myself.


I mainly stopped using phone calls years ago, and I hope more people also do. I ported my main number to voip.ms and created a couple others to use for pseudonymous accounts. The service is cheap at about $1/month per number, but it is a little technical to configure and is sometimes spotty. My phone number has sometimes been unregistered/out of service for long periods which has been a bonus. Nobody who really knows me calls me on the phone. Instead they know to go to my web page that has many ways to call me including a URL to a Nextcloud Talk conversation, Simplex, Session, XMPP, and Matrix.

If you want a slightly more expensive but simple and reliable number on Android, I highly recommend jump.chat.


I also use voip.ms and the only time they where unreliable was when they were under a DDOS attack. What equipment do you use to bridge the voip to your physical telephone? I suspect that it would be your principal source of unreliability.


I have tried various clients on my Graphene phone and am currently using Sipnetic. I have it excluded from VPN through split tunneling, but I still have periods when number just doesn't register. I know there are various settings that can be tried which I have done, but this configuration is a constant source of frustration for many. This is why I recommend jmp.chat with Cheogram client for those looking for a solution that just works. What client or configuration have you found to give you consistent connection with voip.ms?


It's possible, but not cheap, to have a SIM card that can roam on any cell network on Earth, and present as a SIP client.


I'd be interested to hear more if you don't mind posting about which service(s) offer(s) this. If you'd rather tell me privately, email denver@ossguy.com


> If you want a slightly more expensive but simple and reliable number on Android, I highly recommend jump.chat.

What? This is just a video chatting service like zoom...?


I think they meant https://jmp.chat/


"People still use phones?"

For my social circle, phones have become fax machines -- archaic tech that you forget exists until required for some abnormal situation. My pocket computer's "phone" reference feels quaint, like those floppy disk icons on save buttons; except disk drives aren't so persistently, actively detrimental to my day that I must disable them.

So now, all unknown callers are automatically ignored. If it's important, they'll submit a proof-of-work voicemail. Otherwise, modern apps work perfectly for everyone, and the vestigial phone system can remain in the graveyard where it belongs, thank you very much.


> If it's important, they'll submit a proof-of-work voicemail.

If you don't use voice-over-phone, why keep voicemail enabled?

i disabled mine in 1999 when i discovered that certain colleagues would use it to pass work tasks off to me when they knew i wouldn't be able to pick up the phone. They could then use that as an excuse to say, "well I passed it off to him, so it's his job now."

The call history itself is enough info that someone tried to call me. A message saying, "it's me! Call me back!" is just noise at that point. (Obviously, only people i knew get called back.)


This is the way I wish it could be (for me, personally), but some standardization among my friends is required. Which app do we tie our interdependence to? A very real question.


Literally everybody I know uses whatsapp


Personal anecdotal knowledge does not a standard make.

I’d not be shocked if many in my circle use WhatsApp but since I’ve never used it myself - ever - I’d not know for certain.

Neither statement makes the case for usage of WhatsApp a “standard” or not.


There are 2 or 3 international people I use WhatApp with once in a great while. I've never used it with someone in the US and I bet a number of the people I communicate with via SMS would stare blankly if I suggested using WhatsApp.


Are you young enough that most of your friends don’t have children yet?


Why can't we reverse the flow? A phone number that is spam, what if we throw it right back at them? Especially text spam. A lot of times it's not even a phone number, and that's just wrong. But if it is a phone number, it would be nice to put that into a website and have that phone number up voted by other people who have gotten spam. If it reaches a certain vote total, then it can be confirmed as a spam number, and the software starts overwhelming it with messages and calls.


Unfortunately most of the source numbers are spoofed, and this would cause collateral damage to any legit users of those numbers.


If the telecoms industry wasn't making a profit from it, it would have disappeared a long time ago.

It's just a pity that we all need to pay these companies for one fairly crucial thing, but it enables these undesirable things.

It's somewhat surprising that the rules or enforcement are so lax, given that everyone, including politicians, have elderly relatives that are susceptible to this BS. (but then, maybe the politicians ARE the elderly relatives, and therefore they don't see the problem).


I remember in the mid/late 2000s/2010s using Spamcop.net prodigiously to report every spam email I got because there were just so many. Spamcop automated the reporting process by looking up the mailhost that the spam was sent from and sent a report to the ISP hosting it along with any URL included to the site hosting it, as well as sites like Phishtank, the APWG, the FTC & etc.

Spamcop also ran their own RBL for the emails that got reported to them.

Eventually, the vast majority of hosting companies just refused reports from Spamcop altogether and spam really didn't get 'solved' until Gmail came out and Google's spam filtering software actually worked.

I also use Google Messages for this same reason as they will just catch the majority of bogus SMS spam & I have Bitdefender which catches the majority of phishing attempts.

Other than that there are premium options like Robokiller and YouCall which admittedly have pretty funny ways to answer phone calls and waste their time or answer phone calls with the disconnect/SIT tones.

But when people ask me how to deal with this problem I typically point them to https://ftc.gov/robocalls that has handy info.


I still do the Spamcop thing diligently. Heck if I know whether it does any good, but it's not a big effort and if it helps in a few cases, why not. A surprising amount of the spam and phishing mails I get come through major providers: Gmail, Amazon, Outlook, Sendgrid, etc. – I'd hope they actually do something (getting blacklisted can still be a very costly thing, I heard).

I also report all phishing sites I find to hosts, domain registrars, and Google+Microsoft blacklists. A similar service to Spamcop for that purpose is Phish Report. There, it's a bit easier to measure success. A surprising number of hosts are very quick to kill reported sites.

As for the blacklists… when I report ridiculously obvious phishing sites such as PayPal logins hosted on "verify-paypa1.business", usually the site is blocked on Edge around 15 minutes after I report it to Microsoft, but is often still reachable without warning on Chrome two or three weeks after I reported it to Google…


It's a sad state. We are right on the cusp but I seem to have no way to block all unverified numbers. But the verified number system is in place!


My Voip provider allows for sending receiving text messages as well, and I can certainly set the outgoing number. In our office, there are about 10 different phone numbers, but all outgoing texts are set to come from our "main" number no matter who sent it. And I've been able to change this number to my cell phone number and other numbers that aren't from the VOIP provider.


This is good to know. If you're comfortable sharing, could you email me your VoIP provider or a phone number they're sending from? Address is in my profile. I'd like to learn more.

For anyone else reading, this service is called "10 Digit Long Code" AKA 10DLC. Many business-oriented VoIP providers eventually use a vendor like Syniverse or Sinch for the outbound SMSes. Those wholesale carriers usually either strongly encourage their customers to require verification of sending numbers, or outright require it in the contract. This appears in the wholesale carriers' guidance to their customers, like https://syniverse-web.s3.amazonaws.com/10DLC-Carrier-Pricing... and https://www.sinch.com/sites/default/files/file/2023-03/Intel.... From your experience, it's clear that there are exceptions.


SMS enabling offnet numbers has gotten stricter over the last few months, Bandwidth.com will not enable wireless numbers for SMS, and if there is an existing routing record (eSPID/NNID) most vendors require this be removed by the losing SMS provider prior to enabling a number for offnet SMS.

I used to be able to SMS enable my T-Mobile numbers offnet, but every 30 days TMobile would take this back.

10DLC is being strongly pushed by some carriers, while others are still permitting conversational traffic (for every one message that goes in, one should come back, with a 10% margin in either direction) to go over P2P rails.

With The Carrier Registry invalidating all registered organizations and campaigns every few months, triggering everyone to fill out a ton of paperwork, pay $50 or more to re-validate every business, and also the recent sudden devalidation of every sole proprietor 10DLC registration, I don't blame those who don't want to participate in this unsanctioned cartel formed by the big three wireless carriers.


I’m going to confirm I can still use a number that’s not in my “block” from them, and if so I’ll tell you who it is…. I haven’t had it on my cell number in at least 6 months.


Use iPhone focus feature, whitelisting contacts phone calls. Just need to manually add notifications from frequent contacts. Works pretty well.


The iPhone calling app has a more direct native setting for this "Silence Unknown Callers". Anyone in your contacts or recent outbound calls will still ring, everyone else is silenced (without having to change your global focus).


I used to have that but it still was too annoying


I did something similar to this last week after getting recently inundated with phone spam/scam calls and ended up missing a very important phone call about a medical emergency with my child at school because the school's system was down and they weren't able to call me from their number that I have in my contacts list.

We need to stop trying to get end users to deploy ad-hoc solutions to the problem and update our phone systems to be resilient to these attacks.


Your school needs to use whatsapp


Yes, I worry about this also.


Who's actually benefitting from these spam/scam/advertising phone calls? Whenever I get one I pick up, realize I'm listening to a recording, and hang up immideately, I don't know what it was trying to shove in my face. Who's listening to these calls and doing something that benefits the spammers?


At the end of the recorded speech is a human. Let the speech play, then don't talk to the human. Let them listen to ... silence. They'll soon stop calling.


If you're bored, you can also choose to waste their time by pretending to be a gullible human, but not sending any money.


I tend to try and give them the impression that I'm gullible enough to maybe fall for it, then say I quickly need to do an urgent thing like move the washing to the dryer, put them on hold, and later check how long they stayed on the line, all hopeful that they may have found a victim. The record so far is almost a quarter hour.

It's definitely the best target to optimise – the more time they waste on you, the less time they have to work on some poor soul who's actually vulnerable.


It's so funny(?) that we passed the TCPA in order to stop robocalls, but then never decided to actually enforce it.


The TCPA deputizes you as a private citizen to enforce it. It’s empowering, so much so I would be amazed if anything like it would be passed these days.


Uh, it gives us zero power to enforce anything whatsoever.


It provides a private right of action for you to sue the culprit in civil court. I have personally received thousands of dollars in compensation for every case I’ve brought under the statute.

Unfortunately most of the culprits nowadays are overseas scammers, in which case it’s no help. I would agree in that case- the only way to stop these folks is through the carriers themselves and they don’t seem too keen on doing anything.


Ok, but who's the culprit for "unknown caller"? If we don't have info, how do we go after them ourselves?


That's the art & science of it... you need to social engineer the info out of them. Most of the time, even if you do get a caller ID, it's spoofed, so it doesn't matter what "number" they call you from. You need to identify a business with an address and phone number, and definitively tie the activity back to that business.

Yes, it takes time and skill, but then again, between the TCPA and state statutes you could potentially recover close to $6000 per call. Now when you negotiate a settlement you may not actually see that much, but you are definitely getting the attention of the offenders, and just the process of responding to your complaint (lawyer time) will take another few thousand dollars out of the pockets of these cretin.


So if I try really, really hard, I can get the law to do what it's supposed to do without any effort on my part? How is that in any way a positive?


Details, please. Maybe a video/recording of you doing this? I often waste scam caller time by trying to keep them on the phone as long as possible, but this sounds like a much better approach.


Who is we? The US government is controlled by multinational corporations.


> US government is controlled by multinational corporations

As far as oversimplifying political hypotheses go, this is a stupid one. Multinational corporations have fragmented power structures. They're broadly owned, publicly audited and subject to coups through market-based means.

If you want a secret cabal, America's emerging aristocracy is at least concentrated, opaque and difficult to dislodge.


We had a quite interesting case around text spam in Norway recently. A foreign student was arrested by the Norwegian Police Security Service (PST) for allegedly spying and doing signal intelligence. What he was actually doing was driving around Oslo with an IMSI catcher, which he used to send SMS messages that tried to scam the recipient to devices that was intercepted.

He had his dorm raided by the security services, was put in custody with no visitation or communication for quite some time. According to his lawyer it was quite a traumatic experience, which I can believe. The guy was likely just recruited by some foreign scammers to deliver the messages for them.

In that case the carriers network wasn't even involved. Not sure how you'd stop something like that from happening.


>According to his lawyer it was quite a traumatic experience

Play stupid games, win stupid prizes.


Burn this statement into your brain: "Take my contact details off your list and never contact me again!"

Do whatever you can to make the scam caller hear you make this statement, loud and clear.

The moment they hear it they are supposed to comply, or they will face immense fines. This statement is anathema to the scammer.

I've had a lot of fun with this over the years.

My favorite variety of scamming the scammers involves leading them to believe that I am an old senile guy scared to death of "Windows Security" and that I will do anything to let them fix the problem, including giving them my password, which is of course, the above statement, which I often have to spell out, letter for letter, before they get it: "Take my contact details off your list and never contact me again!"

;)


I came up with a pretty bulletproof solution years ago though it is a bit of a nuclear option...

(1) change your phone number to somewhere you don't know anyone that ideally has a single area code (e.g., north dakota with "701") (2) use some sort of app (e.g., numbershield on iOS) on your phone to block all calls from 701-XXX-XXXX (3) use this new number going forward (or transfer the existing number to google voice which seems to have an effective blocker and have it forwarded to new 701 number

now I can confidently pick up all unknown calls especially if they are local to me knowing they are legitimate - I now only get a few spam calls per year since doing this


Crowdsource blocking can be quite effective at weeding out actual spam. For example Truecaller helps me block most spam calls based on how many others have flagged a particular number. It's not foolproof but usually any new numbers that telemarketers grab get quickly blacklisted. On a few occasions I've had to unblock numbers because I needed them temporarily but I can't remember missing anything important like payment reminders or OTPs.

In contrast, I've remained opted into the Indian Do Not Call registry forever but that hasn't deterred telemarketers much.


If you are Indian, its so much easier to report spam (but of course not easy enough! TRAI, while seems to have good intentions here, is pretty much a luddite where tech & UX are concerned).

make sure your number is register in DnD. Use the official DnD app to register a compliant https://play.google.com/store/apps/details?id=trai.gov.in.dn...

The app rating should have given you a clue that the app is quite a crapfest, but it is still better than the steps folks in US have to wade through. it takes a couple of clicks and a short few typed words to raise the complaint.

Another way is to simply send a sms to 1909 as

> “<Content of UCC, including Referred Telephone Number (RTN) if any>, <header/telephone number from which UCC has originated>, <dd/mm/yy, hh:mm>”

the schema is different for all ISPs, but in general none seems to adhere strictly to the schema as long as the datetime, phone number and comma delimiters are correct.

Here is the link from airtel on the way to file such complaints; https://www.airtel.in/business/commercial-communication/asse...

ISPs are required by law to folloup on these and once you have sent the sms, you will get update smses for your complaint.

I usually just use the DnD app and when that isn't working, I send the sms. the schema i can get from my sms history and just change the caller id, phone and date. And in return I get the satisfaction of getting the update about the phone number of the violater being barred or limited to 20 calls in a month.


A case where LLMs or ChatGPT would be very handy.

Setup honey pot number. Route all phone numbers to be answered by ChatGPT. Use ChatGPT to extract phone number. Use twilio api to lookup phone number. Route report to appropriate carrier(s)


> route report to appropriate carrier

hilarious to assume that would exist, it is very manual. if any carrier attempted to automate it, it would be used offensively for fraud as well


For me, the operative part of the comment is

> To keep it simple, consider starting by reporting SMSes.

> For robocalls, expect that many robocall CIDs are spoofed

I pretty much only get spam calls (texts are pretty rare), and I'm 99% sure all the source numbers are spoofed and I assume it's infeasible to actually trace them. If this is wrong, please let me know.

Otherwise, I guess I'll just keep waiting for STIR (https://en.wikipedia.org/wiki/STIR/SHAKEN).


This is very helpful, in Mexico, we have a couple of government-provided services where you register to not get advertise/financial calls, when you do, you can report them, and, in theory, the organizations could get considerable bills due to this violation.

I have been thinking that we should make an app to automate the reporting process.

A fun detail is that the government sells the lists of people that do not want to get contacted.

Also, lately, I have been getting many calls that are supposedly coming from the UK.


Australia has a similar program running called the Do Not Call Register. Does not really stop anything apart from the legally running telemarketers.

Obviously does nothing to stop the phishing calls from overseas (typically compromised) voip services that overstamp local numbers.

Additionally the register has carveouts for calls such as charities, political groups, and research calls (polling).

> Also, lately, I have been getting many calls that are supposedly coming from the UK.

Anecdotally, I have been getting the ocassional spam texts from the UK, but all from numbers registered with O2. It's pretty useless to associate any origin and come to conclusions without a large amount of data. (That and the use of CLI overstamping means that it could be from anywhere)


I get spam calls and texts every day, interestingly now the spam even reached my whatsapp and telegram, although most of it is text and calls. The texts and calls are always from a different number. So what I did: I disabled calls entirely. At this point people only call me on whatsapp so it hasn’t been an issue in the last few years. Text is annoying because people in the US still use it instead of whatsapp so I can’t disable it completely.


What I usually do is keeping them on the phone as long as possible with questions and then tell them I don't want what they are selling.

I worked in a place that had call centres as part of their business and I know that they classify calls into hit or miss. Miss calls must finish as quickly as possible and they know that if they keep miss calls under a given duration they are gaining money.

I want to be the person that makes them lose money.


Absolutely est advice! I never talk to them and keep them on the line for as long as they care to wait.

They block me.


I also do that sometimes. Like when they put you on hold when you need them? I put them on hold when they need me. I go like "sure, I'm very interested.. can you just wait one second?" and then I put the mic on mute and go on with my life. Some of them are desperate enough to call back.


I'm getting so much political spam its crazy and even when trying to opt-out it doesn't nothing. I get another message from a new number.


Your experience is typical. The process covered on this site is the only realistic shot of getting anything done. It's far from perfect and it shouldn't be necessary, but it's much better than nothing.

(It's still worth reporting to your wireless provider as well (see https://reportphonespam.org/#Reporting-abuse-to-your-wireles...), but only because it's so quick to do, not because it's likely to help.)


This whole system needs to be automated. It should be as easy as clicking a "Report" button on my phone or in my SMS application.


I actually emailed the FCC[1] last month and asked about/offered to try to make this available to more consumers. A realistic MVP would be an FCC-operated wrapper for Twilio's Line Type Intelligence API, so that any consumer could find the carrier responsible for any US phone number. That's not perfect, but it's a great start.

One step better would be that plus a unified contact form - basically, the process I described here, but without needing to find the carrier and then map that to a contact. The FCC already operates a robocall reporting form that goes to an FCC-operated Zendesk, but reports don't go to the responsible carrier.

The FCC did not reply.

[1]: Loyaan Egal, Bureau Chief of the Enforcement Bureau: https://www.fcc.gov/about-enforcement-bureau/loyaan-egal-2 (the person most often cited in robocall enforcement actions)


Update that Mr. Egal responded and forwarded my message to the team responsible for robocall enforcement. It would be a great start if the FCC changed their reporting flow to also notify the originating carrier.


cool!!!!


The easiest thing honestly would be someway to block all foreign numbers. right now you only have the choice of blocking any number that isn't in your contacts which really isn't an option as it blocks legitimate numbers from doctors, pharmacies, amazon, etc. I really don't need to be getting a text or call from India.


Could you add an exception for law enforcement? There are 600,000 missing persons reports annually (especially concerning when a person is being prevented from calling their loved one) and it would make their job easier and could start with a very small consent question. Feel free to email me if you need any more background or information.


Calling random phone numbers is not a viable strategy for finding missing persons.


Wouldn't it be nice if you could give out a revokable token in place of a phone number to various businesses. If you ever received spam through a token just revoke it and move on. Puts the power back into the hands of the recipient rather than having to rely on some centralized service or your carrier.


Unfortunately, many spam callers don't even use number lists, but just iterate through. phoneNumber++ ad infinitum. With parallelised robocallers that only involve a human when a connection is established, it's cheap and effective.


My spam calls are down to 1 or 2 per month after using nomorobo.com for 5 years. It is not direct action as TFA suggests, but it works well for me. Callers reach voicemail, almost never leave messages, and the phone almost never rings. Free for VOIP numbers, $20/year for mobile. Several similar alternatives exist.


I recently got a spam sms from this number: +1-450-914-4061

realphonevalidation.com provides this info:

Phone Number: 4509144061

Status: Connected

Phone Type: Landline

Subscriber Name: Unavailable

Carrier: Canada

Subscriber Type: Unavailable

which isn't that helpful and the other link just flat out refuses to look it up...


Why has this not been such a problem in the Netherlands? Can't be any recent laws, because I haven't heard it be problematic all my life. Maybe too small scale, or too high a price, or I live in a bubble?


“Should I Answer?” uses a crowdsourced approach, and works quite well for me.

https://www.shouldianswer.net/


Would it be possible to build an app to automate all this?


Great question. I think the biggest challenge would be maintaining high-quality reports/complaints. Basically, preventing people from reporting things that they opted in to but are frustrated with (just because it's really easy to do). There's a chance that the reports would actually become worse (less actionable) if it was too easy or too automated.

A small challenge is that the high-quality carrier lookup APIs charge a fee for each query. The fee is tiny (like 1/10th of a cent per number), but enough to add up.

If anyone is interesting in discussing this, my email address is in my HN profile.


I see no downside to frustration also blocking a business. Dark pattern sub/unsub? Messaging hourly because marketing thinks you’re that important? Either pay to design an experience respectful to customers or pay after the fact for losing access.


Off topic but your HN profile doesn't have your email


Thanks. I removed it this morning because I got an email from an HN user who is experiencing mental illness/delusions. My email address is pretty easy to find online, though, or I'm on Mastodon here: https://mas.to/@troyd


You'd undoubtedly have to design, at least at some point, for such a system to be explicitly attacked. I'm not assuming you haven't considered that, just pointing out that this might factor into how one might approach building something from the start.

I'd suggest it will depend on goals / scale - if not many are using, probably would be ignored even if bad actors were aware of it. If it started to have real effects, there'd undoubtedly be very intentional efforts to attack it. Beyond just the sporadic script kiddiez / for the lulz set ...

Edit: sorry, "app" - to potentially use the app in some malicious way ... Not sure my comment is so useful, but, I'll leave it since it's unfortunately all too easy to end up with unintended consequences. Though, I favor fighting this garbage wholesale and support any efforts to interfere with the deluge of BS / noise with modern communications tech.


Much of this is already established knowledge and practice in the world of email. People report spam for communications that they don't wish to receive, and often reporting spam is vastly simpler than any other option.

I'd propose that absent specific legal processes contact occurs at the consent and discretion of the contacted. That's one of a number of principles I've been kicking around under the notion of "Communications Autonomy"[1]. There is no fundamental right to attention. As such, any communications system which doesn't provide the ability to manage contact attempts and communications is in violation of those principles, and more concretely, as the annoyance and/or risk factors outweigh advantages and benefits, people and organisations will defect from those systems in droves.

The telecoms industry has been openly expressing concern that trust in the phone network will be lost. And by "phone network" I'm speaking broadly: POTS (plain old telephone service) and PSTN (public switched telephone networks), or any universal direct-access communications system.[2] I think we're seeing that breakdown. A key problem is that there isn't any single successor system that appears ready to step in, and most of the more likely proposed systems entail substantial concerns themselves over monopoly power and abuse, surveillance (state, capitalist, or other-actor varieties), etc.

I've got a few specific suggestions which I'm planning to make in a top-level comment to this thread.

________________________________

Notes:

1. See: <https://toot.cat/@dredmorbius/108579251632091173>, <https://toot.cat/@dredmorbius/107742445268072257>, and <https://diaspora.glasswings.com/posts/622677903778013902fd00...>

2. Phone, email, SMS, social networking, postal mail, etc.


This is really nice.

Would be great if you can also include some examples for Europe.

Of couse, i would be up to do some digging if you need help.


Thank you! I put what little I knew in https://reportphonespam.org/#not-in-the-us-or-canada , but that's not much :-) I'd welcome any other ideas or additions. My email address is in my HN profile.

One of the carrier lookup APIs that the site recommends, Twilio's "Line Type Intelligence" API, may support numbers in other countries. That might be a place to start: https://reportphonespam.org/#How-do-I-look-up-more-numbers


Do you get unsollicited phone calls in Europe? In Czechia it almost never happens, maybe once every three months...


> report the phone number that the call instructs you to contact

They never reveal a phone number and Caller ID is spoofed.


Where can I report Google Voice and Text Mail subscribers? Those are usually the sms spam accounts


What is the percentage of spam calls from total nowadays? Does anyone know the numbers?


In my country political parties can spam you. The leaders need to lead.


In the uk you can just forward the SMS to 7726 ('SPAM' on an old phone). You'll get a text back from your provider with details.


Does this work internationally?


If you can find a Web site or API that offers carrier lookup for a given country's phone numbers, the same process should work. That's far from guaranteed, but Twilio's "Line Type Intelligence" API claims to support other countries. I'm not sure whether that includes carrier name, so you'll need to try it: https://reportphonespam.org/#not-in-the-us-or-canada , https://reportphonespam.org/#Twilio


Or simplify a white list for all cell phones by default. But just like they make it hard to keep your snail mailbox from being clogged from garbage, this remains hard.


[flagged]


That's clearly wrong. For many technical and hobbyist publications the ads are one of the reasons people buy the publication. E.g., probably 80% of the time I bought an issue of "Computer Shopper" [1] it was to see the ads.

[1] https://news.ycombinator.com/item?id=36206526


If that is the reason someone is buying the publication, it's not an ad; it's the content.


This feels like “I created a free public service to report when you find you bought toys with lead paint!”. Phone spam is not an appreciable problem in many, many other countries


The first order problem with spam calls/sms is you probably opted in to something. Most spam, like it or not, you asked for, and they can almost certainly prove it.

The TCPA lawsuit business was so lucrative for years that a lot of effort goes into producing proof that the contact is legal. Rather than stopping spam calls these laws basically guarantee spam, but legal spam.

Also carriers have pretty well cracked illegal spam through their own analytics. Some still happens, but it’s cleaned up extremely fast.


> The first order problem with spam calls/sms is you probably opted in to something. Most spam, like it or not, you asked for, and they can almost certainly prove it.

At least in my case, this isn't true. When reporting SMS spam, I've often told the carrier to ask their customer for proof that I opted in (because I didn't). None have - again, because I didn't opt in to it or anything else.

I don't know how true your assertion is among the general population, but my experience may at least be representative of other HN readers. Many of us don't randomly give out our mobile numbers.


In my case, the old dead guy that had my number before gave his number to some booth at the state fair (or so one spammer claimed). And then that number got sold to all sorts of medical scammers and political campaigns.

I always ask what my name is when an unknown caller calls, and 90% of the time it’s the old dead guy.

I did not opt in, yet here I am getting a few dozen calls per week at all hours of the day.


For TCPA compliance purposes, they should be pulling the deactivated numbers list (which Twilio offers for free), checking the do not call list, and querying the reassigned numbers database to establish safe harbor against TCPA lawsuits.

This is really expensive to do (the RND and Do Not Call lists are very expensive to query, the FCC needs to make these cheaply available) and automation for doing these queries is not offered by most phone providers.


This is comically false - unless you mean that by providing my phone number to someone I’ve opted in (and I’m not talking about buried in some TOS (which is still BS), but say my local dry cleaner who spams me because I provided my phone number when they asked for my name and phone number when I dropped my clothes off.


I can assure you, I did not ask for the SMSes telling me to go pay outstanding postage fees at a fake website.


This is easily proved wrong. If I get a brand new cell phone number, I still get calls for complete scams even though that number, as far as I've owned it, never opted in to anything.


Are numbers ever really brand new, as in you are the first to ever have that number?


Probably not, but that's not the problem of the person with the new number.


I can assure you I have never opted in to being called by random Indians claiming to be social security employees.

It’s open enrollment for Medicare, and I can also assure you that not only do I not qualify for Medicare but I have also not opted in to incessant Medicare spam.

I also never opted in for political messaging.

I also never opted in for calls regarding Camp Lejune injuries.

I also never opted in for calls about automobile accident injuries.

I also never opted in to be contacted for final expense insurance.

Shall I go on? Carriers most certainly have not “cracked” illegal spam through analytics. My carrier stops about 20-50% of the spam I receive.

The TCPA is great to cut down on the onshore businesses using illegal telemarketing to promote their business, but does nothing for the offshore scams. I’ve used TCPA in the past and helped carriers identify and sue telemarketers so I am very familiar with it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: