I have recently switched to mozilla thunderbird, and one of the <3 moments is definitely the builtin RSS-reader (which I use extensively now that I have it easily accessible on my third monitor).
Twilio is sort of a dream for spammers, they'll just make new accounts on it and spam campaigns on those new accounts. Political organizations do it all the time, if you get on a list you're never getting off. Lookup the numbers sending to you (Twilio's own lookup tool works great for this) and it almost always comes back Twilio/Zipwhip.
I only recommend responding STOP to short codes since there's more investment and vetting on getting a short code. Carriers will intercept the request for TFN/local numbers sometimes but I don't really trust it. These numbers are all going to be spammers buying pools of numbers to churn and burn. They'll just import their list into a new account if it unsubs.
Oh and btw, it's actually easier now as a spammer to tell when numbers get burned. A few years back when the CTIA handover on regs happened (and sending costs went up) the carriers finally started to respond with the delivery status of the sent messages. Before this they didn't respond and you only knew your provider delivered the messages to the carrier, not whether the carrier delivered them to the handset.
I think Twilio requires its customers to go through the process of registering with the CTIA before allowing use of the SMS API. I abandoned a project because the process was too burdensome. Political campaigns are exempt though.
Yes - we went through this for a client I'm currently working with. We were migrating from an approved campaign via a different provider to doing it on Twilio and even in that case, there was quite a heavy process to get approved again on Twilio.
Is that new? I tried it out for fun once and it only took a few minutes and I don't recall any major hoops.
I think it's different if you're applying for a shortcode vs a regular or toll free number though. There are different regulations governing all of those.
Earlier this year I think? I have a Twilio number that I setup just so my Home Assistant system could message me about things like water leaks. They stopped delivering any of those messages (while still charging me to send them!) and I have to register as a business and provide proof I have an opt-out, etc, etc.
The only phone number I ever texted was my real cell number, it's no longer worth having a Twilio number for a hobby project.
There's only hoops to jump through if you want higher send rates from a number. The CTIA figured out a new cash grab was registering businesses as legit senders on TFA's but it doesn't promise delivery, just gets you a nice logo/name on SMS apps.
Having been on the purchasing end for wholesale marketing SMS I can tell you most of sales people will suggest the 'correct' way and happily sell things that let you do it the 'wrong' way.
Pretty sure that’s no longer the case. You need to register your “campaign” to send any SMS messages. I put campaign in quotes because the process seems to ignore the fact that people might have use cases that are unrelated to marketing.
Probably should add some context. Some bad SCOTUS rulings basically handed nearly all text message regulation to the telecom companies themselves (through the CTIA). They don't really care too much about spam if you pay them enough to do it and don't get extremely high reporting rates (especially with short codes, they will filter/blacklist toll free numbers and local numbers if you hammer carriers enough).
Putting aside all the other problems this post talks about, for me the biggest issue was the bridge itself appeared to be run by a single person. When the bridge crashed and he was asleep or on vacation just got stuck waiting hours/days for it to come back. Made for a terrible user experience.
Since then I just run 1-to-1 heisenbridge connections with my homeserver. It's not as fancy but it works reliably.
> There is a way, which is through buildout enforcement.
LOL, DISH squatted nationwode spectrum for years and it wasn't until the tmo/sprint merger that they did more than build a single tower in Colorado. I don't think I've ever seen the FCC seriously enforce the buildout requirements since any license holder can say 'but its hard we need more time/money'
Assume the database gets dumped. Plaintext you immediately have a password.
If hashed/salted, this would need to be cracked and takes time/resources. It's not perfect/ideal but it buys time. A raw pw dump you're good to go to start testing them on other sites.
In short, its like having a kia/hyundai vs. any sane car manufacturer. All cars can be stolen, some just make it easy.
I've mentioned this before but in the US only T-Mobile allows EID-only activation. Verizon checks to see if the device IMEI matches the EID. AT&T is even worse and only allows whitelisted IMEI's on their network.
TL;DR: More useful for international travel, less useful for US domestic carriers. There's a few T-Mobile MVNO's that are cheap/free you might be able to use this with.
It’s infuriating that US carriers still cargo cult their old CDMA/SIM-less habits even in this day of 3GPP-only LTE/5G.
Sure, they can support the EID flow if they must to support whatever legacy distribution channels, but would it kill them to also support the QR-based eSIM flow like literally every other country in the world?
To be clear, that's because the country that represents that ccTLD has sovereignty over it. That's also why they can have arbitrary, unusual requirements on them.
Government procurement contracts for these probably wanted it since they need a way to inventory assets and this gives an all-in-one solution. Military and law enforcement are probably the main purchasers of these.
reply