On 7/18/19 3:15 PM, Jay R. Ashworth wrote:
> ----- Original Message -----
>> From: "Michael Thomas" <mike@mtcc.com>
>> On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
>>> Yes, of course we sent out calls with "spoofed" CNID.
>>>
>>> But, even though only 2 or 3 or our 5 carriers* held *our* feet to the fire,
>>> we held the clients' feet to the fire, requiring them to prove to our
>>> satisfaction that they had adminstrative control over the numbers in question.
>>>
>>> But it's the carrier's responsibility, properly, to do that work.
>> How do the clients prove that?
> Do you know, I don't know; it was above my paygrade; the few times I stubbed
> a toe on it, I threw it over a wall.
>
> I presume that there was paperwork...
>
>
I still think this would be much easier to solve in the Internet domain
instead of in the PSTN domain. That is, use SIP From: address instead of
telephone numbers. We already have the ability to give with reasonable
certainty that a message has been originated by a given domain. If we
present that address in preference to caller ID, and I can filter based
on that it puts a lot of positive pressure on legit callers to identify
themselves (they already do it for their email), and negative pressure
on the callerid holdouts. They'd have to use their own domain name and
prove their control of it, and that's a good thing. You'd think this
would be easier for the carriers too since they wouldn't have to vet
shady clients... it's their domain they're trashing, not the carriers.
I for one would be perfectly happy with a UA that went straight to a
quarantine if it only had callerid in it.
Mike
> ----- Original Message -----
>> From: "Michael Thomas" <mike@mtcc.com>
>> On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
>>> Yes, of course we sent out calls with "spoofed" CNID.
>>>
>>> But, even though only 2 or 3 or our 5 carriers* held *our* feet to the fire,
>>> we held the clients' feet to the fire, requiring them to prove to our
>>> satisfaction that they had adminstrative control over the numbers in question.
>>>
>>> But it's the carrier's responsibility, properly, to do that work.
>> How do the clients prove that?
> Do you know, I don't know; it was above my paygrade; the few times I stubbed
> a toe on it, I threw it over a wall.
>
> I presume that there was paperwork...
>
>
I still think this would be much easier to solve in the Internet domain
instead of in the PSTN domain. That is, use SIP From: address instead of
telephone numbers. We already have the ability to give with reasonable
certainty that a message has been originated by a given domain. If we
present that address in preference to caller ID, and I can filter based
on that it puts a lot of positive pressure on legit callers to identify
themselves (they already do it for their email), and negative pressure
on the callerid holdouts. They'd have to use their own domain name and
prove their control of it, and that's a good thing. You'd think this
would be easier for the carriers too since they wouldn't have to vet
shady clients... it's their domain they're trashing, not the carriers.
I for one would be perfectly happy with a UA that went straight to a
quarantine if it only had callerid in it.
Mike