Send them all to Lenny! If Apple and Google implemented a "Forward to Lenny" option in their OSes, robo calls would drop dramatically. :-)
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Damian Menscher via NANOG" <nanog@nanog.org> To: "Brian J. Murrell" <br...@interlinx.bc.ca> Cc: "NANOG mailing list" <nanog@nanog.org> Sent: Sunday, March 8, 2020 11:59:07 AM Subject: Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls On Fri, Mar 6, 2020 at 8:05 PM Brian J. Murrell < br...@interlinx.bc.ca > wrote: On Fri, 2020-03-06 at 18:37 -0500, b...@theworld.com wrote: > > Why don't they just ask the phone companies who are billing these > robocallers who they are and we can arrest them. Exactly. I have always maintained that if my phone number were one of those "premium" numbers (1-976 -- maybe I am dating myself but you know what I mean -- where calls to it were billed at $5/min), I am sure that my telco (the one providing me the premium number on my the phone line that runs into my location) would always know exactly who to send the bill to for every call that called my number, including robocallers[1]. So, if my telco can bill the callers for those premium calls, they surely know who they are, or at least know where they are sending the bill and getting payment from. But who are we kidding? The telcos have been making money hand over fist with robocalls and are not really all that motivated to dry up that revenue stream. Regulation (as much as I hate it in general) is the only solution. Making the allowing of robocalls more expensive than preventing them is the only solution. Whether that is through fines as a result of regulation or otherwise. This is similar to the BCP38 problem of spoofed packets making their way onto the internet. The recipient has no way of knowing which packets are spoofed, but with (sampled) netflow/sflow, the origin of a flood of traffic *can* be traced, even if spoofed. And, once traced, it *can* be filtered. The fact transit providers don't do this traceback and filtering today is simply because it would cost money, and they make more money carrying the traffic (and also the amplified DDoS traffic it causes). The only solution is to make it more expensive to facilitate criminal activity than to prevent it. I think we're seeing the beginnings of this in the telco industry, and I hope it carries over to the internet. In the robocall case, there *is* something the end user can do to fight the abuse: answer every call, and keep them on the line as long as possible. They are paying for connected calls, for the connection duration, and for the humans to scam people. If everyone tarpitted them, the business model would fail. Damian
