As you well know, spam infiltrates, clogs, and slows down email servers worldwide. In my organization, spam accounts for nearly 89% of all inbound and outbound messages. Yet, we’ve been accustomed to the use of filters, quarantines, and junk email folders. Spam detection is not a perfect science, and has taken years to develop effective strategies for combating email spam.
Translate this to the VoIP forefront for a moment. Imagine if 90% of all calls or voice-related messages were, well, spam. Would we even bother to pick up our ringing phones anymore? Just as Caller ID spoofing has become commonplace, it’s difficult to identify the validity of callers. However, the majority of Caller ID spoofing is used for non-malicious purposes. Here’s the ultimate question: how long will we be lucky?
Let’s break this problem down further. It’s important to realize that VoIP spam is easily possible with today’s technology already in place. Regular “trunk spam” can be generated using falsified Caller ID (as described above) over the PSTN, just as you or I could place prank calls with advertising for discounted medications, etc. You obviously could be running a 20-year-old key system and still be subject to PSTN spam.
What promises to be more of a factor, is a type of spam that’s aimed at VoIP PBXes, gateways, and servers. Especially with the slow standardization of SIP as an IP-based signaling protocol, many organizations allow “direct” SIP URIs to be used from external sources, trusted or untrusted. So, if I publish my SIP URI of sip:matthewn@my.server.com, it’s now a target for SIP-based spam. While this method of spamming is still rare, it’s only a matter of time before the malicious begin to utilize new vectors for propagation.
So, if my predictions are correct, we’ll have an entire market of VoIP anti-spam appliances in the next five years. With the unquestionable focus towards unified messaging, converged infrastructures, and IP-based integration, we’ll undoubtedly be fighting new methods of security issues and, well, annoyances.
Later in the week, I’ll focus on what standards are being engineered and considered to ensure VoIP “sender identity.” This too will become a forefront of debate in the upcoming years. In conclusion, we should always be prepared for the next “big issue” coming down the pipe. With any new technology comes new frustrations and considerations that will “negatively compliment” the latest developments.
Nickasch has been very involved in IT since he was just 13. His current and previous consulting experience includes systems architecture, virtualization, and converged networks for the financial, education, and healthcare industries. Matthew currently attends the University of Wisconsin-Platteville, where he also works as a network management assistant. While his interests include directory services and routing protocols, Nickasch's focus is on converged networks and voice over IP.
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Real problem is that VoIP makes junk calling very cheap
Direct on-net VoIP calls will eventually start to be a problem as VoIP replaces traditional TDM telephony, but for the next few years that's mainly practical for targeting businesses with VoIP PBXs, which aren't typically a good market for spammers. There's also some spam presence on larger VoIP systems such as Skype and voice-enabled instant messaging systems.
But the real problem is that outgoing VoIP makes local and international phone calls cheap, even if they have to gateway through the public telephone network. At prices under a penny a minute, the phone call is cheaper than wages of any human making the phone call in most of the world, though robots are obviously cheaper for the parts of the call that can be successfully automated (e.g. call setup, detecting answering machines, playing initial scripts), and because VoIP works internationally, Do Not Call Lists aren't enforceable and the spammers can exploit cheap labor even if they aren't Nigerians themselves.
So all this cool cheap calling is going to lead to more junk calls, even if you don't have a VoIP system - if it's pure IP calling, you may be able to filter based on IP address origin even if the caller ID is fake, but spammers will eventually escalate by running that from botnets or other local computers too.
The funny part..
You are right - we will have a huge market VoIP anti-spam products, etc in a short time. We will go through the same as with other communication methods - instead of doing it right, trying to sell something?
Now, bear with me, 30+ years in computer security, with todays technology it is even more easy to prevent and to find the culprits but.. Giving the resources the governments and some companies have - it is actually very easy. Now - do they really want that?
I don't think so, there is money to make, there is the political influence, etc. Only if it backfires, when someone starts making noises, business as business goes.
A cynical view - yes! But also how the market and the politics work. Nothing to do with technology, that's the easy side of it. For example, SIP is actually a very good technology but how many good implementations there are? Can I control my own address, authentication, authorization - or, does someone promise(?) to do it for me? I don't pay (except in taxes) the junk mail coming to the mailbox? I don't mind putting the junk mail to the waste basket as long as I don't have to pay it. Of course we all pay the "marketing" cost (advertising) in any product - that's just part of the life and ignorant public (IMHO).
I just hate the blame on developers, administrators, etc when the real issue is marketing and politics! Most people working in IT, developing and/or administrating are good and honest but forced by some other forces. Sorry about the rant - a bad day, too much junk in mail and in e-mail..
Post new comment