VoIP Spam – An Impending Doom?
By Matthew Nickasch on Wed, 07/09/08 - 9:27am.As you well know, spam infiltrates, clogs, and slows down email servers worldwide. In my organization, spam accounts for nearly 89% of all inbound and outbound messages. Yet, we’ve been accustomed to the use of filters, quarantines, and junk email folders. Spam detection is not a perfect science, and has taken years to develop effective strategies for combating email spam.
Translate this to the VoIP forefront for a moment. Imagine if 90% of all calls or voice-related messages were, well, spam. Would we even bother to pick up our ringing phones anymore? Just as Caller ID spoofing has become commonplace, it’s difficult to identify the validity of callers. However, the majority of Caller ID spoofing is used for non-malicious purposes. Here’s the ultimate question: how long will we be lucky?
Let’s break this problem down further. It’s important to realize that VoIP spam is easily possible with today’s technology already in place. Regular “trunk spam” can be generated using falsified Caller ID (as described above) over the PSTN, just as you or I could place prank calls with advertising for discounted medications, etc. You obviously could be running a 20-year-old key system and still be subject to PSTN spam.
What promises to be more of a factor, is a type of spam that’s aimed at VoIP PBXes, gateways, and servers. Especially with the slow standardization of SIP as an IP-based signaling protocol, many organizations allow “direct” SIP URIs to be used from external sources, trusted or untrusted. So, if I publish my SIP URI of sip:matthewn@my.server.com, it’s now a target for SIP-based spam. While this method of spamming is still rare, it’s only a matter of time before the malicious begin to utilize new vectors for propagation.
So, if my predictions are correct, we’ll have an entire market of VoIP anti-spam appliances in the next five years. With the unquestionable focus towards unified messaging, converged infrastructures, and IP-based integration, we’ll undoubtedly be fighting new methods of security issues and, well, annoyances.
Later in the week, I’ll focus on what standards are being engineered and considered to ensure VoIP “sender identity.” This too will become a forefront of debate in the upcoming years. In conclusion, we should always be prepared for the next “big issue” coming down the pipe. With any new technology comes new frustrations and considerations that will “negatively compliment” the latest developments.
- About Considering Convergence
- Matthew Nickasch is an independent consultant and analyst in the IP communication and convergence fields. His current and previous consulting experience includes systems architecture, virtualization, telecommunications, and converged networks for the financial, education, and healthcare industries. In addition to his consulting responsibilities, he has been active in the research realm, recently publishing and presenting on topics including routing protocol security and ERP and transactional database auditing. While his interests include directory services and corporate compliance, Nickasch's focus is on converged networks and IP communications.
Most Discussed Posts
- Blog Roll
-
Network World, Inc
The Connected Enterprise