The US government failed attempts to stop robocalls is my favorite example of how ineffective and corrupt the system is. We all know that in a healthy system it is an easy problem to solve. All the lobbyist and corporate interest is goin in the way. It's ironic because the government officials know how directly the general population feel the pain of this one and sometimes really want to do the unordinary and focus on interest of The People but can't get it done!
Honestly, its like all the huge DDoS attacks by spoofed UDP packets. In both cases, their is already tech in place, that prevent you from forwarding packets for networks that are not 'under' you (BCP 38 came out in what, 2000?) But their is very little incentive for the provider to do the work.
Well...my personal experience has been that during the Obama administration spam call frequency drastically reduced. The do not call list was maintained, people were prosecuted for running spam call boiler rooms. Then, pretty much on inauguration day, it was very noticeable there was a huge increase in inbound spam calls. It was as if a bat signal had gone up to the effect "do do evil, it'll be ok". And now, in the newest administration we now have new government activity to crack down on spam calls. For me, a pattern is emerging...
Phone service is an oligopoly. Spectrum is sold by the government and it is EXPENSIVE. No new companies can join the market, and customers have nowhere to go. So prices are high and companies do the bare minimum.
Email is more of a fair marketplace. In theory, you can even roll your own on a $5/mo VPS. Switching costs are low. You can forward messages anywhere. So email providers cannot charge exorbitant rates or require 12-month contracts, and they must provide better service to retain customers.
I think you have this backwards. E-mail is actually a good example of why you shouldn't open up communications systems too much. Because they're more or less free to send, people who want to send advertisements send loads of them. This makes e-mail entirely unusable unless you are very proactive in restricting who can send mail to you. Technical limitations like SPF, DKIM, and so on only prevent the worst abuses. What does really work has been IP blacklisting and reputation systems that more or less make rolling your e-mail very difficult.
Yes, you can roll your own e-mail; but you're taking on the challenge of both getting spam out of your incoming mail as well as getting your outgoing mail to be deliverable to everyone else. As a homelab[0] training exercise, it's fun; but businesses that need reliable mail just outsource it all to Google or Microsoft. The end result is that e-mail users more or less reinvented the restrictive systems that phone service used to have before the FCC opened POTS up to everyone that wanted to call an entire state about the their car's extended warranty.
When you mention spectrum limitations, that's for providing mobile phone service; which is only tangentially related to the actual phone call routing these days. Just getting a dialable number or placing a call is hilariously cheap and plenty of services of varying quality will let you do this in bulk. Providing access to that number over wireless spectrum is the expensive part; but you don't need spectrum to spam people.
[0] Don't try to take the word "homelab" literally and run your mail server on your residential ISP. It won't work.
I think you're right, but we're looking at this from opposite angles. We can never stop people trying to make spam calls, because human nature. At the same time, I don't think it's a desirable design goal to have a communication system that isn't open to everyone. So we must address spam on the receiving end. That's exactly what email is doing, in a decentralized way, pretty effectively in my opinion.
Now why are cell carriers dragging their feet even for basic problems like caller ID spoofing, which have been solved in the tech industry for decades now? 10 years ago, if I could have switched to any carrier at all that blocked spoofed calls, I definitely would have. But no company offered that service for the reasons I mentioned, and now it's too late and people have mostly given up on voice calls.
If email were a government-bolstered oligopoly and we all had to rely on Verizon's in-house engineers for spam filtering, email would be good as dead too. Email is certainly not perfect, but overall I think email's open model has aged much better.
> We can never stop people trying to make spam calls, because human nature.
Bit of a tangent, but I don't think people are making these spam calls because "human nature". They're making the calls because we have a society based on the accumulation of fungible wealth through profit, they can make a profit from shilling something through these calls, and the expected negative consequences of doing so aren't significant. Nobody wakes up with the natural urge to talk to hundreds of strangers about refinancing their student loans.
> E-mail is actually a good example of why you shouldn't open up communications systems too much. Because they're more or less free to send, people who want to send advertisements send loads of them. This makes e-mail entirely unusable unless you are very proactive in restricting who can send mail to you. Technical limitations like SPF, DKIM, and so on only prevent the worst abuses. What does really work has been IP blacklisting and reputation systems that more or less make rolling your e-mail very difficult.
Unfortunately the real problem with email is liability. There's no way for me to force liability of a received email onto the sender. I can't tell Gmail to block all non-US email. I can't even tell Gmail to block all mail from specific IP blocks or domains. If malicious email originates from the US then there's some very strict laws around malicious use of computers...
A phone call though? The liability is in the caller or, at least, the service provider.
You're thinking about cellular service. Most of the phone spam I'm aware of is coming from VoIP connections and the reason there's so much of it is it's extremely cheap.
1) Emails are decentralized and the telephone network is much less so. It's controlled by a relatively small number of companies. I can't run my own server and connect it to the VoIP network and start sending packets. The major companies can all agree to ban caller ID spoofing and block any carriers that allow it to happen, or at least block any of them for domestic numbers. But they don't.
2) We actually have kinda solved the caller ID problem with email. We have SPF and message signing and the Telco industry seems to be dragging their feet to implement equivalent caller ID verification technology. Imagine if you could block a spam caller and report their endpoint on the telephone network. They'd at least have to purchase a new number each time this happens, rather than just impersonating as they do now.
> Emails are decentralized and the telephone network is much less so. It's controlled by a relatively small number of companies
E-mail is largely controlled by a small number of companies. The vast majority of people use Microsoft, Google or Yahoo Mail. The reasons it's not centralized is the same as with phone numbers - interoperability.
As you note, all the major e-mail providers already implement SPF and DKIM which is more advanced than anything the carriers are talking about implementing. Spam remains a problem. I think spammers will evolve the same techniques of attacking and taking over "valid" endpoints and routing traffic through them as they do with e-mail today. Of course, this is a good thing. It raises the expense and risks associated with spam phone calls. Still, I think the claim that any technical measures will stop these calls is unhelpful hyperbole.
Ultimately the only way to actually stop these is to starve these services for funds which will be lobbied against heavily by large players who rely on these services (knowingly or unknowingly) to drive sales.
Is email truly decentralized? Roll your own and you'll encounter issues with deliver ability just from being new in the market. Large providers manage their own block lists and prevent some messages from some ips being delivered at all. This is a practice that shuts down decentralization and creates an oligopoly, although I agree it isn't as severe as the tele situation.
There are ways to enter the VoIP market by purchasing trunk access but iirc that's still controlled by a few big players.
Another difference is that email in your junk folder still contains the information. Blocking a spam call means no information gets stored.
As a person who runs an email server, I have to jump through several different hoops to prove that the e-mail that I sent from my e-mail server comes from my e-mail server.
This isn't the case for phone calls. Any phone call originating from anywhere on the planet, from any network, from ... literally fucking anywhere can claim to have originated from any random phone number.
If I own the DNS name foobarr.com, and foobarr.com points to my IP address, 1.2.3.4, and my IP address 1.2.3.4 opens a connection to another SMTP server, and claims to be coming from the domain foobarr.com and the source IP address of the connection is 1.2.3.4, that still isn't fucking good enough. I need to do a cryptographic challenge (DKIM) that shows that it's the legitimate address. And SPF too, which I forgot how it works, but I need to pass SPF also.
With phone calls... the calling number just claims to be from 1-800-555-1234, and the carrier is like "ok cool, we'll send you right through" with ... no verification. At all. It just.... goes through.
The comparable situation with phones is that a home IP address with no DNS server attached to it connects to a random SMTP server and claims that its originating e-mail address is joe.biden@whitehouse.gov and the the SMTP server is simply expected to deliver the email. It is the dumbest of all possible systems.
