[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

Subject: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
From: eric-list at truenet.com (Eric Tykwinski)
Date: Sat, 7 Mar 2020 21:22:32 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

Totally agree with you there, I run a mail server/monitoring server on OVH.  With TLSA records, DKIM, and MTA-STS, Iâ??ll still see junk filters on it if I accidentally email someone other than myself.  Yes my space has been SWIPâ??d and I send so low email volume so itâ??s reputation would be neutral at best which very much justifies the spam filters due to OVHâ??s reputation.  Somehow I donâ??t think SHAKEN/STIR would be any different.

I wonder how far this would go on VoIP transit.  I purchase from voicetel.com <http://voicetel.com/> for my house, which purchases from some other providers, which probably aggregates to others.  It doesnâ??t seem like this is quite as easy as looking up a whois from ARIN.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 7, 2020, at 7:46 PM, John R. Levine <johnl at iecc.com> wrote:
> 
>> Most DNS registers avoid verifying customer information as long as the payment clears (for a short time).  DKIM (and DNSSEC) is built on top of trusting tokens from third-parties which disclaim all liability.
> 
> Right.  The only promise that DKIM makes is that if you have a stream of mail signed by the same domain, you can praise or blame the same entity for it.  It's a handle that recipient systems can use to build a reputation system, not a whitelist.  DKIM has worked this way since 2006, the documentation is entirely clear that's what it does, and I'm kind of surprised you haven't gotten the memo.
> 
>> Phone companies and advertisers have already demonstrated they can't be trusted to act as third-party introducers.
> 
> No kidding.  I've talked to people at big telcos who are in the middle of STIR/SHAKEN and they tell me they plan to use it pretty much the same way that mail providers use DKIM.  Some senders will have a good reputation and their calls will be delivered, some won't, and not so much. As with mail, it also provides a handle to push back on people sending unwanted junk.
> 
>> Eventually we'll have STE/STU-equivalent end-to-end verification on our smartphones.
> 
> That's known not to work for e-mail spam, so I can't imagine why anyone would expect it to work for phone calls.
> 
> Regards,
> John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200307/fd3e9663/attachment.html>

References:
- Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
  - From: johnl at iecc.com (John Levine)
- Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
  - From: sean at donelan.com (Sean Donelan)
- Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
  - From: johnl at iecc.com (John R. Levine)

Prev by Date: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
Next by Date: Anyone from Verisign J root on the list?
Previous by thread: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
Next by thread: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
Index(es):
- Date
- Thread