On 23/09/2021 14:49, David Woolley wrote:
> On 23/09/2021 11:43, Someone Somewhere wrote:
>> On 23/09/2021 00:43, David Woolley wrote:
>>> On 22/09/2021 21:40, Richmond wrote:
>>>> "Can the sender SMS sender ID be spoofed?
>>>
>>> My understanding is that the use of alphabetic IDs is controlled, in
>>> the UK.
>>
>> I'd suggest your understanding it wrong - particularly as unless you
>> look very carefully any message can be originated from any SMSC in the
>> world where there are no such controls (and it would be impossible to
>> e.g. firewall filter them as who would be the arbiter of whether a
>> message had a legitimate alphanumeric identifier of e.g. the Norwegian
>> Horticultural Society?)
>
> Whilst a quick search failed to confirm the situation for the UK, it did
> reveal that a very large number of countries either block such messages
> completely at the border, or invalidate the sender ID, by changing the
> alphanumeric id to a, dummy, numeric one. For example, see
> <
https://support.textmagic.com/article/number-filtering-restrictions/>.
> There are many similar articles.
>
And this is UK.telecom.mobile, so I was talking from that perspective.
Any one operator can decide to start filtering anything they like, but
there just isn't the data in the messages to tell whether it is faked or
not, and I'd argue that some filtering which gives a level of false
trust is worse than no filtering at all (when at least you can tell
people to not trust anything). For example, even with alphanumeric
filtering, how do you know that the number provided is the real one and
not some nefarious individual putting in the number of the local
hospital or whatever? There is also the contracts that e.g. textmagic
have signed up to vs what someone with true unfettered access can achieve.
> Although it looks like the UK is procrastinating on STIR/SHAKEN (I think
> it doesn't want to do SHAKEN, so is waiting till everything is IP),
> there is a lot of political pressure on it with regard to caller ID
> spoofing. From the flood of questions from people confused by SHAKEN
> markings on voice caller IDs is the States, the introduction of both
> seems to be well underway in there.
And that's because we still have POTS and I'm not sure even on mobile
whether VOLTE is in the majority yet and even if it was 90%+ you still
have the long tail legacy of those using SS7 (although I suspect no one
is using true SS7 anymore) type connections.