SPITing in your general direction
December 8th, 2007 by RJ AuburnOne of the livelier sessions at the IETF meeting in Vancouver, BC was the segment having to do with SPIT. No I am not talking about what comes out of your mouth but rather the internet telephony version of SPAM. While it’s not a big problem yet, folks in the industry are indeed concerned about it and how to prevent it before it gets to be one.
The problem (or really the good news in this case) is that for the most part SPIT does not really exist yet in the wild. This being the case however we really don’t yet know what it looks like or how to detect it.
Currently some of the work is going into figuring out what SIP header we would transmit SPIT information to clients in. The problem is that at this point I don’t think that it’s clear that we know what SPIT scores need to look like. Is a simple number from 1-100 the right way to measure this? Or do we need a more complex way of delivering multiple scores and information to explain to the user agent what the SPIT detectors have discovered.
All of this however does not yet touch on the MUCH bigger problem of how to detect SPIT. As with e-mail the problem is that much depends on the context and permissions involved in the actual message. You can not simply decide that something is SPIT based on the fact that they place a lot of calls in a short amount of time (as I have heard suggested by some people). An example of a use-case where this does not work is emergency outbound notification. For systems like this platforms NEED to be able to place very large numbers of phone calls in a short amount of time. While some might say that white listing can help with some of these cases I think e-mail has shown that for this most part this does not not work. I don’t want to miss a call telling me that something horrible when on at my child school because I forgot to enter my school’s phone number into my office PBX.
Anyway there is still much work to be done in the space and there are sure to be many more heated discussions at the IETF and elsewhere on this subject.
Related posts:
- Can legitimate SIP traffic be mistaken as SPIT? (voice spam)
- RUCUS web page changed to a new URL
- What is a “P-header” in SIP? (and why/how would you use one?)
- P-Charge-Info and incredible disconnect between PSTN billing and the new world of SIP
- Voxeo’s VoiceObjects acquisition further promotes the open standard of VoiceXML
If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.
RSS Feed
December 10th, 2007 at 3:54 pm
RJ,
And this post is a great example of why “SPIT” gets so much play in the media… with what other topic can you create such a great headline?
I’ll note to readers that the particular draft presented by Dan Wing can be found at:
https://datatracker.ietf.org/drafts/draft-wing-sipping-spam-score/
The slides that Dan Wing presented can be found at:
http://www3.ietf.org/proceedings/07dec/slides/sipping-4.ppt
In the discussion within the SIPPING meeting, it was clear that there was not support at the moment for this specific proposal. I do hope, though, that the IETF can come up with a plan for at least specifying the header to be used. No such effort was done in the email world and as a result each different email anti-spam tool uses its own headers and this makes enabling support in email clients a royal pain in the neck. We’ll see.