Proposed rules and initiatives to combat robotexts
The FCC sought comment on proposed rules to prevent illegal robotexts. This article reviews the comments received and proposed initiatives.
Robotext problem
The robotext problem is described in the FCC’s Notice of Proposed Rulemaking (NPR) and in the FCC Consumer Advisory Committee’s Report on the State of Text Messaging.
- Text messages have a higher open rate (98%) and response rate (45%) than emails (20% and 6%, respectively).
- Consumers prefer texting over voice calling nearly 2 to 1. Nearly half of all consumers text daily, more than they use any other communications medium, including voice calls or email.
- This makes robotexts an attractive fraud tactic for scammers. In 2020, scammers stole over $86 million through spam texting fraud schemes. The median amount stolen from consumers was $800.
FCC proposed rules
In their NPR, the Commission proposed mandatory blocking of texts purporting to be from invalid, unallocated, or unused numbers or numbers on a reasonable Do-Not-Originate (DNO) list.
The NPR also asked if spoofing is a problem and whether call authentication (STIR/SHAKEN) should be used to authenticate the texting source.
Spoofing in voice calls versus spoofing in text messages
Some commenters pointed out that there was confusion over the term spoofing. ATIS-1000081, Robocalling and Communication ID Spoofing, says “SMS spam is where spoofed or illicit messages are sent to subscribers.”
In robocalls, however, spoofing is when a robocaller puts another phone number in the calling number caller ID information.
In robotexts, as described in ATIS-1000081, spoofing is when a robotexter sends a text message that impersonates another entity or organization. However, SMS technology does not enable to robotexter to put another phone number in the calling number information.
These different interpretations of “spoofing” may have caused some confusion in the NPR. Several organizations clarified the issue in their comments.
Comments
Almost 60 comments and reply comments were filed in response to the NPR. We won’t review all of them, but here are the recurring themes:
- Messaging infrastructure is different from voice calls infrastructure.
- In voice calls, it is possible to spoof the calling number.
- In text messaging, whether SMS, MMS, or RCS, the messaging system has anti-spoofing measures in place. There is no spoofing of the originating number.
- Therefore, there is no spoofing problem to fix. STIR/SHAKEN is unnecessary.
- As noted above, what ATIS-1000081 calls “spoofing” is impersonation. The source of the text message is known and is not spoofed. The message itself, however, makes the recipient believe that the message came from someone else.
- Therefore, blocking invalid, unused and DNO numbers would not benefit consumers. Text messages are not sent from such numbers.
- Carriers should be supported in their ongoing efforts to combat unlawful text messages with tactics that are well-suited to the job. These efforts include:
- Enhanced information sharing
- Enforcement of existing rules
- Consumer education
- Supporting industry efforts, such as CTIA’s Messaging Security Best Practices
Initiatives
The NPR indicates that “STIR/SHAKEN standards[…] do not currently support text messages, although work on standards for text messages is underway.” They cite an IETF draft, Messaging Use Cases and Extensions for STIR. This draft specification describes how a PASSporT mechanism could be applied to text and multimedia messaging systems that use telephone numbers as the identity of the sender.
It isn’t clear if there is a need for this solution in the U.S. text messaging ecosystem, however, as origination number spoofing is not an issue.
There is also an initiative underway in the ATIS IPNNI group to develop a technical report on the SMS Unwanted Message Mitigation Landscape. This initiative is just now getting underway. The first draft of the technical report indicates that it is
“intended to document the current landscape of unwanted text delivery techniques and service provider countermeasures to serve as a basis for future discussion. While it describes perceived gaps It does not attempt to design new mitigation solutions.”
At first, the intended scope of this technical report may seem disappointing. Let’s design some solutions! We think this will be a good start, though. It will be useful to understand the problem more thoroughly before proposing solutions that might miss the mark.
TransNexus solutions
TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.
Contact us today to learn more.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy