Is there a decent csv file out there that has a recent list of common spam numbers, that one could import into the Blacklist in Freepbx?
Meaningless for the most part. Spam calls are usually created with a new CID for each call.
3 Likes
man, that sucks 
We have had one customer get spam calls from their own cell phone to their own cell phone! Spam calls are getting too crazy and we need number verification like we do with DNS.
2 Likes
I wouldnât hold my breath on any sort of ânumber verificationâ service like DNS. Iâm not sure what it would actually verify or do. Even if the number comes back âvalidâ there is nothing to show that the person on the other end of that call is a valid user of that number or a spam caller. The closest youâre going to get is a blacklist service like SPAMCop, etc. Which would be a database holding CallerIDâs of known spam calls. That database could be dipped into or just like the op was requests, dump a csv file for local importing.
However, unlike email SPAM you wonât be able to have things like SPF records which tell SMTP servers doing lookups âEmail from this domain can only come from these IPsâ since all your incoming calls come for a trusted IP, your provider. Even with looking up to see if the number is âassignedâ can cause false positives. The number can show assigned by the upstream carrier of record because itâs assigned to me but then I could just have it in stock or I could assign it to another person or even provider, who in turn assigns it or not.
There are things that could be verified like if the CallerID format matches a specific format. Some send all 0âs or all the same digit. Some will send a valid area code but then a invalid format (zeroâs where there shouldnât be zeroâs, etc) or valid the length because sometimes itâs under 10 digits or even 7 and you know that isnât right. Outside of that, it would be hard to verify a number.
The other thing you have to keep in mind is that outbound call centers will get real numbers in the ares they are calling because they either want to be called back OR they are skirting as much legal gray area as possible. Sure they are robo calling you but itâs their number, canât slam them for fraud or misrepresentation.
@mike366 I would look a little more. There are tons of âbogonâ lists for bad IPs, domains, etc. Iâm sure someone has one for bad CallerIDâs. It might not be a commercial service or offering it might just be someone that complied it and shared it somewhere on the Internet.
Hereâs one, but itâs a massive list each day:
1 Like
⌠except that the spammers that are calling me (mostly to help forgive my student loans from the 1970s) are all now using real caller ID numbers of real people. Many of these people are just as annoyed about this as we are.
Cold calling is going to go the way of anonymous forwarding email server. I have thought about sending all calls that come to my numbers to an IVR that checks to make sure I know who people are. Anyone with a ânew phoneâ will have to jump through the hoops.
And thatâs why there are services and features like âPrivacy Managerâ in FreePBX, exactly for that.
[quote=âcynjut, post:7, topic:51379, full:trueâ] I have thought about sending all calls that come to my numbers to an IVR that checks to make sure I know who people are. Anyone with a ânew phoneâ will have to jump through the hoops.
[/quote]
We just have all of our main TNs come thru a simple IVR at a minimum and screening enabled for any TNs that get frequented. Kicks almost all of the robocalls. Also have a block for restricted and anonymous that black holes them to ânever gonna give you upâ in a loop.
Having personally played with the govâs "do not call list " over a couple of years, I will make some observations, the full list is now approaching 300000 , BUT the real calls you get are almost always spoofed, and any number of legitimate businesses including Amazon and Fedex and the some USPS numbers are on that list.
The apparent old lady in Wheeling West Virginia who called is not the one trying to sell you Viagra or insurance. . .
Filing a complaint gets you nowhere . . .
You canât stop Religious/Political/nor any party you do business with . . . .
Many robo-callers are bots, merely answering the call with voice is only when you get bridged to an agent on the caller side, answering and not speaking will get a hangup after a few seconds . One somewhat effective solution here worth exploring might be is sending unknown calls to a context that detects speech in the first few seconds (human generated calls) , asteriskâs amd() (answering machine detection) is a possibility, which will exit gracefully if a human is detected. Yes it is designed for outbound calls but the logic is the same for any call. If speech is detected, carry-on carrying-on
Many other spam calls are well constructed and sound like a real person (thatâs often called âhuman engineeringâ which I believe it was invented by a Nigerian Diplomat) , the trick here is you say something, anything , real people tend to stop speaking then and listen to you, if they donât then there is a fair chance it is either your mother-in-law or a bot. either way I would hang-up at that decision point.
Your on to something here. Just not sure AMD is accurate enough for it. At Sangoma we have a product we use to sell called Lyra which was a great CPA (Call Process Analizer) that companies like Genesis used for along time among others. Maybe time to look at bringing it back for a service offering like this.
Yes AMD is hit or miss but the fundamentals it uses are pertinent.
(I analyzed my CPA before he absconded to Andorra with my money , once bitten . . 
)
1 Like
Yes, Please!
Itâs coming. The protocols are called âshakenâ and âstirredâ. The system will use public/private key signatures to authenticate caller id. Once this is adopted by the phone networks, spoofing (and robocalling) will be ended once and for all.
1 Like
Haha! I canât wait till the Protocol McProtocolface gets released and adopted. I predict that by the end of the century we will be teaching people how to learn IT using only meme style names. Java already started brewing it with their Java beans.
Posting this from within Linux Mint using Cinnamon with spices
3 Likes
No offense to this forum, but welcome to VoIP. Anyone using FreePBX with a little bit of code-slinging-fu can modify the CID to match the first 6 digits of the number dialed, then pick any 4 except the number dialed & present that as CallerID. Or pick any CID you like & send that.
Maybe the VoIP providers could step up & filter these sorts of shenanigans. I canât see where anyone else in the chain would be able to.
Hereâs what works for me: My cellphone is configured to call out the incoming call information. It will say âCall fromâ and then if the number is in my Contacts it will call out the name & which phone (home, work, etc.) and if not in Contacts it will just read off the number. When a call comes in, if it starts calling out numbers, I ignore it. All I have to do is make sure anyone I want to talk to is in my Contacts & Bobâs yer uncle. PS: I disabled voicemail too, so Iâve got that going for me.
Iâm not sure what that is supposed to mean. It being VoIP has nothing to do with CallerID Spoofing or incorrect CallerID. If I set my CallerID to show âBlaze Studios <3135551212>â for example and then I call a Verizon number it is now up to Verizon to either honor what I presented as the CallerID or they will do their own CNAM lookup against 3135551212 and if what I have in the CNAM database is âBlaze Voiceâ then the Verizon user is going to see âBlaze Voice <3135551212>â because thatâs what Verizon is going to present. However, the next carrier I call (letâs say ATT) may very well honor what I present as the CallerID so the user will see âBlaze Studios <3135551212>â.
Now even though the carrier may or may not have accepted my presented CallerID, it doesnât matter because now the local device, be it your cell phone, another type of phone or a PBX may use their local âPhonebooks/Contacts Listsâ to change the CallerID Name to whatever is in the phonebook/contacts database locally. So at this point it doesnât matter what CallerID was honored by the carrier as the local user is now overriding it when it gets to their device.
Then there is the fact that many ITSPâs and carriers offer CallerID Name as an additional service for their DIDs. Some people make not even have CallerID Name enabled on their account so that means not only is the presented CallerID stripped by the destination carrier, they donât do a CNAM Lookup either. At best you might get âDetroit MIâ or some other generic name or perhaps no names at all just numbers. Again though, the local device (PBX/cell phone) contactâs list will still present the locally stored name that is saved for the number.
The only thing an IP PBX (like FreePBX) vs a Legacy PBX does different with CallerID is that a Legacy PBX 99% relies on the carrier to provide them with CallerID and 1% on a local contact lists (as many donât support such a feature). However, with something like FreePBX you can run HTTP/cURL or other IP/web based requests to pull CallerID from numerous sources overriding what the carrier has presented.
So in the context of this conversation and topic itâs not âWelcome to VoIPâ itâs âWelcome to Telephonyâ because CallerID spoofing is not a VoIP only issue. Itâs an issue that has existed since before VoIP.
1 Like
Not trying to pick a fight, but you are apparently looking at this from the receiving end more than as a sender. I was referring to the difference between your telco provider sending the number theyâve assigned to you on a PRI, vs. VoIP sending whatever number you enter in (e.g.) FreePBX. Once the callee receives the number, yes, their cellphone pulls details from Contacts or their carrier pushes the name thatâs associated with the incoming number; but the VoIP CallerID number thatâs sent can be altered by many ways at the point of origin, NOT at the carrierâs switching station.
We went through this at the Call Center; where we were getting a lot of missed calls. Turns out, people would move (e.g.) from Indiana to Florida & keep their old cellphone numbers. Our FreePBX sets outbound CallerID by the Area Code, to present the main office number for that State (because a lot of people dodge toll-free calls too). When the called Area Code is not from a state we serve, we just present the main office number â which was NOT in the state being called. So our customers would see what (to them) looked like an out-of-state call & dodge it, missing important communications in the process of delivering their Service to them. Then theyâd complain that ânobody called meâ. So thatâs how I found out how easy it is to send whatever CallerID I want on VoIP. When I worked on âLegacy PBXâ systems (mostly Nortel & Avaya) and POTS, this issue never came up.
Iâd like to hear how a Legacy PBX on a PRI can spoof CallerID, though. Iâve never even thought much about it until I had to fix it here.
Sure. Hereâs a device that does it over copper lines.
I had a Capân Crunch whistle too.
Boxing the phones is great fun, but I still say itâs way easier in VoIP.