by June 2, 2005 0 comments

Spam on VoIP is called SPIT (SPam over Internet Telephony).Everyone gets spam, especially if he/she has an e-mail address.While we’re still fighting e-mail spam, it’s threatening us on VoIP too. Spam is quite possible over voice circuits, especially the VoIP ones, and it can be just as menacing as that over e-mail. And the reason for this is because it uses the same TCP/IP for transport. 

In fact, the annual cost to companies around the world for just fighting spam was as high as Rs 45 Bn in 2003 and this is
expected to rise to Rs 765 Bn this year. 
Besides huge financial loss, companies also have to put up with loss of productivity and increased costs of support on their IT desks. Since the IT desk would need to intervene in tracking and blocking such spam on your coporate networks. This cost will only go up once spam becomes prevalent over VoIP if not controlled in time. Let’s look at this threat a little more closely. 

How would it work?
Voice based spam has already become common today, although limited to PSTN networks. Remember the calls that offer a new credit card, or ask you to renew your car insurance, or offer a bank loan? It’s all spam, and they come at the worst possible time -like when you’re in an important meeting. While we have enough of this spam, imagine if all that forwards, chain mail and jokes you get over e-mail also started coming to you over the phone. With VoIP, it’s quite possible, because it’s using the same standard TCP/IP network as the data traffic. It’s just that the termination point for your regular spam is a mail client, while for voice it’s a VoIP phone or softphone (software VoIP phones). 


Applies to: VoIP users

USP: How will VoIP spam get generated and the preventive measures to tackle it

Primary Link:

Google keywords: VoIP Spam 

Moreover, voice spamming over VoIP is easier than traditional PSTN networks, because now you can just store a standard voice message on a server somewhere, and keep forwarding it to different VoIP extensions from time to time. Or perhaps a voice message comes hidden inside a trojan as an e-mail attachment and starts spreading over your VoIP network — because they share the same network. You would lose a lot of time and money simply tracking them.

There are other reasons why VoIP spam is more dangerous than voice spam over PSTN networks. For instance, current methods of spamming on your PSTN network are very costly and risky. Simply speaking, no one would bother to call up to spam you, from US or Canada, or even from a far away city in the same country — the costs are far too prohibitive. Plus, your call is traceable using tools available with both the PSTN provider as well as law-enforcement agencies, quickly. This makes the proposition attractive only for telemarketers in your local vicinity. In many countries including India, PSTN and cellular spam is even illegal. But the same does not hold true when you talk about VoIP, because now the call can originate from anywhere on the globe and even if they talk for an hour the cost to the spammer is a mere fraction of the same call through a PSTN line. And even if you manage to track down the spammer, you would still need to use international bureaucratic channels before you could do something about it.

Is prevention possible?
One of the biggest challenges in dealing with voice spam is that it is next to impossible to get automated software to analyze and filter out voice data in real time unlike with text data. Accents, languages and purpose behind a voice-message are far more complicated to decode (for software) than it is to guess the purpose of a text message. 

However, some of the techniques developed to combat e-mail spam can be applied to VoIP as well-such as the DomainKeys, Sender ID (New Techniques to Fight Spam , page 20, PCQuest, November 2004,) and IBM’s recent FairUCE technologies. These techniques work by comparing the sender of the message with lists of people who can or cannot send such a message and then deciding if it was spam or not. Since VoIP data travels over TCP/IP packets (just like e-mail), the same techniques can be easily adapted to combat voice spam as well. People in the US/UK would be able to use their DNC (Do Not Call) registries to rid themselves of this menace early. 

Prevention techniques
How exactly do you police voice traffic? One way would be to have a limitation on the number of voice connections that a certain voice gateway is allowed to make in a given time interval (say, a day). Similar techniques are already in vogue for Internet usage, where an ISP would place a bandwidth limit on your account. This would at least limit the amount of spam, though not eliminate it. 

IP Filtering
Like we said earlier, a VoIP connection mandates a valid Internet connection and hence an IP address. Filtering of this IP
address using well-known black or white lists could alleviate the problem. But if the caller is on a connection with a non-static IP address, this becomes ineffective as well. 

VoIP protocols and specifications like the H.323 (including its.450.x extensions) and SIP have been designed to support
authentication mechanisms that demand that the sender of messages authenticate and authorize themselves before they send a message. Making it mandatory for spammers to identify themselves would work the same way with voice messaging as it does with e-mail today .

Unlike with e-mail where the sender need not be online when the recipient reads the message, VoIP senders must be online while the call is in progress. This makes it easy to use filtering techniques against them.

Equipment required for VoIP
  • What is VoIP? Who is it meant for?
    VoIP or Voice over IP refers to the transmission of voice signals (as in telephone
    calls) over TCP/IP networks, like the Internet. This reduces the costs associated with its transmission since a TCP/IP network is far cheaper to set up compared to a traditional PSTN one.

  • What changes do I need in my infrastructure to use VoIP?
    For one, you would no longer need to use your PSTN connection to make voice calls. Instead, you would purchase a VoIP phone (also called an IP Phone) unit. For corporate setups where you would use EPBAX networks, ‘voice gateways’ are available that provide you similar functionality. All these equipment ultimately plugin to your Ethernet/Internet network to transmit the call out of your premises. IP phones need not be hardware only, software IP phones (softphones) are also available.

  • What about functionality vis-à-vis a PSTN/EPBAX network?
    All traditional features of a PSTN or EPBAX network are available on VoIP circuits as well. Call forwarding, call waiting, multiple lines, voice-mail, answering machine and so on, are the software (that run the network) features and are available on VoIP as well.

  • Is it easier to use VoIP?
    Yes. If you use hardware IP phones, the interface is similar to your regular PSTN units, perhaps with added functionality (such as LCD displays and video conferencing). On software phones, all features are laid out on on-screen GUI anyways, thus, making it easy-to-use.

One last viable method is challenge/response authorization. In this case when someone rings your VoIP phone, the software at your end could require a series of inputs (like a numeric password) to be entered. Only on valid authorization, the call would be allowed to complete. 

Unlike with e-mail where automated messages from ‘no-reply’ dead-boxes (where the sender’s e-mail ID is faked to eliminate replies) would never see the challenge messages and, thus, cannot respond to them, a VoIP call remains active till disconnected and so this could catch out spammers big time. However, for business users or regular users of voice messaging, this may soon become an irritant, causing them to abandon the service

Therefore, in the short-term, we predict blacklists and IP-filtering methods from e-mail spam fighting to jump in to keep our voice networks clean. Later, challenge/response and other complicated mechanisms may find their way in, depending on how effective the existing methods prove to be, to keep humans from talking to humans.

Sujay V Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.