I totally forgot that one of my friends now lives in Georgia. He sent
me an email saying he tried to call me, and I called him back.
I told him his area code, 678, sounded like it was a spammer or
foreign country and he said he felt the same way.
On 11/30/2015 7:04 PM, firstname.lastname@example.org wrote:
If it's a legit company, it honors the DNC. Legit companies don't call
you if you're on the list. Therefore, the DNC list works as designed -
it keeps you from being hassled by legit and reputable companies
selling real products and services.
Some companies are legit, but not reputable. Since they have no
reputation to damage, they ignore the DNC and solicit business over
the phone. These are most often little local companies desperate for
business. Don't do business with them - report them, because they're
violating the DNC and the gov't can do something about them.
Criminals BY DEFINITION break laws. If the lawbreaker is located
within the US *and* used their actual ID/phone number (for example, a
small local business as noted above) they can be located and action
taken. Problem is, most of the scammers are located outside of the US,
and our laws only apply within our borders. Plus, the vast majority of
scammers use fake phone number/Caller ID information. The Caller ID
might say its from Acme Tools in Peoria, but odds are it is actually
coming from Achmed in Hyderabad. And since Achmed's in India, he has
no worries about being arrested for running phone scams involving
overseas victims, and thus no motivation to stop.
Again: the DNC is a tool used by consumers and US companies to
determine who is willing to accept phone solicitations from US
companies, and who is not. Phone scammers pay no more heed to it than
burglars do to laws against burglary.
Quite right. The DNC list is and has always been limited in scope and
effectiveness. To call it "moot" as if it suddenly went bad is to
misunderstand it. It works about as well now as it ever did. The
difference is that there are lots and lots of bad guys who know they
can ignore it with impunity.
After I first signed up for the DNC, the number of sales calls from
legit companies really did decline drastically. Some years later I
suddenly started receiving more calls, and then discovered I had
somehow fallen off the list. I signed up again and the calls again
abated. Nowadays the only calls I get that should be covered by the DNC
are from some shady local chimney sweep who calls me once or twice a
year, even though I have no chimney. Otherwise, nearly all other non-
personal calls are from scamming robocallers who would never have
respected the DNC anyway.
I think you miss my point. The guy who Does-Not-Care would never have
cared. The DNC List would never have have worked against him, even on
Day 1. The list was never expected to prevent all unwanted calls, even
though that's what most people want to believe.
That is a pretty funny response, though. I bet you're not the first
person he used it on.
Exactly. There are really only two blacklisting criteria that
can be reliably applied:
- block any incoming call that lists YOUR number as that of the caller
(this is obviously bogus!)
- block any call that fails to provide a CID
In either of these cases, the phone shouldn't even RING -- you know you
don't want to answer it!
(Many TPC's will sell you the latter service for a monthly fee)
Given that a caller can (not legally, in the US) spoof CID to report
*anything* they select (e.g., your own phone number), blacklisting
anything other than the cases above just leaves you playing wack-a-mole:
they "get through" using the CID of "XXXX", you blacklist "XXXX";
they change to using "YYYY" and get past your blacklist, you add "YYYY"
to the blacklist; etc. ad nauseum!
This leaves you with whitelisting as the only viable option.
But, an unconditional whitelist suffers from the same spoofing problem.
They can spoof the local hospital, some doctor's office "nearby", etc.
They don't have to know YOUR doctor's number... or, that of your
friends, etc. (of course, google already knows all of those if you
use google phone! ditto with TPC and who knows what other sources!)
And, unconditional whitelisting won't work if someone from whom you
would *accept* an incoming call happens to be calling from a phone
other than the one you expect them to be using. Or, if someone
calls ON THEIR BEHALF ("Your wife is in the doctor's office with your
son -- he's had an accident -- and she wanted me to call you...")
You need an authentication mechanism that doesn't rely on anything that
you can't control (CID being one of the things that you can't control!).
You also need for it to be personal to the people you want to hear from.
And, not inconvenience them -- much.
E.g., your MD's office may call with results of a test -- or to
reschedule an appointment. You have no control over who will be
calling (lots of "help" behind the desk!) nor the phone number
from which the call will originate. Likewise, a friend you bumped
into the night before -- after a long absence. A clerk from a
retailer can call to tell you that your order has arrived. The
pizza delivery guy can call claiming he can't locate your home.
I.e., it's not a trivial problem to solve. And, whatever you do
risks annoying callers that you *do* want to receive!
Forget legality. How is it technically possible to spoof? I thought it was
all done by the telco equipment.
If it's simply a matter of it being easy for foreigners, I suppose a
possible solution would be to block calls from outside the US & Canada. (I
put US & Canada together not for legal similarity, but because they use the
same 'International Country Code'.)
Then we can use the adaptive spammer technique I saw on the news the other
night. I can't remember the telco, but one of the cell carriers offers a
phone app that lets you 'flag' callers as spammers, and you can set your
answering prefs to reject callers with a reported spam call rate above a
Nope. Set up an asterisk VoIP server and you, too, can spoof The White House,
Joe's Pizzeria, your wife's suspected lover, etc.
You can even spoof "call waiting" calls using cheap, COTS gear (I could
write an app for your smartphone that would generate the required tones).
But, this requires an accomplice and some ignorance on the part of the
calling party (IME, ignorance is one thing we always have PLENTY of!)
That's blacklisting. Won't work. They can call back half a second later
using a DIFFERENT spoofed phone number.
I think you meant ignorance on the part of the "called party" vs "calling
party". In any case, is there no 'chain of references/trust' (not sure of
the technical term) between service providers? Would not the number
displayed be that of the phone line rented by the people running the
I just looked up the term and found the Wiki entry:
It occurs to me that this sort of software would make the perfect
'intelligent' answering machine:
You are not on the caller's whitelist of passthrough numbers. To
demonstrate that you are a legitimate caller, please choose one of the
- Press 1 if you are a family member ... To verify, type in the name of the
dog we had to put down because he wouldn't stop humping the furniture.
- Press 2 if you are a work colleague ... Enter the numerical part of the
street address at work to verify ... Press "1" to confirm your offer of a
minimum 4 hours at overtime rates. Please note that this is just to listen
to your message.
- Press 3 if you are an old college friend ... To verify, type in the name
of the crazy bitch who cost me the second semester.
What if "that *sshole from accounting" calls (and you DON'T want to EVER
talk to him/her)? How do you keep that "secret" from him/her?
If you assign a "password" (or, a unique password for each caller!), then
you are imposing on the caller to keep track of this JUST to talk to
you. Imagine everyone had a system like that. Now youhave to keep
track of different passwords for different "callee's"?
Ha! Trick question!! It *wasn't* the second semester. It was the summer
between Junior and Senior years!
And, by the way, I married her! (oops!) I always wondered why she
wanted to name the first-born "Michael"...
My scheme is to use multiple data to build an authenticator, depending
on the "level of access" desired.
E.g., if *I* phone the house, I want to be able to open the garage door,
turn off the alarm, turn the heat up, etc. from the other end of the phone.
If SWMBO calls and I don't pick up, she might speculate that I'm in the
garage or out in the yard and didn't hear the phone ANNOUNCE herself
to me. So, she might ask to be routed to the PA in the back yard so
she can "page" me, there: "Don? Are you there?"
If a (trusted) neighbor calls while we're away from home having noticed
that we left the garage door open, she should be able to command it
closed (though, perhaps, never command it *open*!)
OTOH, if *you* phone the house, I *may* let you leave a message ;-)
Or, may tell you to get stuffed!
To that end, I look at a lot of different "indicators" and use them in
concert to decide who you (the caller) are.
Is the call reporting a CID identifier? If so, what is it?
What *time* is it? (I wouldn't expect a call from a client at 3AM! Even
if the CID *suggests* that's who it is)
What is the voice characterization ("voice print") of the caller? Who
does it most closely match -- if anyone? And, how closely does it
*actually* match? (how likely is it that this is really the voice
I think it is)
What is the caller saying? E.g., I would expect the neighbor across the
street to say something like, "Hi, Don, this is Janie..." and not
"This is Wally's Wacky World of Wool!" (Janie would KNOW to use her
name in her greeting and would know that a machine was checking for
this -- in addition to her CID)
What is the caller *requesting*? E.g., "Turn off the alarm system"
would require additional authentication. This can be done using
a scheme like S/Key (one-time, disposable passwords that the caller
and the system know -- and track in synchrony; when I use PassWordOne,
it becomes invalid and PassWordTwo is activated) which can be spoken
or numeric (DTMF) entry. Or, it could be simply a prompted exchange:
"Please say 'Peter Piper Picked a Peck of Pickled Petunias'".
So, if an adversary (not just a telemarketer that I have to worry about)
had RECORDED my voice speaking *a* password, that password/phrase
would be useless -- he'd have no way of knowing what the machine would
require him to say (using MY voice pattern!).
All of this is implemented in an "expert system" (basically, just a
list of rules that say, "if this, then that, otherwise try this...
and, if that works, DO whatever").
Then, the "whatevers" translate into actions with which I may or may not
interact. E.g., if "whatever" is "take a message, note the time, date
and your idea as to the identity of the caller", then I can later
peruse those messages and decide which ones are of interest and which
are NO LONGER worth my time.
Based on how *I* respond to these "whatevers", the system modifies the
list of rules to reflect my preferences (as conveyed by my ACTIONS!).
E.g., if I always ignore/erase messages from Bob, then why should the
machine keep *taking* messages from Bob? It should, instead, tweek
the rules (expert system) to learn that I'm not interested in anything
Bob has to say and set the "whatever" for "Bob" to be "discard the call".
[I can have the machine do that "with prejudice" (hang up on him) or
politely (give him the illusion that it's taking a message... then
delete the message automatically so it never bothers "me" with the
fact that Bob called -- AGAIN!]
Likewise, if the "whatever" for Penny is "tell Don she's on the phone"
and I *ALWAYS* respond by saying "put her through!", then the machine
should rewrite the rules for her to be "put her through" instead of
just "announcing" her; i.e., save me that step of *telling* you to do
If you think about it, this is what a (good) secretary does, automatically.
Over time, they learn the desires/habits/patterns of the person that they
support and automatically implement them -- without having to be TOLD
("programmed" in machine-speak) to do so!
I don't have a clue about the "How" part, but I do know that my VOIP
provider obliges me by spoofing the CallerID on calls from my cell phone
and tablet when they to out over WiFi over VOIP so that the CallerID is
that of my home land line phone.
My best shot so far (not implemented - yet.....) is going over to 100%
VOIP and implementing a service available from my VOIP supplier that
will not let my phone ring until the caller responds to "Press 1 for
Sam, Press 2 for Sue...." and so-forth.
I had planned to supplement that with a WhiteList of people I know....
but your observation plus the fact that I've been getting junk calls on
my cell phone from the same exchange as my cell phone number seems to
call my little plan into question....
I think that, in the end, legitimate callers are going to be
inconvenienced, some legitimate calls are going to be missed, and some
so-called-legitimate robo calls are going to be missed.
But I would hope that my few frequent callers could learn to press that
single digit as soon as the spiel starts... And, if that turns out to be
the case, that might turn out to actually be *less* inconvenient that
sitting through my current answering machine message.
I'm getting close..... Reliability of 911 for persons other than myself
(who would have an alternate direct number on hand) is still the big
obstacle to me.
Of course, a *human* caller would just "pick a number" and get by...
We're (you vs. me) also probably looking at different goals. I
suspect you'd be happy with something that (just) works for *you*.
I, OTOH, am trying to come up with something that could be
reproduced and work well/easily for *others*.
E.g., if "Press 1 for..." became widespread, telemarketers would
just learn to "press 1" before their spiel -- just like they have learned
NOT to present their actual CID's ("Bob's World of Windows? No,
I don't think I'm interested in fielding that call...")
[I've thought about "good" screening algorithms for a long time. I.e.,
starting when folks still had rotary dials! ("How can I get them to
enter a numeric password if all they have is a rotary dial phone?")]
Any sort of credential has to be user-specific; you don't want a single
password because once its known, everyone knows it! Even folks you don't
want to get through.
You also want to be able to "revoke privileges" -- with or without
the caller knowing you've done so. I.e., if Bob used to always
be handled as "put him through to me" and you now want to route
his calls to voicemail (a friend used to telephone "to shoot the
breeze" when I was working; I learned not to answer her calls as
the only way of discouraging them!), you might want him to *think*
that you're "just not home" -- instead of KNOWING that he's being
treated less favorably than previously.
Robocalls can *usually* be handled with a trivial "defense": e.g., my
answering machine is enough to cause them to abandon the attempted
contact -- for TODAY.
Once you get humans involved, then the problem gets tougher: raising
the bar so folks can't just trivially work around your "screen"; making
sure you don't make it too tedious and discourage (or annoy!) them.
[E.g., I can make it VERY difficult for someone to impersonate *me* on
an inbound call -- because that would only inconvenience *me*! I'd
be doing that very infrequently AND would have a strong incentive to
ensure I couldn't easily be impersonated!]
Yes. The problem is evaluating the "cost" of each of those "failures".
E.g., if the robodialer from the library fails to get through (because
the machine silently DROPPED the call) and remind me of an overdue book,
how long will it be before I discover the fact -- given that a *repeat*
call from the dialer will lead to the same result? Do I want to be
(effectively) BUYING books for the library? Or, can I count on my
memory -- or some other behavior (check my account regularly) -- to
limit those costs?
A "secretary" could be reasoned with to work past some criteria he/she
may be imposing on incoming calls. Getting the same sort of flexibility
in an algorithm is considerably harder -- esp if you expect that
"solution" to find use with many "callee's"
I don't like paying people (esp ONGOING) for anything that I can do
myself. I'm using a little "VoIP gateway" to interface to our POTS
lines to my "system". I.e., the "house" looks like an analog
telephone (to the PSTN) and the PSTN looks like a VoIP system
(to the house).
I also have an ATA (Analog Telephone Adapter) that lets my system
interface to "regular telephones". So, this connects the legacy
telephone WIRING in the house to the system -- so the VoIP
system can interface BACK to those phones (if need be).
I have a trimline wall phone mounted in a closet (with a BELL!) that
is connected to the analog phone line in the event of a system failure
or power outage (as well as "on demand").
So, I get the legislated availability (and historical reliability) of
the POTS in my *outfacing* interface -- and the versatility of VoIP
on my *infacing* interface. Though, in the latter, *I* have to assume
responsibility for system reliability, availability, etc. But, that
is a worthwhile tradeoff, given the flexibility that it provides!
E.g, the "Help! I've fallen and I can't get up!" feature is difficult
to implement FOR A USER IN THE SHOWER! They would have to wear a
waterproof fob at all times that they could use to "signal" some
sort of "base unit" to initiate a call. And, that call would obviously
be limited to calling a FIXED number (do you want to call 911 every
time you fall? Or, would you like to try a neighbor, first, and
FALLBACK on 911 if they don't answer??)
I have a "network speaker" located in the ceiling of each bathroom
(think of it as "sound/music/pager over IP" :> ). So, if I'm in
the shower and wouldn't hear the phone, front door, etc., the
system can talk to me THERE.
Each of these "network speakers" also has a microphone (solves
another problem). So, it's easy to see how you've effectively
got a "speakerphone" on VoIP.
And, the final twist: there's no reason <something> can't be
LISTENING to the sounds from that microphone 24/7 (or, at the
very least, whenever it knows the bathroom to be occupied).
If it detects a loud cry (for help), it can elicit an inquiry:
"Do you need assistance?" and await a reply. So, the user need
not carry a "fob" to be protected!
Doing these sorts of things with POTS is just not practical.
But, you don't have to go to the VoIP extreme, throughout,
(losing the reliability of POTS), either!
My first design was essentially, "type the magic digit".
But, you can't give them more than one chance -- otherwise
they unconditionally type 0123456789.
Remember, if it's a machine you're dealing with, it will
have infinite patience and determination! It will keep
trying to call you, over and over!
A trick I learned when "protecting" products from counterfeiting
was to let the "thief" think he'd succeeded, then block him
some time later. So, they don't know which "test" they failed.
"Please enter your access code:"
<await some data entry -- never indicating when you THINK they
SHOULD BE DONE... i.e., don't let them deduce that you are
expecting N digits>
"Enter the desired party's extension"
<again, no clues as to what form the data entry should be>
<twiddle thumbs to tie up the caller -- letting them
think you are trying to put through their call>
"I'm sorry. Please try back, later"
Caller has no idea where they screwed up. Or even *if*
they screwed up! Perhaps the party they had selected
(with whatever "extension" code they typed) happened to
be unavailable AT THAT TIME (i.e., Shirley this machine
wouldn't be trying to DECEIVE ME???!)
Yes, I do. That's why I log them all and don't bother to block a number
until it shows itself to be a repeat offender. Which does happen more
often than you might think. OTOH, many numbers get used once, then
never again. They would be a waste of time to block.
My records show that use of a number can go in cycles - it may be used
for a few weeks, then disappear, never to be used again. I've also
found a few numbers that have been used by different scam campaigns
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.