[SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat]

Sun Feb 27 04:21:20 EST 2005

On Fri, 25 Feb 2005 13:54:13 -0500
Sofa King Tyred of Lar Ting <nobody at devnull.spamcop.net> wrote:

> I don't agree that everyone who connects to the Internet should need
> to  know what a virus/Trojan, spyware, etc. is. The phone system today
> is  pretty secure (not accounting for Cell Phones and the new wave of 
> viruses to come). One doesn't need a license to use the phone or send
> a  fax even. Abusers of the phone system are easier to track down and
> stop,  since it's well designed (and more importantly, much simpler
> than the  Internet).

'scuse me? The phone system is *simpler* than the Internet? When did you
last peruse any of the X or V standards? I'd be happy to quiz anyone on
the differences between ETSI standards and the equivalent CCITT
standards, but I don't make enough money to be able to afford the
documents so I can't say for sure who got the answer right. The only
thing I'm confident about is that you'll get different answers from
different incarnations of the same phone system standard. The outrageous
complexity of CCITT is the major reason the Internet got off the
ground -- I vididly recall the calls for the destruction of the Internet
by CCITT afficionados because it didn't follow "established" standards
like X.400.

More relevant to the discussion, the so-called "dialer" strain of
malware is costing millions of Euros in damages to consumers by having
their PC dial out to a phone number on, say, Tuvalu. The scammer gets
his money because of the international accounting system, the phone
company of the victim can't intervene because he's legally obliged to
deliver the traffic (and makes a small fortune for his "reluctant"
cooperation in fulfilling his duties). BT stood up for a case that
apparently didn't even cross borders and is now in court over it (and
much as I hate BT, I hope they win this one). I am not aware of any
telco that ever successfully shut off phone access to a black hat
foreign telco.

And more down to earth, how many people have phones with displays that
show caller ID? How many people that do can afford to not answer the
ones without caller ID (hint: most of the civilized world passes caller
ID internationally, but many US telcos don't -- half the time I don't
answer an incoming call because of lack of caller ID, it later turns out
to be a colleague in the States who uses a "cheaper" telco).

If we can't even ward off the spectre of international telephone "direct
marketing" which uses the supposedly "secure" telephone system, what
chances do we stand to tackle abuse of the much more flexible Internet?

My approach has always been to go for quality: no caller ID, no ring
tone when you call me. No rDNS, no 250 response to your HELO. Except
that the Internet allows me to easily do that, and the phone system
doesn't.

If someone can point me to an ISDN phone that will not ring unless
caller ID is available, I'd appreciate it.

So, I think it would be good if quality standards would be enforced on
the telephone system. Being able to reject calls on lack of caller ID
and having a phone system equivalent to sbl.spamhaus.org would be a good
start. When that is done, let's continue discsussing improving the
Internet based on the phone systems good example.