Re: [stir] FYI only: Two new VoIP spam drafts

Henning Schulzrinne <> Sun, 13 November 2016 11:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 23A861296F9; Sun, 13 Nov 2016 03:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.697
X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LeA9YkYthWMr; Sun, 13 Nov 2016 03:03:26 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D26E91296EA; Sun, 13 Nov 2016 03:03:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-fcc-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hHpz9aiUgCXitNkzHFCQ8/BafAPTumNscEBC2VeZ0hA=; b=ARLq2ow0Fx59rl3IWT0l/LWhphv5pxOv7mpEwFqdztHp7bH86b1aRlWKc62PIgG5IafexeFmt5RSWGaVHqnPKQjA4MHWM0VMyLkCYfa1YnLi8LPbPXoann/vITmmuMr3O7pcJuHnfiG2vYXp/MCNZLrAHiLcWHQseRlToG7Culk=
From: Henning Schulzrinne <>
To: Alex Bobotek <>, "" <>, "" <>
Thread-Topic: FYI only: Two new VoIP spam drafts
Thread-Index: AQHSG4AHdXDxA/hrj06MJ4pEMbL5u6CUpQ4ggEJcrr4=
Date: Sun, 13 Nov 2016 11:03:21 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0635; 7:z77W+e6iNZeeL3JX2GfapjbVDDlM36veCFILWuQ6Qs7RImi0zaRRLXCx5XvU02iRmUg6bvmcqCQDN1PBwcCxCCWs1bb6dpXqrWQRbM3clz6whlHPySkvYDrY8gxvlyuEbPkXJJ42nvy/ZCAhrMdKY6hpeufNrCk0FwzjWtUyK2VlnFKGHlO7EsZvzCn6P7HP/AMB0PzSrVANjiSpqn5WSZsr7OHl6MOHRyazntdV1hWumi+EeZ9uMicpkC4m062AH43q6vTCAZ9TuLKqrjxJ/Q3phThT9Ow8ANWA4lNW768DAXfOQb579AxO7m8eG1jaFOM/i19r9PejTr1ziaUrEre2qZ4KhDoRZpJYj6vbBQg=
x-ms-office365-filtering-correlation-id: eaefbbd3-7ceb-4110-fdd4-08d40bb4ae76
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR09MB0635;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(120809045254105)(231250463719595);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:CY1PR09MB0635; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0635;
x-forefront-prvs: 012570D5A0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(336003)(377454003)(189002)(69234005)(199003)(92566002)(33656002)(8676002)(77096005)(229853002)(2501003)(19627405001)(66066001)(15187005004)(2201001)(50986999)(76176999)(2900100001)(8936002)(54356999)(7696004)(86362001)(2950100002)(76576001)(101416001)(81156014)(81166006)(10126002)(107886002)(6606003)(87936001)(586003)(105586002)(106356001)(99286002)(5001770100001)(106116001)(74316002)(189998001)(6116002)(2906002)(3846002)(68736007)(102836003)(7846002)(9686002)(5660300001)(122556002)(7906003)(3660700001)(7736002)(97736004)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0635;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR09MB0634FC71E04DE7796429FB25EABD0CY1PR09MB0634namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2016 11:03:21.3163 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72970aed-3669-4ca8-b960-dd016bc72973
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0635
Archived-At: <>
Subject: Re: [stir] FYI only: Two new VoIP spam drafts
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 13 Nov 2016 11:03:29 -0000

Catching up on comments. Please see inline.

From: stir <> on behalf of Alex Bobotek <>
Sent: Sunday, October 2, 2016 2:01:50 AM
To: Henning Schulzrinne;
Subject: Re: [stir] FYI only: Two new VoIP spam drafts

It’s good to see the docs.  I’m very pleased to see the facilitation of end-user feedback, information crucial to abuse mitigation.

Comments on draft-schulzrinne-dispatch-status-unwanted:

1.       The status code could, conceivably, be returned by automata or by human-triggered action (e.g., user click on the ‘report spam’ button).  Consider whether the status code could reflect action by someone or something other than the typically-human called party and at points before the terminating device.  IMHO, it should permit such indications from automata as well as human-initiated actions.

>> Definitely both.

2.       The recommendation that the response code not be used in creating call filters unless the call has been authenticated via 4474bis is too strong.  There are many cases where I want such non-authenticated information to be used to filter my calls.  Just about everybody using the more popular call blocking solutions available today benefit from blacklisting based on feedback of unauthenticated caller IDs, and this practice should not be terminated capriciously.  Additionally, 4474bis is only one of many methods of auth and may instead be more of  a statement of service provider origination than of calling address authority or authentication.  I suggest toning this down to a statement that the possibility of spoofing or unauthorized use should be taken into consideration in constructing call filters.

>> Good point.

3.       The draft should include normative text that specifies when a SIP entity MAY/SHOULD/SHALL return the status code.  It only specifies what a recipient of the code MAY do.  For example, add to section 4:

“A SIP entity MAY reply to a SIP request with the ‘Unwanted’ response code if there is a user-initiated or other indication that the request is unwanted. “

>> I'm not sure how to write this. I don't see a SHOULD/MUST here since the UAS would never have to return this at all, even if it is spam.

4.       Consider allowing SIP entities handling the response to substitute a different code in any forwarded responses.  A called party may not wish to convey rejection as unwanted all the way back to the calling party.  I don’t know the right answer, and I hope others’ opinions will be expressed.  There are times when a message instructing a caller to ‘place me on your organization’s DNC’ is desired, and times when a more silent approach is preferred.

>> With SBCs, this is common, so I see no harm.

5.       The introductory paragraph discusses the need to express that a call is unwanted.  Section 3 discusses the need to indicate that a caller’s calls are unwanted.   These are different assertions.  The most basic assertion is ‘this call is unwanted’.  Perhaps an additional ‘no calls from that address are wanted’ assertion should also be supported.

>> I'm not sure how expressing displeasure only about the call itself is helpful. The typical call spam button also doesn't just drop the message into the spam folder (unless it's a stand-alone client); it flags the message sender, typically, for enhanced scrutiny.



From: stir [] On Behalf Of Henning Schulzrinne
Sent: Friday, September 30, 2016 6:08 PM
Subject: [stir] FYI only: Two new VoIP spam drafts

[Please address comments to the DISPATCH list; this copy is FYI only since I forgot to bcc the list.]

In collaboration with members of the Robocall Strike Force (, I have submitted two I-D's:

that fill in operational needs for dealing with SIP spam. The first defines a new status code (666) that users can use to mark unwanted calls, either as a response code to an INVITE or in a Reason header in a BYE response. (This will likely be supplemented in practice by API-based mechanisms for post-call spam reports.)

The second defines a set of Call-Info parameters that allow the carrier or other UE-trusted SIP entity in the path to indicate the spam probability, type of call and other related information that will allow the UE and user to make better call handling decisions.

This complements the 'verstat' work being submitted to 3GPP (by others), for indicating the level of trust in the From/PAI tel URI.