USPS text scammers duped his wife, so he hacked their operation

we need a new phone/text messaging infrastructure that prevent number spoofing AND force operators to filter out scams attempts.

True. But neither "our" government, nor the corporations maximizing their profits in the current dystopia, give more than a lip-service sh*t about doing that.

At least for people in the US, the solution is simple: make internationally-sourced communications opt-in. By default any calls or texts originating from a non-US carrier will be dropped. Then, any spam coming in must be from a US entity, and can be investigated & prosecuted. People who do need to receive internationally-sourced communications can turn it on with their carrier. While they'll still be at risk of receiving spam, the value of sending that spam in the first place will go way down because the vast majority of it will just get dropped. It's an easy solution, and it solves call/text spam for everybody.

I'm reasonably sure that countries like France will sign a treaty to not allow spoofed numbers in this way. They don't want to be a source of scams anyway and so will do their part to prevent them. The details of this matter of course, but France should be an easy automatically opt-in. (I picked France because I can spell it, there are several dozen others that I'm confident can be in the automatic opt-in list as nothing from them is a scam)

I have never once got a spam call from an international number, just local numbers. So your plan doesn't work when some local proxy is happy to take the traffic.

We have a lot of progress under the form of STIR/SHAKEN. Now it doesn't prevent all types of spoofing but it makes the calls traceable back to the originating carrier.

What happens is scammers get numbers with small carriers who interconnect with major ones. Eventually the reputable carriers notice spam from these smaller carriers and start dropping their calls (or banning them altogether). So the smaller carriers decide whether they want to see their legitimate traffic dropped or just ban the offending users (which is eventually what ends up happening). Scammers end up hopping to a different carrier so it's a cat-and-mouse game, but it's a lot more expensive to play now than it was with simple number spoofing.

In parallel, numbers are starting to get reputations attached to them, similar to IP addresses. Some filtering takes advantage of that.

Of course, spearfishing can continue unimpeded with someone buying a prepaid cell phone and using that to call a specific target. :(

https://transnexus.com/whitepapers/understanding-stir-shaken...

A lot of the time spam calls might look like they're a local number, but they're just manipulating caller ID. Often the actual call can originate anywhere on the planet and look like a local number to you.

Up until very recently, caller ID was stupid easy to spoof if the originating phone company didn't care.

Yeah, I'm not sure why but a lot of comments here tend to go down the "governments must stop this with law enforcement" route when there is probably much better ways to do this technically without forming international task forces.

Sure, but the Telcos seem perfectly fine with taking the monies from the scammers until they are forced to do something.

I mean, it's validly been 25 years since I received my first scam text and I still sporadically get them once in a while.

and a third option: telco carriers are liable for allowing this to go on.

> AND force operators to filter out scams attempts.

How do you expect that to be implemented without requiring them to read everyone's texts (requiring either no encryption or a backdoor) and judge their worthiness?

Until recently I would get spam text messages from my own cell phone number. Telecommunication companies are complicit in all of this for allowing phone number spoofing. As long as they make money I guess it's OK for them.

If you have a mecanism that allow users to report scammers you could automatically ban callers/senders that are reported by a sufficiently large number of persons very quickly.

STIR/SHAKEN is only for calls, though, not SMS/MMS. Messaging is a giant hole, there...

Aren't they already doing this, for SMS/MMS, at least?

This works great for e-mail...

Actually...

Doesn't it now take a significant amount of effort to get a valid company e-mail whitelisted by the incumbents exactly because of this and yet I have received multiple emails today about diplomatic correspondence...

... and create a new opportunity to do a denial-of-service attack on any person by reporting her phone number as a source of unwanted calls. If the reporting happens via a web page this DOS attack can be automated and sold as a service.