alt Hacker NewsThe Australian Government to Require SMS/MMS Sender ID Registraion
Comments
As an Australian, I'm happy to hear this, but also annoyed that a lot of legitimate SMS from companies don't use branded sender ID. I'm not sure why, but my guess is that SMS gateways charge more for it and businesses don't want to pay the extra cent or two.
As counter measure to text scams the Australian government (actually ACMA which I think is the Au version of the FCC) has introduced a national register of Sender Ids, which comes in to effect on the 1st of July. It requires providers to mark any unregistered Sender Id as 'Unverified'
I haven't yet been able to find the full register (if it's even public) but I thought this is an interesting approach.
Singapore does this. Any message that comes from an unregistered sender show up on the phone with “Likely Scam” as the sender name.
I am sure there are reasons why this won't work, but could it really be so hard to show both the faked number, and where the call actually comes from, so I could choose which one to add to my block list.
Sadly this isn't limited to Australia. RCS the SMS successor does not consider free peering. I believe security is used as an excuse to create a closed ecosystem that surfaces new businesses and therefore innovation.
For a community of builders, like this, any barrier to entry will be problem, however we'll intend.
It is crazy that wasn't something already required. Here local sms-gateways always required paperwork to prove word you want to use as sender name is a brand you own.
India has something similar, and even goes a step further by having last alphabet as an identifier for Promotional, Services, Govt. etc.
Good move, it's crazy how many scam calls and SMS I receive in Australia. In fact, if I get an SMS or a call, I just assume it's a scam.
Interesting change. If it helps cut down on spam and phishing texts while keeping branded messages trustworthy, it sounds like a step in the right direction.
I welcome this move, enforcing that SMS messages come from who they say they'll come from is important.
Personally I think the whole system of replacing the point of origin with a name needs to be overhauled. Allowing a name as well is fine, but the practice of delivering messages that can't be replied to is pretty poor.
Rather than have to futz around with a different number or website to go to, I should be able to just reply "STOP" if (for example) Dominos keep spamming me with Pizza offers I don't want.
This sounds connected with their social media restrictions.
Governments always want to know everything. They are like the biggest data sniffers now, even more so than e. g. CIA-book (formerly known as Facebook).
I've yet to read a good explanation of why the telcos permit CLID faking and reinjection of apparently local CLID by overseas inputs.
I'm assuming there's a technical and/or willpower reason or some counterfactual like VOIP depends on it.
Even just flagging it would help. Or, rejecting numbers they can know lie inside their own routing architecture, or asserts within their own number plan where the CLID does not match.
Morally it's like BCP38 in the customer facing internet systems: reject customer input they don't pay you to assert.