[VOIPSEC] Watering down VoIP security expectations.

[Ari Takanen]

Hello all,

Good conclusion there Tobias. There is no technical solution for SPAM
as it is not a technical problem. It is a problem in all free, open
and un-moderated services. There is no way people can beat SPAM in
"Free Internet Telephony", and that is exactly why there is a business
opportunity in VoIP. People will still pay for good service.

The best prevention methods that aim at this focus on providing:

- reliable identity (SIM cards in mobile phones is one good idea)
- generic legislation, and specific contract practices between parties
- trust relationships between VoIP providers

So if someone spams you from Romania, you should be able to know who
to blame. The carriers will blacklist VoIP providers and servers that
do not act according to best practices, and hopefully someone will sue
the negligent service providers. Problem solved.

This still leaves SPAM bots, and other attacks where a system is
compromised and a trojan is installed on the system. This is a reason
why you should use reliable platforms and devices. List of Codenomicon
recommended vendors is available on our web site!

/Ari

PS: Update your VoIP devices regularly!

On Fri, Mar 10, 2006 at 10:16:00AM +0100, Tobias Glemser wrote:
> So my conclusion is this:
> The SPAM/SPIT problem will never be beaten, we can only try to develop 
> better and better solutions to eleminate as many SPAM/SPIT as possible 
> before it reaches the user. This is where we can evolve, just have a 
> look at Anti-SPAM Boxes today. The race has begun but it will never finish.