[VOIPSEC] SPIT=telemarketing over VoIP - do we need a better term?(was Re: Confirmed cases of SPIT)

Smith, Donald Donald.Smith at qwest.com
Thu Mar 16 10:57:56 CST 2006 

Good points Dan, one that I think was missed it the ability to make
those calls to ANY destination using VoIP as the source. I don't think
the advertisers will care what type of phone you have they will just
want to reach as many people as possible as cheaply as possible. I have
seen ONE case where voip was almost certainly the mechanism used. It was
a recorded message (of course) and it "dialed" 100's or 1000's of phones
per min.

In that case one of the destination was an office pbx and it was unable
to handle the load.

Rate limiting the number of calls any ip can make in a minute will
prevent this type of abuse from a single ip.
It will not prevent botted pc's with softphones being used in much the
same way as botnets are used to send spam.

Security through obscurity WORKS against some worms and other tools:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org 
> [mailto:Voipsec-bounces at voipsa.org] On Behalf Of dan_york at Mitel.com
> Sent: Thursday, March 16, 2006 9:20 AM
> To: Eric Chen
> Cc: voipsec at voipsa.org
> Subject: [VOIPSEC] SPIT=telemarketing over VoIP - do we need 
> a better term?(was Re: Confirmed cases of SPIT)
> 
> Eric Chen wrote:
> > Despite the incidents, I wonder how effective SPIT is from a 
> > marketer's point of view.  In a spam email, the advertised 
> website is 
> > only one click away, but with SPIT, spammers would have to be more 
> > creative using
> 
> > only voice messages.  Simply asking people to write down a URL and
> access 
> > later doesn't sound effective.  (Maybe effective for advertising 
> > pay-per-call numbers, if they are available on VoIP)
> 
> I found this note from Eric fascinating in that it points out 
> a basic problem with the language we are using here.  The 
> term "SPIT" has entered our jargon and we say it is "SPam for 
> Internet Telephony" but yet it actually has really nothing 
> whatsoever to do with the "spam" that we are used to in e-mail.
> 
> It does make me wonder how many folks upon hearing the term 
> "SPIT" will think that somehow we will now be receiving 
> messages about various performance-enhancing products, 
> watches, sons and daughters of deposed dictators, better 
> mortgages, and various stocks that are sure to bring in 
> millions of dollars.
> 
> Yet, to me and others with whom I have discussed this, "SPIT" 
> is simply the sending over VoIP of all the standard 
> telemarketing calls that we all have been receiving - usually 
> at dinner or other inconvenient times - selling us potential 
> vacation getaways, insurance, better mortgages, magazine 
> subscriptions, soliciting donations for (questionable) 
> charities, or whatever other products or schemes people think 
> we will buy or fall for.
> 
> (And I would be very interested to know if others have different
> interpretations.)
> 
> In my mind, there's no fundamental difference *to the end 
> user* between the type of telemarketer calls that interrupt 
> my dinner now over the PSTN and the type that would occur 
> over my VoIP phone.  Both interrupt my dinner and both are 
> trying to sell me stuff that I probably don't want.  (And 
> yes, you can tell by my attitude that I'm on the US do-not-call list.)
> 
> The only difference is on a *technical* end where it is just 
> that much easier for the telemarketer to make the calls.  
> Instead of having to pay for all the PSTN-connected lines, 
> equipment, etc., and having the time delays inherent in the 
> PSTN connection sequence, a telemarketer just needs a big fat 
> pipe and appropriate software.  (And needs there NOT to be 
> appropriate identity standards that might prevent their actions.)
> 
> Other than that, it's the same unsolicited direct calling we 
> get today.
> 
> But it does point out a difference in our language.  At least 
> here in North America, it seems that we generally use these 
> terms for unsolicited direct 
> 
> marketing in various forms:
> 
> 1. Regular postal mail  -  "junk mail"
> 2. Phone (PSTN)         -  "telemarketing call" or "telemarketer"
> 3. E-mail               -  "spam"
> 4. Instant messaging    -  "SPIM"   (have also seen this just called 
> "spam")
> 5. SMS                  -  ??   (just "spam" or "SMS spam"?[1])
> 6. VoIP                 -  "SPIT"
> 
> Yet (to me, at least) #6 and #2 are essentially the same 
> thing.   Do we 
> need to try to use a different term?  (As if the headline 
> writers of the world would let us retire a term as great for 
> them as "SPIT"!)  Any suggestions?
> 
> Comments?  Thoughts?
> Dan
> 
> [1] Remember that I'm in North America where SMS isn't as big 
> as the rest of the world... so I don't honestly get exposed 
> to spam over SMS.
> 
> --
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel Corp.     http://www.mitel.com
> dan_york at mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for
> secure communication
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list