[VOIPSEC] SPIT=telemarketing over VoIP - do we need abetterterm?(was Re: Confirmed cases of SPIT)
Jim Van Meggelen
jim.vanmeggelen at coretel.ca
Thu Mar 16 11:53:32 CST 2006
The porn folks could use SPANK : SPam over ANy Known media
--
Jim Van Meggelen
jim at vanmeggelen.ca
http://www.oreillynet.com/pub/au/2177
"A child is the ultimate startup, and I have three.
This makes me rich."
Guy Kawasaki
--
> -----Original Message-----
> From: McMillon, Matt [mailto:Matt.McMillon at qwest.com]
> Sent: March 16, 2006 12:45 PM
> To: Smith, Donald; dan_york at Mitel.com; Eric Chen
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] SPIT=telemarketing over VoIP - do we
> need abetterterm?(was Re: Confirmed cases of SPIT)
>
> But from a definition perspective, does the fact that a mass
> mailing campaign (sent via snail mail) is computer generated
> make it SPAM?
> Computer based marketing databases combined with word
> processing technology made mass mailing campaigns
> significantly cheaper and more efficient (and available to
> all), but did that really create a new problem (i.e. new
> terminology) or did it make an existing one worse?
>
> I would argue that SPIT should be defined only within the
> context of VoIP and threats that cross convergence point
> should be defined differently. That being said, I don't
> think an operations person trying to keep up with VM storage
> (VoIP, PBX or POTS based), or the end-user that has to clean
> out 600 VMs a day, is going to care--but the person
> mitigating the threat does.
>
> >From a mass marketing perspective, "success" is defined by very small
> percentage of respondents (1%-3% or less) so anything that
> significantly increases the number of people who receive the
> marketing material cheaply and quickly is going to be very
> popular with marketing folks, as well as political
> organizations. Doesn't mean that purveyors of online porn
> and the like are going to switch to SPIT from SPAM, however.
>
> Matt
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org
> [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Smith, Donald
> Sent: Thursday, March 16, 2006 9:58 AM
> To: dan_york at Mitel.com; Eric Chen
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] SPIT=telemarketing over VoIP - do we
> need a betterterm?(was Re: Confirmed cases of SPIT)
>
> Good points Dan, one that I think was missed it the ability
> to make those calls to ANY destination using VoIP as the
> source. I don't think the advertisers will care what type of
> phone you have they will just want to reach as many people as
> possible as cheaply as possible. I have seen ONE case where
> voip was almost certainly the mechanism used. It was a
> recorded message (of course) and it "dialed" 100's or 1000's
> of phones per min.
>
> In that case one of the destination was an office pbx and it
> was unable to handle the load.
>
> Rate limiting the number of calls any ip can make in a minute
> will prevent this type of abuse from a single ip.
> It will not prevent botted pc's with softphones being used in
> much the same way as botnets are used to send spam.
>
> Security through obscurity WORKS against some worms and other
> tools:) Donald.Smith at qwest.com giac
>
> > -----Original Message-----
> > From: Voipsec-bounces at voipsa.org
> > [mailto:Voipsec-bounces at voipsa.org] On Behalf Of dan_york at Mitel.com
> > Sent: Thursday, March 16, 2006 9:20 AM
> > To: Eric Chen
> > Cc: voipsec at voipsa.org
> > Subject: [VOIPSEC] SPIT=telemarketing over VoIP - do we
> need a better
> > term?(was Re: Confirmed cases of SPIT)
> >
> > Eric Chen wrote:
> > > Despite the incidents, I wonder how effective SPIT is from a
> > > marketer's point of view. In a spam email, the advertised
> > website is
> > > only one click away, but with SPIT, spammers would have
> to be more
> > > creative using
> >
> > > only voice messages. Simply asking people to write down a URL and
> > access
> > > later doesn't sound effective. (Maybe effective for advertising
> > > pay-per-call numbers, if they are available on VoIP)
> >
> > I found this note from Eric fascinating in that it points
> out a basic
> > problem with the language we are using here. The term "SPIT" has
> > entered our jargon and we say it is "SPam for Internet
> Telephony" but
> > yet it actually has really nothing whatsoever to do with the "spam"
> > that we are used to in e-mail.
> >
> > It does make me wonder how many folks upon hearing the term "SPIT"
> > will think that somehow we will now be receiving messages about
> > various performance-enhancing products, watches, sons and
> daughters of
>
> > deposed dictators, better mortgages, and various stocks
> that are sure
> > to bring in millions of dollars.
> >
> > Yet, to me and others with whom I have discussed this, "SPIT"
> > is simply the sending over VoIP of all the standard telemarketing
> > calls that we all have been receiving - usually at dinner or other
> > inconvenient times - selling us potential vacation getaways,
> > insurance, better mortgages, magazine subscriptions, soliciting
> > donations for (questionable) charities, or whatever other
> products or
> > schemes people think we will buy or fall for.
> >
> > (And I would be very interested to know if others have different
> > interpretations.)
> >
> > In my mind, there's no fundamental difference *to the end
> > user* between the type of telemarketer calls that interrupt
> my dinner
> > now over the PSTN and the type that would occur over my VoIP phone.
> > Both interrupt my dinner and both are trying to sell me
> stuff that I
> > probably don't want. (And yes, you can tell by my attitude
> that I'm
> > on the US do-not-call list.)
> >
> > The only difference is on a *technical* end where it is
> just that much
>
> > easier for the telemarketer to make the calls.
> > Instead of having to pay for all the PSTN-connected lines,
> equipment,
> > etc., and having the time delays inherent in the PSTN connection
> > sequence, a telemarketer just needs a big fat pipe and appropriate
> > software. (And needs there NOT to be appropriate identity
> standards
> > that might prevent their actions.)
> >
> > Other than that, it's the same unsolicited direct calling we get
> > today.
> >
> > But it does point out a difference in our language. At
> least here in
> > North America, it seems that we generally use these terms for
> > unsolicited direct
> >
> > marketing in various forms:
> >
> > 1. Regular postal mail - "junk mail"
> > 2. Phone (PSTN) - "telemarketing call" or "telemarketer"
> > 3. E-mail - "spam"
> > 4. Instant messaging - "SPIM" (have also seen this
> just called
> > "spam")
> > 5. SMS - ?? (just "spam" or "SMS spam"?[1])
> > 6. VoIP - "SPIT"
> >
> > Yet (to me, at least) #6 and #2 are essentially the same
> > thing. Do we
> > need to try to use a different term? (As if the headline
> writers of
> > the world would let us retire a term as great for them as
> "SPIT"!) Any
> > suggestions?
> >
> > Comments? Thoughts?
> > Dan
> >
> > [1] Remember that I'm in North America where SMS isn't as
> big as the
> > rest of the world... so I don't honestly get exposed to
> spam over SMS.
> >
> > --
> > Dan York, CISSP
> > Dir of IP Technology, Office of the CTO
> > Mitel Corp. http://www.mitel.com
> > dan_york at mitel.com +1-613-592-2122
> > PGP key (F7E3C3B4) available for
> > secure communication
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.2.4/282 - Release
> Date: 15/03/2006
>
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.4/282 - Release Date: 15/03/2006
More information about the Voipsec
mailing list