SIP Spam – A cure has been indentified!

NO WAY! I refuse to deal with even more unsolicited garbage! My e-mail box is overrun with crap from every corner of the planet now you are telling me that I can look forward to MORE of that in form of SIP SPAM? Arrrrgh!

With SIP deployment comes the big issue regarding SIP enabled SPAM. Unsolicited IM messages coupled with Voice and Video SPAM clips could cripple a network and piss everyone in the network off to no end. SIP is going ahead regardless but those networks that put in place SIP Trust mechanisms will certainly have a greater value than those networks that do not.

What are we doing about it? This last weekend I listened in as Robin Raymond – CTO of Xten and Cullen Jennings of Cisco discussed proposed solutions to the expected SIP SPAM onslaught.

Once solution which I thought was especially good was one that was comprised of 3 main components: SIP Certificate Authorities, a SIP Web of Trust for all services in the network to be trusted before sending calls through the network and Payment Due for Unrecognized SIP Callers.

In summary, the Certificate Authority would issue certificates to service providers who are legitimate and legal. The users of those networks would now have a user certificate under that now secure provider and the users would now be considered secure as well. If someone wanted to call your SIP phone number they would have have a secure cert issued by their provider. All components of the network they are calling from in order for the call to get through would also have to be certified as authentic. If the caller is unknown, even if they are considered secure, they would have to pay a nominal fee for that first call, e.g. 10 cents. Once the caller is ok’d by the receiving end they would be added to a white list and not have to pay to talk to you again. You would also be able to refund the amount back to the user but the merchant providing the payment services would still get their cut, which means the receiver would have to pay the extra % in order to do the refund. Of course this all goes for a header when you introduce the PSTN into the mix but existing laws regarding telemarketing etc. will pick up the slack there.

There were other concepts as well but I think this one has the most promise.