Software

Does UC present new opportunities for spammers?

Unified communications (UC) makes it easy to get your messages no matter where you are. But is there a dark side to all this convenience? Will UC also make it easier for spammers to find and target you with their advertising messages?

As we head into a new year, 2008 promises to bring about revolutionary changes in the ways we use familiar communications tools. The premise of the coming integration of different forms of messaging -- e-mail, voice, IM -- into unified communications systems is exciting. UC makes it easy to get your messages no matter where you are, and it makes it easy for colleagues, friends, and family to find you when they need you.

But is there a dark side to all this convenience? Will UC also make it easier for spammers to find and target you with their advertising messages? What can you do to help prevent the UC dream from turning into a nightmare of unwanted calls, mail, and instant messages?

Voice spam: The next big irritant?

It's annoying enough to open up the mailbox on your e-mail client and discover dozens -- or in some cases, hundreds -- of messages trying to sell you something (or worse). But sophisticated spam-filtering programs, mail rules, and other techniques have made unwanted e-mail messages, for the most part, manageable.

In many cases, we never even have to see most of the spam sent to our addresses. And many of us have developed the ability to quickly detect and delete the spam messages that do make it into our inboxes, without ever actually opening them.

But just imagine what it would be like if you woke up tomorrow morning to discover a similar number of unwanted phone messages in your voice mail. Since voice messages generally don't have subject lines, identifying the "junk calls" might be a lot more difficult. And while reading pitches for body parts enlargement products is bad enough, do you really want to have to listen to a spiel touting the magical abilities of this or that cream, pill, or exercise?

Telemarketing has long been a waster of time and destroyer of dinners, but just as the convenience and low cost of e-mail created an explosion of text-based junk mail, will the convenience and low cost of VoIP technologies result in a similar exponential increase in the number of voice-based advertising messages?

VoIP spam already has a name -- actually, a couple of names. Some call it vamming, while others refer to it as SPIT (that's spam over Internet telephony). You don't have to be a VoIP user yourself to be subject to SPIT. Spammers can use their own VoIP lines to call your landline (or even worse, your cell phone) and, unlike when they're using traditional PSTN lines, they usually don't have to pay long-distance charges, so they can blanket the entire country with spam calls.

The bad news

How does today's UC technology play into all this? One of the goals of UC is to provide "presence" so that others know when you're available and can reach you whether you're at work, at home, or on the go. The "find me, follow me" feature that's an important part of UC assigns you a virtual phone number routed through a list of phone numbers, including your landline at home, your VoIP phone at the office, and the cell phone that you take with you when you're out and about.

This could make it easier for advertisers to reach you. This creates the potential for decreasing work productivity as you deal with spam calls, having your relaxing evenings at home interrupted by advertisers, or even using up your precious airtime minutes if you answer when they ring through to your cell phone.

And with integrated text messaging, it can be even worse. You can avoid paying for incoming calls to your cell phone by not answering, but text messages come in without any action on your part, and many wireless providers charge you a fee for every text message. Those 10 or 15 cent charges can add up fast if texting spam is deluging your phone. Just imagine having to pay a dime for every e-mail spam you get over the course of a year.

The good news

If you're sitting there now, thinking about canceling all your phone services to avoid the impending deluge of SPIT, don't despair just yet. The good news is that advanced VoIP services don't just make it easier for spammers to find you -- they also make it easier for you to take steps to block their calls.

Screening features and software make it easy for you to block calls from specific numbers, to flag particular numbers as spam, and to select to either send the call directly to a special spam voice mail folder, just hang up, or play a "number is not in service" message without sending the caller to voice mail. You can also choose to do this with unknown callers, so you don't actually have to have the number of every spammer in order to block them.

Some systems will also allow you to listen in on voice mail calls live (as you can do with an onsite answering machine) and pick up the call if it's someone you want to talk to or discard it if it's not. You can similarly block text messages from specific senders or all text messages.

At present, voice spam over IP hasn't become a real problem. If and when it does (and most industry experts seem to think that eventually spammers will grab hold of this opportunity in a big way), both service providers and users will demand technological solutions similar to those now used to control e-mail spam.

That is, software developers will be responsible for creating programs that can automatically differentiate between spam and non-spam messages and block or isolate those that are most likely unwanted. Are they up to the challenge? Only time will tell, but many companies are already working on solutions.

Meanwhile, somewhat surprisingly, some consumers are fighting for their right to receive spam on their cell phones. Recently a number of consumer groups filed a complaint with the FCC in response to Verizon's and other carriers' blocking of advertising text messages, claiming the wireless providers' actions amount to censorship.

Want to stay on top of emerging trends in the convergence of e-mail, VoIP, IM, and video conferencing systems? Automatically sign up for our free Unified Communications newsletter, delivered each Monday!

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

12 comments
zclayton2
zclayton2

Charge the originator of calls, not the recipient. If they call my cell, they don't connect until they pay for the connection.

eric
eric

Of course the spam/UC problem will be nasty. But I don't trust the marketplace to fix it. The marketplace benefits too much, and so do spammers. The same Type 1 & Type 2 errors are found in spam filters as in any other form of "testing for fit." While Yahoo seems to have have very accurate hits as well as a fast way to recover mistaken real mail, Comcast does not. What you get may be a fraction of what's offered, but some of what they filter out is not spam but business correspondants, friends and relatives.

apotheon
apotheon

I agree with your thesis -- that spam filters in general tend to be suboptimal. I don't agree with all of your reasoning, however. The market is our best bet for fixing it. The problem with your analysis is, I think, that you imagine "the market" is the collection of people trying to squeeze money out of you with a spam filtering "product", and that's it. There's more to it than that, though. It also includes things like people who genuinely want to cut down on the amount of spam in the world in general, in part because doing so also cuts down on the amount of spam that they themselves receive. Many such people contribute to open source software development. In some cases, companies with no business interest in spam at all might fall into that category as well, and be willing to do something to help solve the problem. These people are as much a part of economic markets as those who just want to extract payment for a spam filtering "product" or service. They're the people to trust -- not huge corporations like Norton -- because their motives are the same as yours. After all, when others get spam, their systems tend to get infected with spam bots too -- which then contributes to the volume of spam on the Internet, ultimately leading to more spam getting into [b]your[/b] inbox, too. That's one of the least well-known truisms of IT security: the less secure your neighbors are, the less secure you are, too. The biggest problem I have with most existing spam filters, however, is not what they let through. It's the fact that they often block many legitimate emails -- and the only thing worse than spam in your inbox is legitimate messages falsely identified as spam so that you never receive them (known as "false positives"). One false positive is one too many.

mgiannoni
mgiannoni

Probably, the author of this article is assuming that the normal reader of this blog knows all the common abbreviated terminology for example VoIP "Voice Over Internet Protocol" or SPIT , "Spam Over Internet Telephony" but, and I beg your pardon for my ignorance, I couldn't find any explanation for the main subject of this article; UC. What UC does it stands For? Is it United Communications, Universal Communications, University of California?... Thank you in advance for your clarifications, Marcello Giannoni

bfpower
bfpower

Hi Marcello, I was wondering the same thing. UC stands for Unified Communications, and is a blanket term referring to the recent convergence of communication technologies (email, IM, VoIP, etc). Hope that helps. Ben

mgiannoni
mgiannoni

Hi Ben, Thank you for your reply this is good to know. I wish you a good day Marcello

SObaldrick
SObaldrick

What is meant by convergence? I consider myself pretty technology savvy. I use a PDA phone with IM wifi and bluetooth and I know what Voice Over IP is, but not sure what is meant by UC. An example of UC would help explain the article. Les.

donnymo
donnymo

At Akonix, our folks agree that UC opens up more entry points for bad things and exit points for good things. Although SPIT (VAM, whatever) will indeed grow and will be somewhat of a challenge, our research shows that implementation of UC in corporations will create bigger risks and liabilities in 4 areas: 1. Security -- Hackers will take the path of least resistance. We put in firewalls, so they use email to drop malware and spyware. We add Ironport or Trend Micro or whoever for email security, they turn to instant messaging. The same will be true going forward. UC presents the hacker with multiple vectors into the organization. 2. Non-compliance liabilities: For those of you in highly regulated industries, you'll be faced with the challenge of monitoring and archiving communications over email, BlackBerry, IM, SMS, VOIP, eFax, blogs, wikis and smoke signals. OK, maybe not smoke signals, but you get the point. The law says we need to retain business records, and all of those communications modes are business records to some extent. 3. Liability for inappropriate use: Remember in the mid-1990's when we first started hearing about people getting fired or fined for inappropriate emails? UC hands the guy with the dirty jokes more ways to spread them. They're monitoring my email? I'll use my IM to tell my off-color jokes. Our own primary research showed that 31% of surveyed employees have been harrassed over IM in the workplace. That's 24 million potential lawsuits, folks. Companies carry liability for all of it that crossed their LANs and WANs. 4. Information leakage: Among our customers and researchers, we think this is the fastest growing. Every company has its share of employees who are a bit shady, or disgruntled, misguided, or maybe just plain dumb. UC gives them more ways to tell company secrets outside the company. Like we said about computers in the '80's... "Great, now stupid people can do stupid things faster". UC's multiple communications paths present the malicious and negligent employees with more ways to let confidential or regulated info out. As Microsoft, IBM, Cisco, Nortel, Avaya, etc. continue to deliver more and more UC to corporations, the topic of protecting all of it with policy, security, and compliance efforts will grow in importance. Hopefully we'll see bloggers like Deb take on the topic and offer insight and potential solutions. Don Montgomery Akonix Systems, Inc.

dontor
dontor

I handle the tech work at our real estate office, and property management. My cell must be on 24/7. This threat could well make my life a true nightmare. If this revenue stream is so needed, I feel it is entirely uncumbent upon our providers to establish the mechanisms to protect those of us who don't want this. If they cannot, then it somehow ought to be banned. Just expressing an opinion as I don't know enough about the technology.

mrogers
mrogers

Personally, I believe solicitation should be decided individually. If you want your carrier to block spam text, then you shouldn't have to do anything. But, Verizon (in this case) should allow their consumers to receive these texts if they chose to turn it on. For instance if you are in the market for a used vehicle, then you may want to get some spam texts for that particular subject, but only WHILE you are in the market for it.

swell72
swell72

I agree that the user should be able to decide if they receive SPIT or not. One of the problems is that user choice for filtering SPIT adds overhead and cost for Verizon and other carriers. Guess who gets to pay for SPIT whether or not they want it? You and I do!