We're having a strange one at $dayjob. When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id. It seems to be happening with both Verizon and AT&T. We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing. These are TDM calls. They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting. Our switch vendor (Ribbon / Genband / Nortel) also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers. Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again. I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers. Just wondering if others have seen this, and if anyone knows of a way to resolve it. thanks
We have found that a lot of people if they don't know who is calling will simply mark it as spam. If they make enough calls they are certain to upset enough people that will say it's spam when it's not. We have a client that manages properties and they call people to pay rent. It seems people that don't want to pay their rent and just mark the calls as spam. On Fri, Jul 8, 2022 at 1:08 PM Shawn L <shawn at rmrf.us> wrote:
We're having a strange one at $dayjob. When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id. It seems to be happening with both Verizon and AT&T.
We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing. These are TDM calls. They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting.
Our switch vendor (Ribbon / Genband / Nortel) also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers. Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again.
I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers.
Just wondering if others have seen this, and if anyone knows of a way to resolve it.
thanks _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
I forget who AT&T uses but HIYA, First Orion and TNS offer mechanisms to mitigate. On 7/8/2022 1:00 PM, Shawn L wrote:
We're having a strange one at $dayjob.? When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id.? It seems to be happening with both Verizon and AT&T.
We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing.? These are TDM calls. They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting.
Our switch vendor (Ribbon / Genband / Nortel)? also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers. Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again.
I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers.
Just wondering if others have seen this, and if anyone knows of a way to resolve it.
thanks
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Here?s a list that I have found, compiled by Spectrum. https://www.spectrum.net/support/voice/my-phone-number-coming-spam/ Hope this helps. Lou From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Shawn L Sent: Friday, July 8, 2022 10:00 AM To: VoiceOps <voiceops at voiceops.org> Subject: [VoiceOps] Calls coming up as spam on mobile carriers We're having a strange one at $dayjob. When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id. It seems to be happening with both Verizon and AT&T. We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing. These are TDM calls. They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting. Our switch vendor (Ribbon / Genband / Nortel) also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers. Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again. I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers. Just wondering if others have seen this, and if anyone knows of a way to resolve it. thanks
Does the hospital use this CLID to do "undesirable" calls such as collections? People can mark calls as spam on some carriers and with the third party apps. So spam or not, it happens. We have a medical billing company with this problem. On Fri, Jul 8, 2022 at 10:08 AM Shawn L <shawn at rmrf.us> wrote:
We're having a strange one at $dayjob. When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id. It seems to be happening with both Verizon and AT&T.
We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing. These are TDM calls. They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting.
Our switch vendor (Ribbon / Genband / Nortel) also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers. Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again.
I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers.
Just wondering if others have seen this, and if anyone knows of a way to resolve it.
thanks _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
On 7/8/22 10:00, Shawn L wrote:
We're having a strange one at $dayjob.? When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id.? It seems to be happening with both Verizon and AT&T.
Many things can trigger this. Does the hospital use this ANI for batches of automated calls such as billing and/or appointment reminders? Algorithms detecting large numbers of calls in batches can trigger it. I've personally received a reverse-911 call marked as "Spam Risk" by AT&T.
We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing.? These are TDM calls.? They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting.
It's the terminating cellular carrier marking it based on their own proprietary algorithms. Typically the call goes through as normal with CNAM changed to "Spam Risk" or similar.
Our switch vendor (Ribbon / Genband / Nortel)? also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers.? Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again.
I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers.
Is the hospital placing calls originating from all of those thousand numbers, or just from one?
Just wondering if others have seen this, and if anyone knows of a way to resolve it.
Don't use the same originating number for both bulk automated calls, particularly collection calls, and individual callbacks originated by a human. Expect bulk automated calls to be marked as spam, even if they are legitimate appointment reminders, etc. If you place such calls, program your dialer to detect a voicemail greeting/beep and leave voicemail if possible. In most cases the calls will delivered and the only thing changed is the CNAM display. It may be that a bad actor is spoofing your number for spam calls and you're getting listed that way. Spammers spoofing a hospital may result in a higher answer rate as people are more likely to pick up thinking that a friend or relative may have been injured. Encourage those expecting such calls to add the hospital number to the contact list on their phone. Also, if any of your customers are in the business of selling extended car warranties, lose those customers. /s -- Jay Hennigan - jay at west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
I feel like it's going to be automated reminders. If so: 1. Don't use your normal clid to do it (as was stated). 2. Originate the reminders from a pool of numbers and spread them out among the pool at random 3. Never ever ever initiate a stack of calls within the same second. Your system needs to perform the calls over a couple of hours, not all at 9am or whatever That should help. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Fri, Jul 8, 2022 at 1:49 PM Jay Hennigan <jay at west.net> wrote:
On 7/8/22 10:00, Shawn L wrote:
We're having a strange one at $dayjob. When one of our customers (in this case a hospital) calls a patient back on a cell phone, the calls are coming up with SPAM? in the caller id. It seems to be happening with both Verizon and AT&T.
Many things can trigger this. Does the hospital use this ANI for batches of automated calls such as billing and/or appointment reminders? Algorithms detecting large numbers of calls in batches can trigger it. I've personally received a reverse-911 call marked as "Spam Risk" by AT&T.
We've checked the the DIDs in question have and are sending the proper caller id, checked the Neustar database, etc. and can't find anything that's missing. These are TDM calls. They come in over multiple TDM PRIs and leave toward an AT&T tandem on a legacy TDM trunk group, so there's really no way to do STIR/SHAKEN call attesting.
It's the terminating cellular carrier marking it based on their own proprietary algorithms. Typically the call goes through as normal with CNAM changed to "Spam Risk" or similar.
Our switch vendor (Ribbon / Genband / Nortel) also mentioned that they've had other clients with the issue and it seems to be limited to calls placed to mobile carriers. Another telco was able to find an AT&T portal to register the numbers as legitimate, but it only lasted for about a month before they had to do it again.
I haven't researched where at AT&T they might have entered the numbers, but that doesn't seem like a valid option for a hospital with a thousand numbers.
Is the hospital placing calls originating from all of those thousand numbers, or just from one?
Just wondering if others have seen this, and if anyone knows of a way to resolve it.
Don't use the same originating number for both bulk automated calls, particularly collection calls, and individual callbacks originated by a human.
Expect bulk automated calls to be marked as spam, even if they are legitimate appointment reminders, etc. If you place such calls, program your dialer to detect a voicemail greeting/beep and leave voicemail if possible. In most cases the calls will delivered and the only thing changed is the CNAM display.
It may be that a bad actor is spoofing your number for spam calls and you're getting listed that way. Spammers spoofing a hospital may result in a higher answer rate as people are more likely to pick up thinking that a friend or relative may have been injured.
Encourage those expecting such calls to add the hospital number to the contact list on their phone.
Also, if any of your customers are in the business of selling extended car warranties, lose those customers. /s
-- Jay Hennigan - jay at west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
While the industry settled on SHAKEN as *the* definitive method for dealing with authentication, it seems that the mobile carriers had different ideas and have implemented their own SPAM control, of which SHAKEN is just one factor. So, ultimately, SHAKEN attestation is just a "suggestion". We have seen this several times and, as stated earlier, submitting the numbers to their whitelists does seem to help -- we haven't had the repeat complaint (yet) of numbers falling off the whitelist. Of course, each carrier has their own. AT&T Wireless https://hiyahelp.zendesk.com/hc/en-us/requests/new Verizon Wireless https://voicespamfeedback.com/vsf/ T-Mobile https://reportarobocall.com/trf/ First Orion, Hiya, TNS https://www.freecallerregistry.com/fcr/
This presentation by Matt Florell (of ViciDIAL fame) is an excellent source of further elaboration on this topic: https://www.youtube.com/watch?v=L8iqgZ5bLaw ? Alex
On Jul 8, 2022, at 4:06 PM, Pete Eisengrein <peeip989 at gmail.com> wrote:
While the industry settled on SHAKEN as *the* definitive method for dealing with authentication, it seems that the mobile carriers had different ideas and have implemented their own SPAM control, of which SHAKEN is just one factor. So, ultimately, SHAKEN attestation is just a "suggestion". We have seen this several times and, as stated earlier, submitting the numbers to their whitelists does seem to help -- we haven't had the repeat complaint (yet) of numbers falling off the whitelist. Of course, each carrier has their own.
AT&T Wireless https://hiyahelp.zendesk.com/hc/en-us/requests/new Verizon Wireless https://voicespamfeedback.com/vsf/ T-Mobile https://reportarobocall.com/trf/ First Orion, Hiya, TNS https://www.freecallerregistry.com/fcr/
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
participants (9)
-
abalashov@evaristesys.com -
caalvarez@gmail.com -
dovid@telecurve.com -
hf0002+nanog@uah.edu -
jay@west.net -
lou.h@aptalaska.com -
mark.wiater@greybeam.com -
peeip989@gmail.com -
shawn@rmrf.us