Where do you find if a caller is a spammer? I usually don’t answer calls from unknown numbers but I’m starting to be concerned because it might happen that some (dumb) service provider try to call me using an unknown number. That’s why I sometimes google the number afterwards. The problem is that google isn’t that efficient in finding numbers and as usual try to guess what I meant.
local.ch has some legit callers listed.
I found peace with the fact that whoever (unknown number) wants to reach me can either leave a call memo, use SMS or WhatsApp.
Or can try again. And if the same number tries the 3rd time, I get weak and pick up, only to find out it was spam again, in 99% of cases. 
12 Likes
I don’t think that’s possible, because it seems to be a cat and mouse game where they do get new numbers frequently.
Anyway, I usually just answer without saying anything and wait until they say something.
And then if I’m in doubt if it’s a legitimate call I just hang up and block the number.
Sometimes it’s already obvious from the background noise that it’s spam.
Why should a service provider call me unsolicited?
1 Like
You need to know that you haven’t asked anything to anyone. For example Raiffeisen calls me almost every time I ask them something via email/chat. It shows as Raiffeisen on my phone, though.
1 Like
Telecom providers don’t properly implement phone number spoofing detection and termination. Why? Spoofers need a paid line somewhere, so providers don’t care. They get paid for their service and ignore the hassle it generates for their customers.
Swisscom does a good job of blocking calls before they reach the phone. I had far more spam callers with Sunrise or Salt, but after switching to Wingo/Swisscom, I now receive only one or two calls per year, and I still have the same number.
1 Like
To be fair, there are two types of spam:
- Those which we consider to be spam, but which we have authorized (checkbox forgotten during registration, etc.). If the telecom provider were to block such calls, it would quickly have a COMCO complaint on its hands. Especially if the caller is from the competition.
- Then there are those that are really spam, but they often use fake numbers, which in themselves are perfectly legitimate (Caller ID spoofing). Now you could go and block entire providers that allow this. But then you also block legitimate callers who use different telephone providers with the same number.
Telephony simply comes from a time when no protection mechanisms were thought of. It’s all broken… The same with SMTP (Email Spoofing) or BGP (BGP hijacking).
If you approved those calls by forgetting to uncheck a box, they can’t be called spam. No one can be saved from their own stupidity.
Those systems now have several protection mechanism in place to prevent this, so you’re comparing a system that was broken but then fixed to a system that is still broken.
It’s funny because it’s perfectly viable to solve the problem with all of them but no one cares.
What do you mean it’s not possible?
I’m talking about companies that show up when you enter the number you were called from. When I do find the number on local.ch, almost always it’s because of something I initiated, e.g. I sent an e-mail asking for an offer, or something similar.
It was in reply to where do you find if a caller is a spammer, implying some kind of list of numbers used by spammers.
Yes, you find the legit companies that you’re doing business with on local.ch. So if you inverse it as a kind of white-list I suppose that approach works.
3 Likes
As a domain owner, you can protect your own domain from being misused for phishing by using SPF, DMARC and DKIM. It is more difficult on the receiving end: You can check the SPF record first. Most senders have one. However, SPF is also broken. According to the RFC, you may only validate the envelope-from-Header against the SPF record, but not the from-header. What is faked, however, is the from-header. This was recognized and DMARC was therefore developed. As soon as a domain has a DMARC DNS record, you can validate the from-header. But now you have the problem that only 40% have a DMARC record. You must therefore continue to accept all e-mails that do not have a DMARC header.
So if you are an email provider and your customer does business with someone who does not have a DMARC record, your customer can still receive fake emails from that contact. You cannot protect your customer 100% because you cannot rely on every sender having a DMARC. In an ideal world, every e-mail whose sender domain does not have a DMARC would be rejected. But nobody does that.
The problem is not that the options don’t exist, but that too few people use them and therefore you can’t enforce them on the recipient side.
The same with BGP and RPKI protection mechanism. The prevalence of RPKI is only 54%.
Nothing to do with each other, but it reminds me of IPV6: It was standardized in 1998 and the global distribution is still only ~50%.
1 Like