SPIT anti-SPAM For VoIP

September 26, 2008

SPIT is the unfortunate acronym for Spam over Internet Telephony, a relatively new addition to the world of unwanted male enhancement creams and millionaire making schemes from Africa.

Most spam arrives by email but increasingly spam is being generated in VoIP communications, and the more VoIP grows, the more attention it gets from “We need you Barclay’s password” cybercriminals intent on annoying users of the system.

The problem with SPIT is the difficulty in detecting unwanted calls; after all you don’t know it’s SPIT until you answer.

There are organisations trying to deal with the problem, including Internet Engineering Task Force (IETF).

These anti-SPIT pioneers (there’s a phrase you don’t use very often) are attempting to spot SPIT calls (not possible after 5 beers) by looking to the source of the calls with the use of upstream SIP elements. These look for call attempts that have a “score” which makes then likely SPIT attempts.

Session border controllers (SBCs) can then be reconfigured between the originating and end use networks to determine the probability of SPIT.

Apparently a call that is examined electronically and found to have a score of zero would be put through to the VoIP customer, a higher score may mean the call is sent to a secure destination, and a high score would block the call.

Basically this system would examine each attempted call, decide if it looks like SPIT and reject it is it feels that it may be a SPAM call.

The big difference between this and previous SPIT killing attempts is that it looks at each call individually; previous ideas were based on email SPAM avoiding concepts.