We've run into this issue with replies to texts that the user sent first.
Telecom spam filtering seems to be a ridiculously primitive and wide net. I can't imagine a valid use case for dropping a text sent to a number when that number just sent you a text a few seconds before.
I don't understand why SMS spam has such a big issue with false positives compared to email spam when emails are practically free to send but SMS is much more costly.
(Yes, I know there are a lot of false positives on email too ... but we run into false positive SMS spam issues a lot even though it feels like it should be a much simpler problem to solve).
Perhaps their blocking systems are stateless, i.e they don't bother doing a lookup of communication histories because it's expensive when you're dealing with millions of texts an hour. They just run each one through a bunch of rules and drop matches.
I believe that, completely. But keyword silently blocking is an objectively bad approach. Tell the sender it failed if you're so keen to do so. Or tag it with a big POTENTIAL SPAM at the beginning of the message and send it. Or literally any of the dozens of smarter ways of content filtering than (if .xyz in y).
Bad actors are why we can't have nice things. Think of how simple, clean and efficient computing would be if we didn't have to keep criminals and idiots at bay.
Very interesting. I definitely get phishing SMS messages from time to time, but I didn't realize these were some of the very few which actually made it through. Any idea how these bad actors are able to send out these massive batches of spam SMS? My naiive guess would be bulk purchasing disposable SIMs but I imagine it's more sophisticated?
It's whack-a-mole where game is skewed wildly towards the moles.
Basically there are tons of VOIP companies, with varying levels of give-a-shit and spam detection capabilities.
Generally they are incentivized to let people self-serve on their platform - spin up quickly and start running traffic, or blasting spam, whatever. Especially if you're a small company, you're probably more likely to look the other way for a bit if someone is spending money on your platform, until regulators call, and you can be like "ok we looked into it and shut them down".
Also you don't want to be overly aggressive, because what if a great customer comes onto your platform, loves the ease of setup, and starts running legitimate traffic, then you shut them down because they were triggered by whatever crappy spam heuristics your small company came up with, and the customer is gone to another platform where they don't have to deal with that.
Then the company/group running the traffic moves onto other VOIP providers until they get a bad enough name or push the envelope so much that no one will take them.
Then they just create a new "company" that no one recognizes the name of, and start again.
Honestly I think an open sourcing of spam detection heuristics and algorithms would be a massive help, but companies that are good at this obviously see it as a competitive advantage, just like the email space - for example if Twilio is great at keeping spam off their platform (no idea if they are, but they would have the most resources to do so), then all numbers registered with Twilio are less likely to get flagged/blocked downstream - all Twilio customers benefit.
Twilio can say "any number you buy with us will be considered clean by downstream parties, no need to worry about getting flagged/blocked, then having to change the numbers you use for your business to communicate with customers, which could be saved in their phone already, etc."
The patterns spam takes vary wildly, often being specific to telecom laws and practices in specific jurisdictions, so it really is a tough problem. If an algorithm flags spam, you often want to then reach out to the customer and try to understand if there's a legitimate reason for the traffic patterns, etc. So there's a layer of customer relations beyond the algorithms that's also tough to scale.
There's already an opt-out legal framework in place for marketing calls. Mass sending SMS spam to opt-outs is illegal. Prosecute the crime. It makes zero sense to try to guess from content.
If I had a spam texts folder that showed me everything I was being blocked from, I'd both appreciate it and not feel this massive breach of trust that things being sent to me are being completely ignored by a third party system.
The system that does this is absolutely primed for censorship, and we have no way to know it's not being used.
1) Neither the SMS protocol nor any phone I've ever seen has any mechanism to file messages in "folders".
2) Processing SMS messages and delivering them to subscribers has a cost. Doing so for high-volume junk messages would place a significant burden on carriers.
3) Most carriers used to charge subscribers for receiving SMS messages. Some still do! Charging subscribers to receive spam SMS messages would be, quite rightly, called out as inappropriate.
> 1) Neither the SMS protocol nor any phone I've ever seen has any mechanism to file messages in "folders".
My phone (ROG Phone 3 w/ Android 11) automatically flags spammy texts into a "Spam & Blocked" folder, I assumed this was a stock Android feature - is it not?
1 and 2: true (to a degree, phones sort messages by sender which is a folder), but if a SMS already reached the provider they have the data. No need to send spam to the client. Instead display the SMS on some webinterface the customer can access. Or email it.
I'm not opposed to spam filtration as a user default, but doing so silently without any indication of what is being filtered or ability to verify it is working is not acceptable for such a vital messaging system.
I've personally noticed a lot of phone text spam being FROM email addresses recently. I think they are just abusing some feature in MMS, though, not SMS. It's weird seeing a list of phone numbers (usually SMS two-factor), some contacts' names that I have entered in, then a ton of random email addresses on my texting app (standard Android Messages app).
Telecom spam filtering seems to be a ridiculously primitive and wide net. I can't imagine a valid use case for dropping a text sent to a number when that number just sent you a text a few seconds before.
I don't understand why SMS spam has such a big issue with false positives compared to email spam when emails are practically free to send but SMS is much more costly.
(Yes, I know there are a lot of false positives on email too ... but we run into false positive SMS spam issues a lot even though it feels like it should be a much simpler problem to solve).