Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Source number authorization depends on how the messages get to the carrier and how the carrier has things setup. At the end of the day, there's a lot of trust though; and a lot of connections would be difficult/expensive to confirm that the connection is authorized to send messages from the sources they're using.

Think of BCP38 for IP spoofing, but for number spoofing. If you get an appropriate country mobile number from a carrier in that country, are you going to pay for a portability lookup to confirm that carrier is the authorized carrier for that number? Does that carrier check source numbers for all of the connections they have?

Some of the aggregators are good at checking sources, and some aren't, but aggregators are often authorized to send messages from many different countries, so they're likely to have their connections unchecked, because keeping the list updated is hard. It's like IP transit, but a lot worse.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: