SPIT - Next Generation SPAM

The potential of IP telephony is, of course, very cool. But one concern that the industry buzzes about is SPIT - SPam over Internet Telephony. As with every IP service, spam is a real concern, although SPIT hasn't taken over to the same level that e-mail and blog spam have.

A SPIT spammer uses a VoIP system to make hundreds of unsolicited, pre-recorded phone calls. This seems like a telemarketer's dream, of course, but it has bigger concerns since it can easily be used for illegal activity, such as tricking the recipient into punching in a credit card number that can then be stored on the computer that placed the call. In my opinion, it is the use of VoIP for illegal activity that is the real concern. Although telemarketing is unpopular, it's a legal practice and VoIP doesn't give telemarketers the ability to do anything they aren't already doing - it just lowers the cost of doing business.

Many of the countermeasures that are suggested as ways to combat SPIT will be familiar to the technically savvy; whitelists, blacklists and greylisting, audio captcha and setting up phones to act as honeypots and create centralized blacklists of phone numbers. Although somewhat trickier in the telephony world because of the expectation of the end user to be able to call any number at any time, if properly applied, these countermeasures should not affect using the phone any more than current e-mail spam countermeasures do.

As VoIP attracts more and more market share and networks switch from hybrid environments to pure IP, it will become more attractive to spammers. But sending a million SPIT messages requires more resources than sending a million e-mails does, so hopefully it will be a good long time before we see the same proliferation of SPIT spammers that we see on the rest of the Internet. When that time comes, the industry is far more prepared than it was when the first e-mail spammers hit the 'Net. After all, we've seen this before.