How Real of a Threat is SPIT?

by Bruce Stewart

The looming threat of spam invading IP Communications systems is getting a lot of hype lately in the business press, but many experts in the field are questioning whether this typically doom-and-gloom reporting about SPIT (for Spam over Internet Telephony) is justified. Ken Camp has a great post on the subject today over on Realtime-VoIP, taking issue with a recent Red Herring article on SPIT. As Ken points out, while lots of people like to talk about SPIT, the reality doesn't seem to be so dire and current VoIP systems do not appear to have experienced any serious troubles along these lines. Dan York and Jonathan Zar also discussed this issue on a recent episode of their Blue Box Voip Security podcast along with commentray on the topic by Rick Robinson, and came to similar conclusions.

While no one likes telemarketing calls (and just like regular spam it seems a little mind-boggling that it's an effective strategy to sell much of anything), it's unclear why current VoIP systems would be any more susceptible to such tactics than the PSTN. I've worked as a telecom manager for a large university and I can tell you that telemarketers have had the capability to identify and auto-dial large groups of consecutive DID numbers in non-VoIP settings for many years, it was a constant irritant. It's true that as we move to using IP-based communications systems, tighter computer integration becomes easier which may simplfy some telemarketing tactics, but in the end I think the result is the same. Unwanted marketing calls feel the same to VoIP or non-VoIP users. And I have to admit that although I was very skeptical of how effective it would be, here in California I've actually been pretty impressed with how well our Do Not Call list system has been working. Since getting on it I've seen my telemarketing calls reduced to practically none.

I'll admit that someone came up with a sexy acronymn here, and certainly IP-based networks have a host of security-related issues, but for the most part these issues are well-known and defensible, and aren't about spam.