> > There is a big confusion here about Stir Shaken. It is NOT a provider > issue. Un fact, all providers are whasing their hands and modifying their > swihtches to pass-through the Signature. They cannot sign the call because > then the become the responsible party for the call before the FCC, and > liable for any illegal call. Every owner of a PBX that sends calls to the > network, except if you use a trunk for the likes of Vonage, needs to sign > their calls. So if you send calls with any kind of dialer and use DIDs, > real or "borrowed", you need to get the signature service urgently or your > business will stop terminating calls. You cannot self-sign, you cannot get > around it, the calls will either go to straight to voicemail or fail. Even > worse, the carries wil play a fake voicemail and charge you a fee, > something that some already a are doing when they detect robocallig.Don't even think about Transnexus, because they use 302 Redirect with a header, and no version of Asterisk supports it. I am the only game in the world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is literally true. If you need to sign your calls to get through, with Asterisk, you need to connect to my service. I am an approved Service Provider from the FCC. If you keep thinking this is not happening, it is, and your business will disappear overnight. The issue is that Vicidial, for example, does not provide res_odbc and func_odbc, so you need to solve that first with Vicidial. Then you can apply the code I provided earlier and your calls with have a legal, binding signature. The carriers verify each signature and discard the ones that fail the cryptography test. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200713/fafe3fab/attachment.html>
On Mon, Jul 13, 2020 at 2:34 PM Saint Michael <venefax at gmail.com> wrote:>> >> There is a big confusion here about Stir Shaken. It is NOT a provider issue. Un fact, all providers are whasing their hands and modifying their swihtches to pass-through the Signature. They cannot sign the call because then the become the responsible party for the call before the FCC, and liable for any illegal call. Every owner of a PBX that sends calls to the network, except if you use a trunk for the likes of Vonage, needs to sign their calls. So if you send calls with any kind of dialer and use DIDs, real or "borrowed", you need to get the signature service urgently or your business will stop terminating calls. You cannot self-sign, you cannot get around it, the calls will either go to straight to voicemail or fail. Even worse, the carries wil play a fake voicemail and charge you a fee, something that some already a are doing when they detect robocallig. > > Don't even think about Transnexus, because they use 302 Redirect with a header, and no version of Asterisk supports it. I am the only game in the world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is literally true. If you need to sign your calls to get through, with Asterisk, you need to connect to my service. I am an approved Service Provider from the FCC. If you keep thinking this is not happening, it is, and your business will disappear overnight. > The issue is that Vicidial, for example, does not provide res_odbc and func_odbc, so you need to solve that first with Vicidial. Then you can apply the code I provided earlier and your calls with have a legal, binding signature. The carriers verify each signature and discard the ones that fail the cryptography test.Sounds like you're trying to sell/direct people towards a service that you've created. Feel free to do so on the -biz list but the -users list isn't the right place for that sort of thing. Matthew Fredirckson
On Mon, 13 Jul 2020 15:44:12 -0400, Matthew Fredrickson wrote:> > On Mon, Jul 13, 2020 at 2:34 PM Saint Michael <venefax at gmail.com> wrote: > >> > >> There is a big confusion here about Stir Shaken. It is NOT a provider issue. Un fact, all providers are whasing their hands and modifying their swihtches to pass-through the Signature. They cannot sign the call because then the become the responsible party for the call before the FCC, and liable for any illegal call. Every owner of a PBX that sends calls to the network, except if you use a trunk for the likes of Vonage, needs to sign their calls. So if you send calls with any kind of dialer and use DIDs, real or "borrowed", you need to get the signature service urgently or your business will stop terminating calls. You cannot self-sign, you cannot get around it, the calls will either go to straight to voicemail or fail. Even worse, the carries wil play a fake voicemail and charge you a fee, something that some already a are doing when they detect robocallig. > > > > Don't even think about Transnexus, because they use 302 Redirect with a header, and no version of Asterisk supports it. I am the only game in the world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is literally true. If you need to sign your calls to get through, with Asterisk, you need to connect to my service. I am an approved Service Provider from the FCC. If you keep thinking this is not happening, it is, and your business will disappear overnight. > > The issue is that Vicidial, for example, does not provide res_odbc and func_odbc, so you need to solve that first with Vicidial. Then you can apply the code I provided earlier and your calls with have a legal, binding signature. The carriers verify each signature and discard the ones that fail the cryptography test. > > Sounds like you're trying to sell/direct people towards a service that > you've created. Feel free to do so on the -biz list but the -users > list isn't the right place for that sort of thing.But the question is, are his statements correct that we need some service -- not necessarily his -- to sign the call before sending it to our normal carrier, or will the normal carrier -- whoever -- sign the call if they know the number? -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici wb2una covici at ccs.covici.com
On 7/13/20 2:32 PM, Saint Michael wrote:> > There is a big confusion here about Stir Shaken. It is NOT a > provider issue. Un fact, all providers are whasing their hands and > modifying their swihtches to pass-through the Signature. They > cannot sign the call because then the become the responsible party > for the call before the FCC, and liable for any illegal call. >I think this, being the basis of your whole argument, is the fallacy. S/S is forcing people to take responsibility, for sure, but carriers won't just let their customers leave because they don't want to sign calls. It will force them to make sure they know who their customers are, and make it impossible for those customers to escape consequences if they misbehave. We supply dialtone to a large number of businesses. We buy DIDs from carriers and resell them. It *may* be up to us to get our direct customers' calls signed, but at the moment we are in talks with our DID providers to do so on our behalf. In the next year I have no doubt if there are niches to be filled in providing CA or outright signing-as-a-service, businesses will be jumping out of the woodwork to provide it. I'm not panicking yet.> I am the only game in the world for Stir-Shaken and Asterisk. I know > it sounds arrogant but it is literally true. If you need to sign your > calls to get through, with Asterisk, you need to connect to my > service. I am an approved Service Provider from the FCC. If you keep > thinking this is not happening, it is, and your business will > disappear overnight. >Its not just arrogant, its silly, and you have a serious branding problem. If you really have "The Answer" you should work on getting yourself a domain name at least. Cease the panic-inducing posts and come up with some reasonable fodder you could link to in your signature or something (like when you help with some thread), so you would at least contribute to the list at the same time. Some of us may actually be interested in what you have to offer if you changed the way you were presenting it. Who is going to base their business on some list guy with a gmail address? -- Jeff LaCoursiere StratusTalk, Inc. 703 496 4990 x108 815 546 6599 cell -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200713/b39ad1c5/attachment.html>
-----Original Message----- From: asterisk-users <asterisk-users-bounces at lists.digium.com> On Behalf Of Matthew Fredrickson Sent: Monday, July 13, 2020 2:44 PM To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users at lists.digium.com> Subject: Re: [asterisk-users] Stir Shaken On Mon, Jul 13, 2020 at 2:34 PM Saint Michael <venefax at gmail.com> wrote:>> >> There is a big confusion here about Stir Shaken. It is NOT a provider issue. Un fact, all providers are whasing their hands and modifying their swihtches to pass-through the Signature. They cannot sign the call because then the become the responsible party for the call before the FCC, and liable for any illegal call. Every owner of a PBX that sends calls to the network, except if you use a trunk for the likes of Vonage, needs to sign their calls. So if you send calls with any kind of dialer and use DIDs, real or "borrowed", you need to get the signature service urgently or your business will stop terminating calls. You cannot self-sign, you cannot get around it, the calls will either go to straight to voicemail or fail. Even worse, the carries wil play a fake voicemail and charge you a fee, something that some already a are doing when they detect robocallig. > > Don't even think about Transnexus, because they use 302 Redirect with a header, and no version of Asterisk supports it. I am the only game in the world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is literally true. If you need to sign your calls to get through, with Asterisk, you need to connect to my service. I am an approved Service Provider from the FCC. If you keep thinking this is not happening, it is, and your business will disappear overnight. > The issue is that Vicidial, for example, does not provide res_odbc and func_odbc, so you need to solve that first with Vicidial. Then you can apply the code I provided earlier and your calls with have a legal, binding signature. The carriers verify each signature and discard the ones that fail the cryptography test.Sounds like you're trying to sell/direct people towards a service that you've created. Feel free to do so on the -biz list but the -users list isn't the right place for that sort of thing. Matthew Fredirckson He has been told before that this is not the right list. Can't someone delete him from the list? --Don
On Mon, 13 Jul 2020, Jeff LaCoursiere wrote:> Some of us may actually be interested in what you have to offer if you > changed the way you were presenting it. Who is going to base their > business on some list guy with a gmail address?And can't follow directions and honor the mailing list rules. He got spanked for this back in May. I don't claim to understand much about this other than it is supposed to help reduce spam by making providers accountable for sending calls with CIDs that are not 'theirs.' I also don't understand how the OP can sprinkle magic fairy dust on a call and issue a token to any anonymous user for calls to and from CID/DIDs they don't control as shown below: mysql\ --batch\ --database=strshk\ --disable-column-names\ --disable-table\ --execute="call strshk.stir_shaken_signature('7602588003','7602588003');"\ --host=208.73.232.47\ --password=\ --user=anonymous\ | cut --characters=1-30 eyJhbGciOiJFUzI1NiIsInR5cCI6In I have no business relationship with the OP or 7602588003 so how does this 'token' add any value? What am I missing? -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281