[VoiceOps] Voice Peering
Mike Johnston
mjohnston at wiktel.com
Wed Oct 25 13:22:13 EDT 2023
Who can source email from a domain is more-or-less a solved problem by
using DNS SPF records.
An SPF record is a list of IP addresses[1] that is allowed to send email
for a domain. When an email server receives an email, best practice is
to do a DNS lookup for the SPF of the alleged sender domain. If the
server attempting to send the email is not mentioned in the SPF, then
you can reject the incoming email.
Does anybody know if something like SPF has been adapted to voice?
For example, say anything from 54.239.16.0/24 is allowed as that is
where your phone switches are. And 20.112.88.88/29 can also make calls,
as that is one of those School Auto-Dialer services[2]. (Or whatever,
make up your own scenarios.)
When you receive calls, you would need to do a DNS lookup to get the
list of allowed senders. If it's not in the list, reject the call.
The exact query, and who we are querying, is a good question, though.
Who owns the phone number?
Anyways, say your system is getting a call from 555-555-1234. So you do
a DNS query against...I do not know.
dig TXT 4.3.2.1.5.5.5.5.5.5.i-do-not-know.....
And say you got this back from the DNS query:
"v=spf1 ip4:54.239.16.0/24 ip4:20.112.88.88/29 -all"
If the server sending you the call is not in 54.239.16.0/24 or
20.112.88.88/29, then reject the call.
[1] An SPF record can have more than just IP addresses, but can also
"include" other domain names.
[2] You might do your DNS in such a way, that 20.112.88.88/29 is only
returned for the specific number(s) that you expect them to be sending
from, not ALL of your numbers.
Further reading:
https://en.wikipedia.org/wiki/Sender_Policy_Framework
https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/
https://support.google.com/a/answer/10685031?hl=en
More information about the VoiceOps
mailing list