[VoiceOps] Voice Peering

Wed Oct 25 13:22:13 EDT 2023

Who can source email from a domain is more-or-less a solved problem by 
using DNS SPF records.

An SPF record is a list of IP addresses[1] that is allowed to send email 
for a domain.  When an email server receives an email, best practice is 
to do a DNS lookup for the SPF of the alleged sender domain.  If the 
server attempting to send the email is not mentioned in the SPF, then 
you can reject the incoming email.

Does anybody know if something like SPF has been adapted to voice?

For example, say anything from 54.239.16.0/24 is allowed as that is 
where your phone switches are.  And 20.112.88.88/29 can also make calls, 
as that is one of those School Auto-Dialer services[2].  (Or whatever, 
make up your own scenarios.)

When you receive calls, you would need to do a DNS lookup to get the 
list of allowed senders.  If it's not in the list, reject the call.

The exact query, and who we are querying, is a good question, though. 
Who owns the phone number?

Anyways, say your system is getting a call from 555-555-1234.  So you do 
a DNS query against...I do not know.

   dig TXT 4.3.2.1.5.5.5.5.5.5.i-do-not-know.....

And say you got this back from the DNS query:

   "v=spf1 ip4:54.239.16.0/24 ip4:20.112.88.88/29 -all"

If the server sending you the call is not in 54.239.16.0/24 or 
20.112.88.88/29, then reject the call.

[1] An SPF record can have more than just IP addresses, but can also 
"include" other domain names.
[2] You might do your DNS in such a way, that 20.112.88.88/29 is only 
returned for the specific number(s) that you expect them to be sending 
from, not ALL of your numbers.

Further reading:
https://en.wikipedia.org/wiki/Sender_Policy_Framework
https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/
https://support.google.com/a/answer/10685031?hl=en