In email the From: address rarely delivers the mail. From: and To: are the ones that you see in your mail client and correspond to the addresses on the letter within.
For example here are some headers from some spam I received:
From: is what I see in my client and Reply-To: is where a reply would go to.
This one is much better, note how I'm BCCd and To: is complete bollocks:
Reply-To: dr.ahmed.faruk@outlook.com
From: Dr Faruk Ahmed <dr.faruk.ahmed1@gmail.com>
Subject: MANAGER AUDIT AND ACCOUNT DEPT
To: undisclosed-recipients:;
BCC: <gerdesj@blueloop.net>
Return-Path: dr.faruk.ahmed1@gmail.com
Given that Reply-To and Return-Path are in different domains, where would a reply go to?
What about an out of band verification by the carriers?
Basically a large registry. When I call someone I tell t-mobile who I'm calling, and they register it. Then on the receiving end Verizon checks with T-mobile or a central registry, and says yep James's number is calling this number. Then it marks it as a verified call.
iOS/Android could do something like this. You register your number with Apple/Google and link your account with them. When you call someone you set a field on your account that you're calling someone. When the person who you're dialing gets rung, their dialer can look up Apple/Google and see if that number was indeed calling them, and add a "verified" checkmark to the call.
This leads down a privacy/metadata rabbit hole, but there are probably ways to make this a lot better. In any case, the phone OS can do some out-of-band signaling and just avoid dealing with the carriers altogether.
Although if you're doing all that then why not just make a call using voip...
Even with all these high profile settlements, it's still not stopping the problem.
Just today, we (Nomorobo) see 25 different numbers pushing Windows tech support scams. It's like that every. single. day.
This is an emergency call from Windows Microsoft. Your Windows license key have been expired all services are suspended on your computer. To renew call our toll free 1-877-231-6134.
I hadn't heard of your service and just looked at it. If you're willing, a few questions I didn't see answered on the website:
From what I can tell, every incoming call rings simultaneously on the user's phone and Nomorobo's systems. If Nomorobo detects a blacklisted number, you pickup the call, play a 'you've been blocked' message, and hangup. Is that basically correct?
So Nomorobo ends up with a log of all my incoming calls. What happens with that data? Nomorobo is free for landlines (which I think means VOIP lines); is data collection the tradeoff?
Also, can I submit a whitelist, to prevent important numbers from being blocked? And is that list confidential?
Finally, do you work with old-fashioned POTS landlines? I'm interested in Nomorobo for an elderly couple who still have POTS.
Happy to talk about the landline product. Just for clarification, the mobile product works completely differently.
1. Yes, pretty much. Here's a more in-depth answer to what happens when the call is answered - http://www.6083716666.com/
2. Yes, we do get a log of the incoming calls. We use that to analyze the high frequency calling patterns across millions of phone lines and build the blacklist. The more people that contribute, the better the algorithm gets.
3. We globally manage the whitelist and good robocalls (school closings, pharmacies, doctors offices, etc)
4. We don't work with POTS lines yet. The older technologies are tougher to protect than the modern ones.
