I just posted this message to the VOIPSEC mailing list, but I thought I would also post it here as I think it's an interesting question.

---

> Despite the incidents, I wonder how effective SPIT is from a marketer's
> point of view. In a spam email, the advertised website is only one
> click away, but with SPIT, spammers would have to be more creative using
> only voice messages. Simply asking people to write down a URL and access
> later doesn't sound effective. (Maybe effective for advertising
> pay-per-call numbers, if they are available on VoIP)

I found this note from Eric fascinating in that it points out a basic problem with the language we are using here. The term "SPIT" has entered our jargon and we say it is "SPam for Internet Telephony" but yet it actually has really nothing whatsoever to do with the "spam" that we are used to in e-mail.

It does make me wonder how many folks upon hearing the term "SPIT" will think that somehow we will now be receiving messages about various performance-enhancing products, watches, sons and daughters of deposed dictators, better mortgages, and various stocks that are sure to bring in millions of dollars.

Yet, to me and others with whom I have discussed this, "SPIT" is simply the sending over VoIP of all the standard telemarketing calls that we all have been receiving - usually at dinner or other inconvenient times - selling us potential vacation getaways, insurance, better mortgages, magazine subscriptions, soliciting donations for (questionable) charities, orwhatever other products or schemes people think we will buy or fall for.

(And I would be very interested to know if others have different interpretations.)

In my mind, there's no fundamental difference to the end user between the type of telemarketer calls that interrupt my dinner now over the PSTN and the type that would occur over my VoIP phone. Both interrupt my dinner
and both are trying to sell me stuff that I probably don't want. (And yes, you can tell by my attitude that I'm on the US do-not-call list.)

The only difference is on a technical end where it is just that much easier for the telemarketer to make the calls. Instead of having to pay for all the PSTN-connected lines, equipment, etc., and having the time delays inherent in the PSTN connection sequence, a telemarketer just needs a big fat pipe and appropriate software. (And needs there NOT to be appropriate identity standards that might prevent their actions.)

Other than that, it's the same unsolicited direct calling we get today.

But it does point out a difference in our language. At least here in North America, it seems that we generally use these terms for unsolicited direct marketing in various forms:

1. Regular postal mail  -  "junk mail"
2. Phone (PSTN)         -  "telemarketing call" or "telemarketer"
3. E-mail               -  "spam"
4. Instant messaging    -  "SPIM"   (have also seen this just called "spam")
5. SMS                  -  ??   (just "spam" or "SMS spam"?[1])
6. VoIP                 -  "SPIT"

Yet (to me, at least) #6 and #2 are essentially the same thing. Do we need to try to use a different term? (As if the headline writers of the world would let us retire a term as great for them as "SPIT"!) Any suggestions?

[1] Remember that I'm in North America where SMS isn't as big as the rest of the world... so I don't honestly get exposed to spam over SMS.

Tags: security, spam, spit, voip, voip security, voipsec, voipsecurity