top | item 45020857

(no title)

Sure, but my point still stands — you have more tools to work with in email. For what it’s worth, I can usually contextualize a message from the subject line and the sender’s address without needing to dive deep into headers. (Phishing is definitely a real problem, but it’s not unique to email in this discussion.)

Now compare that to the PSTN: what does 555-123-4567 really tell you? Not much. It’s just a string of digits with no inherent context. And unlike email, I can’t even choose to outright refuse delivery of a call at the network level.

discuss

kube-system|6 months ago

> Now compare that to the PSTN: what does 555-123-4567 really tell you?

It tells you exactly as much as the "from" field does in your email.

> you have more tools to work with in email.

Only if you're an engineer implementing a mail server configuration. But if you're implementing a telco you also have more tools to work with than a caller ID.

End users use DMARC/SPF the same way end users use STIR/SHAKEN... they don't. None of them are user-servicable values. And service providers use DMARC/SPF the same way end users use STIR/SHAKEN... they implement those controls for their users in the form of a managed service.

unsignedint|6 months ago

Even if I don't run my own mail server, I can still open an email header and see context. Last time I checked, I can't walk into a telco and ask for the telephone equivalent of that. On PSTN, there's nothing beyond a bare caller ID string, and that lack of context is exactly why I see it as a problem.

Email gives end users multiple signals and filters to work with. PSTN doesn't, and that's why I disagree with your equivalence.

mulmen|6 months ago

You have more tools because the market created them because it’s a federated protocol. The PSTN is a different case where market forces don’t align incentives with spam reduction. This is why regulators like the FCC exist.

unsignedint|6 months ago

I get the distinction you’re drawing, but that just brings us back to the same fork: if decades of FCC involvement haven’t produced a trustworthy caller identity system, then the reliance on regulation isn’t solving the structural weakness, it’s just propping it up.

At that point, we’re repeating the same values clash — you see regulation as a workable fix, I see it as evidence of fragility. I don’t think continuing this line is going to get us any further.