Of the robocalls and text message spam that I tracked back to the originating carrier (OCN), by far the two largest source carriers were:
1. Commio and its subsidiaries Teli and thinQ (commio.com and teli.net)
2. Telnyx (telnyx.com)
If the FCC reads this comment: look into those two. In particular, both companies do a poor job of policing their resellers/affiliates. Even when a recipient is savvy enough to find the source OCN and report it to them, the spammers just move from one reseller to a different reseller of the same carrier.
Both carriers know this and look the other way, since it's cheaper than than investing more resources (content blocking, tighter velocity limits, carrier-verified opt-in) or removing the resellers who repeatably sign up spammers. Twilio was in the top 5, but as a % of their total traffic, nowhere near Commio/Teli and Telnyx.
(And if the FCC is reading this, a wish: add a "SPAM" or "ABUSE" SMS keyword that carriers are required to process. Operationally, it would behave similar to "STOP", with a couple differences: it would be entirely processed by the carrier; the carrier would be required to respond with the name and full contact info of both the carrier and their customer; and it would give responsible carriers a way to hear about/act on abuse complaints. Right now, 10DLC spam is so hard for regular people to track that abuse mostly goes unreported.)
Troy, appreciate the post, and I 100% understand your frustrations. I work at Commio and wanted to respond. Apologies in advance for the long explanation, but I think it will shed some light on the current state of cloud voice.
Fraud, abuse, and unwanted calls are unacceptable, and, like the many companies standing between companies placing calls and consumers receiving them, we take all such reports very seriously. We offer a Report a Number link on our website so any unwanted call placed using a number we sold can be investigated, traced, and action taken to shut down the traffic.
Commio (thinQ/teli) was a member of the Federal Communications Commission’s task force to combat fraud and robocalling and we are an active member of the working groups resulting from that task force. In addition, we have implemented STIR/SHAKEN protocols to help stop fraudulent calling from spoofed numbers, and are also set to launch one of the first branded calling solutions to enable brands to fully sign and vet their calls, preventing spoofing once and for all. 2025 is going to be one for the record books.
Who is Commio: Commio does not make any calls to consumers and generally only provides a network interconnection “bridge” between a calling party’s telecom provider and a called party’s telecom provider. We provide voice interconnection services to other telecom carriers, enterprises, and cloud platforms. We provide service to virtually every major national carrier in the United States. We also provide interconnection services to VoIP providers. We essentially carry phone calls between all of these telecom companies. As part of our service, we also provide telephone numbers to VoIP providers, who then assign these numbers to their end-user subscribers. We provide phone numbers to these VoIP providers because regulatory restrictions limit their ability to obtain their own phone numbers.
How We Can Help: Commio does not provide service to individuals and, by law, is prohibited from knowing the identities of our customers’ end users. Because of this, we must forward most abuse reports we receive to the service provider to whom we have assigned the number in question. We will promptly send your report to the appropriate service provider and request they promptly commence an investigation.
Please also note that our services are not exclusive, and just because a number comes back to Commio (thinQ/teli), it does not mean we carry all traffic for the originating provider. Our service-provider customers have the option to use other carriers to transport some or all of their calls. When our service-provider customer sends voice traffic to another carrier, the call does not touch our network.
In some cases, we can provide you with contact information for our service-provider customer. If that option is available, Commio will send you an email with the service-provider’s contact information so that you can work directly with them to resolve your complaint.
Sometimes, our customers will investigate a report and determine that the calling number has been “spoofed.” Caller ID spoofing occurs when the caller inserts a falsified number into the call stream so that your Caller ID shows a phone number that did not make the call. When this occurs, neither we nor our customer will actually know what number or person made the call. Please understand disconnecting a spoofed number will not stop the calls you are receiving because that number did not make the call – it is simply fake Caller ID information sent to your phone.
If you need additional information about spoofing or stopping unwanted calls, the Federal Trade Commission (www.ftc.gov) and Federal Communications Commission (www.fcc.gov) have both posted information and tips on their websites to help consumers including information about call blockers, the national Do Not Call Registry (www.donotcall.gov) and how to report numbers associated with scam calls.
I would also strongly urge you to contact your local law enforcement agency for assistance if you receive fraudulent, abusive or threatening communications and you are concerned about your safety.
Troy, thanks for listening, and feel free to reach out to me anytime: tim (at) commio.com.
(Update: Commenter "homero" mentioned that Twilio's CNAM API response includes the carrier: https://support.twilio.com/hc/en-us/articles/360050891214-Ge... . Twilio's docs make it sound like this API does incorporate mobile number portability, which is what you need, but I haven't personally verified. Can anyone from Twitter confirm that the LNP info is at least near-realtime?)
You'll need either access to an SS7 routing system or, more likely, an HTTP API that exposes 10-digit number routing info. Google for '10 digit OCN lookup' or 'realtime CNAM lookup API' and you'll be on the right track. You need one that handles mobile number portability. Most APIs charge a small per-query fee because it's not static data. Any one number can be ported at any time and the only way to know is to see where (in SS7) it's actually routed.
And be aware that there's a fair number of gotchas. I have a lot of experience in the telco world[1]. The two big gotchas are:
1. Inbound and outbound carriers can be and often are different, and outbound caller ID can be spoofed. The source number on an SMS from a 10-digit number (a "10DLC" SMS) is much, much less likely to be spoofed than the caller ID on a robocall. You can fairly reliably report source numbers on SMSes.
To keep it simple, consider starting by reporting SMSes.
For robocalls, expect that many robocall CIDs are spoofed, and the most interesting robocalls are the ones that ask the recipient to contact them at the same number. Or, where both the CID and the callback/contact number are DIDs from the same carrier.
2. Number portability means that all the old static databases (LERG and NPA-NXX-Y Number Pooling[2] databases) aren't enough. One phone number might be routed to one carrier and the sequentially-next number might be routed to a completely different carrier, and either of them might change the next day.
This is just the start - there are other gotchas and a pretty significant learning curve. Stay polite and professional, assume good intentions, and assume you're wrong about something.
Plivo's API above is updated on a daily basis for portability information.
Caller ID as you mention for voice calls is quite easy to spoof, however with the STIR SHAKEN rollout, the intention is to make carriers accountable. SMS however with 10DLC is almost impossible to spoof the number.
This discussion and the parent comment isn’t about whether they allow porting numbers. It’s about whether a number information API (CNAM) - where you’re querying for information about a number you don’t own - includes the carrier that a number has been ported to.
Update for anyone who finds this thread: Both Twilio and Plivo offer self-service APIs to find out which carrier a US number is routed to. Query for the source number of an SMS spam or the number that a robocall tells you to call back on, then email your abuse report to the carrier.
One thing I do to exert some control is use WHOIS to find out who their domain name and web hosting providers are and forward them the phishing texts. I've gotten multiple domains revoked through this process (though I've also been ghosted plenty).
Doesn't help if there are no domains linked, and I'd still love to attack their SMS instead because I suspect that's harder to replace.
In a similar vein I've had success surprisingly often when reporting spam email domains to the hosting company and Google safe browsing, which gives a big red warning page when someone tries to access the site (in Firefox and Chrome at least).
Wait, are you reporting those sites to Google safe browsing because of malware or phishing content? If so, great. But if they're just a source of spam I don't think you're supposed to be doing that.
I call the spam texts (hi Bob, it's Alice, we met last night type) and it's usually a Google voice number that want you to sign up for their whats app channel. I now text back them that we met last night and they can join my crypto investing WhatsApp group and I've gotten a lot less sms spam as a result. Must be on their black list now
I use Lookify.io which lets you look up a carrier without creating an account - you can also see if anyone else flags it as spammy but who knows if the reports are anything other than anecdotal
I’m in Europe and hardly ever receive unsolicited SMS or phone calls. Somehow, at least to me, this seems like a US problem. Why is that? What does EU do that it is not a problem here? Or does it just mean that we have a ‘business opportunity’ here?
I think it might be because in Europe the sender pays for SMS messages, but in the US, apparently the recipient pays for SMS messages (!)
AIUI, this is because in the US they don't set aside different prefixes/area codes for mobile/cell numbers, so when they were first introduced and mobile calls cost more, it was unfair to bill callers extra because they had no way of knowing they would be calling a mobile number. Therefore, they put the extra cost onto the receiver of mobile calls. With this billing expectation in place, they put the cost of SMSs onto the receiver also.
It does mean that in the US, businesses sending SMSs to individuals are supposed to go through a "double opt-in" process and have really easy opt-out procedures, on pain of the FCC having some kind of punitive actions available. But I guess they must not be working, or something.
The caller/sender always pays something, but in the US the recipient pays extra for their technology, and in most of Europe, the caller/sender pays and so the numbering plan makes it easy to identify what calls will cost more. (Although, there are German sims setup to use landline numbers so that callers can pay landline rates, presumably the recipient pays for calls in both directions on those sims?)
The US environment led to prices trending to under a penny to send an sms or make a one minute phone call. IIRC, FCC rules say telephone carriers can no longer charge other telephone carriers for calls at all, the wholesale price is zero (+ connection costs).
On the other hand, in Europe, sending an SMS or calling a mobile phone for a minute is closer to 10-20 cents. That's a lot costlier, and then you've got a lot more languages to support, and different payment preferences per country. Easier to just target English and the US.
> there are German sims setup to use landline numbers so that callers can pay landline rates, presumably the recipient pays for calls in both directions on those sims?
The interconnection rates used to be an important source of income for mobile operators (some of them would even pay their prepaid users, not paying any monthly fee, a bonus per incoming minute of calls!), but these days, mobile and landline interconnect rates have almost converged, as far as I can tell.
If you look at Twilio's pricing [1], because it's easy to link to and mostly reasonable, it's 0.0150 USD/min to landlines, and 0.2380 USD/min to mobile phones (calls to EPlus are higher). That's 15x the cost, far from converged. Although, I do see if you're calling from EEA, the price drops down to 0.04 USD/min, which is much closer, so that's close to convergence.
Mobile terminated calls have interconnection fees no higher than 0.4 cents per minute in Germany (i.e. 0.004 EUR!), with no distinction between the three networks.
E-Plus also hasn't existed as an independent entity for quite some years now; they were acquired by Telefonica/O2 in 2014.
Seems like Twilio is charging quite the margin there, based on vastly outdated pricing...
The baseline is landline calling, for landline, caller pays (unless it's toll free, or other reversed charging).
If you call outside your local area, that's a bigger charge, at least historically.
But, cell phones are more expensive to run than landlines (historically, anyway), so the question becomes who pays that extra expense when someone calls a cell phone. You can do caller pays, and then typically have mobile numbers in a separate part of the numbering plan and cell phones receive free incoming calls; or you can do recipient pays and mobile numbers are usually mixed into the numbering plans and cell phones have to pay for incoming calls.
As time goes by, costs go down, but caller pays carriers have an income stream from incoming calls that's harder to drive down with competition. Few people are going to switch carriers so it's less expensive for others to call them. Especially if retail plans tend to bundle things.
But for recipient pays carriers, there is competition among carriers to make it less expensive for their customers to receive calls, and now most US carriers offer unlimited talk and text on retail plans on most plans, even low cost plans.
No, it's not. But the difference is in the caller pays model, there's no mechanism to reduce the inter-carrier cost. Retail cell phone carriers can hide that cost from their users, because balance of calling usually works out --- most users probably get about as many incoming call minutes from other carriers as outgoing call minutes to other carriers, so revenue from calls roughly matches costs from calls. For voip carriers it's different --- they can't charge other carriers a high rate for incoming calls (because voip is low cost), and they have to pay mobile carriers a high rate to terminate calls. So, retail cell phone users end up in the same boat of low cost "unlimited" calling, but business users have to pay 10-20 cents a minute (depending on the country and the tariffs allowed)
High cost is an effective anti-spam technique, but it also raises costs for legitimate business uses.
The mechanism is "regulation". EU intercarrier fees are limited to 0,4 cents per minute (lower for non-mobile networks), so they can not be a big part of the "10-20 cents" carriers might bill their business customers.
This was definitely true at some point, but I don‘t know any plan (including prepaid) that charges for incoming SMS anymore these days.
That said, unlike in Europe, there are also effectively no truly free (i.e. no monthly fee) prepaid plans in the US.
So in a way, you could also say that users are still sharing the cost of inbound texts, although at an implied flat rate (blended into the monthly minimum that exists even for pay-as-you-go plans), rather than per message.
> It does mean that in the US, businesses sending SMSs to individuals are supposed to go through a "double opt-in" process and have really easy opt-out procedures, on pain of the FCC having some kind of punitive actions available. But I guess they must not be working, or something.
Technically, the FCC cares about as much about unsolicited robocalls as they do for unsolicited SMS messages for the TCPA. And the penalties can add up quickly; $500-$1,500 USD -per violation-, not per person you violated the TCPA (IOW, if your automated system sends 10 texts to 10 people that it shouldn't have, it's potentially $50,000-$150,000 and not $5,000-15,000).
The upshot for -consumers-, is that there are lots of hungry TCPA lawyers that will happily take your case. Some people even try to file claims themselves, even if it may not be fully legitimate[0].
The issue with robocalls, versus SMS messages: I've found that even if you follow the TCPA 'Script', you'll at best wind up in a weird state in the robocaller's system where they will still call you, but the system immediately disconnects. On top of that, the numbers are often spoofed anyway[1] so it's difficult to get the right number. AFAIK SMS messages, it's harder to spoof the number.[2]
[0] - 'Illegitimate claim' can range from "Somebody didn't pay attention to a box they checked on an online form" to "Welp this guy's going to jail for stalking... I guess stupid criminals do exist."
[1] - IDK if SHAKEN/STIR will help much, but here's hoping
[2] - OTOH There is a real problem with numbers getting 'poached', even if they are already registered with a VOIP carrier that follows all the proper processes around porting. One bad actor makes it easy to mess up the system.
> I think it might be because in Europe the sender pays for SMS messages, but in the US, apparently the recipient pays for SMS messages (!)
That explains all the weird messages apps show about verification SMS "incurring charges"! Back in high school I avoided so many apps for no clear reason because I was afraid I needed to pay a fee every time I used these apps and only found out years later that none of that stuff would've cost me anything.
A service where you have no real say in the charges you need to pay when someone else contacts you through it sounds so crazy to me! I'm pretty sure most people in most countries don't get charged per SMS anymore, though.
I was a micro-entrepeneur, or auto-entrepeneur, in France, and unsolicited calls and messages started the very next day I registered. Don't ask me the about the email spam.
I’m in Europe and hardly ever receive unsolicited SMS or phone calls. Somehow, at least to me, this seems like a US problem.
Every single time the subject of robocalls or spam texts is brought up on HN, someone claiming to be from Europe shows up to ask why it's a U.S.-only problem.
Then people from Germany and France and Greece and the U.K., and elsewhere in Europe show up and say how they have to deal with it, too, and it's not just an American thing.
In my RSS feed are several European news sources, and they all talk about robocalls occasionally.
Who are these apparently very few people in Europe who allegedly have never dealt with telephonic spam, and why do they always feel the need to talk about their personal situation when it has no bearing on the discussion at hand?
You state that you "hardly ever receive unsolicited SMS or phone calls."
I'm in America, and I too get unsolicited messages "hardly ever": about one unsolicited SMS per month, and spam phone calls about six times a year on my work phone, and maybe once each year on my personal phone. Don't delude yourself into believing that every phone in the nation is flooded with spam all the time.
I spend roughly 50% of time in Canada and the other 50% in Europe, mostly Czech Republic.
I have two phones, and usually just put the one for the country Im not currently in on a charger and hide it away in a drawer, and take it out only when Im packing to go to the other continent again.
The Canadian phone usually gets 50-100 spam messages and missed calls during the 2-3 months Im not using it.
The Czech phone has never had a spam message or missed call on it ever.
I dont see why strories like this would have no bearing on this discussion. Its relevant, anecdotal evidence.
It's not relevant or useful, though. You're telling us a story about how you use those phones, the implication being that it's unlikely that those numbers have made it onto spam lists because of your usage patterns.
But carriers recycle numbers, often pretty quickly after someone ends their service. The number on the Canadian phone of yours may have previously belonged to someone who plastered the number all over the internet, and used it to sign up for a bunch of things run by people who had no qualms over selling their customer data to spammers.
So no, these stories are not particularly relevant or useful, because they can never take into account the full history.
My phone number is all over the internet - it was listed as the contact number for our company for about a decade. I occasionally receive an unsolicited call from a human trying to sell something business related, but no robocalls or anything. I don’t know anyone who does receive any. It’s anecdotal evidence, but there’s a trend. It’s useful.
One of the reasons I can imagine is that the Bundesnetzagentur is actually pretty quick about disconnecting abusers.
But like.. Im not claiming its the while story, but definitely a piece of it.
And you just took the info I provided, and added another piece of the puzzle. The observation that more spam exists in US/Canada still applies, is supported by my anecdote, and explained by your analysis. To me, very much proving this info is indeed relevant to the debate.
Unless we want to go super meta about relevance and usefulness.
Here in Germany at the very least this isn't the case as robo calling as well as unsolicited cold calling to private households can be fined with high fines of 10k+ Euros per call. I've maybe had two calls like this in the last 20 years.
You're being pedantic. "once a month" isn't what I would call "hardly ever". If have 2 EU numbers, on one I've never received a robocall/spam SMS (10+ years), on another I got 3 robocalls in the 2 years I have it, that's hardly ever.
This mirrors the experience of everyone I know. When an active robo-scam-call campaign was happening to people it made national news.
That's a very large difference with the typical US experience...
> are included in a high profile data breach of some kind
How is this avoidable specifically in Europe you say? Breaches affect us here just as much as anywhere else, specially since most breaches are user/client lists from large corporations most people can't afford to stop dealing with.
> are the unlucky, statistically unlikely victim of spam from a new source that is yet to receive punitive action
Unlikely? Given the rate at which scam and spam calls have increased in my country as data breaches built up, and this has been going for long already, I doubt they're getting much punitive action here.
Don't use your main phone/mail for registration, so you can avoid spam on it.
> Unlikely? Given the rate at which scam and spam calls have increased in my country as data breaches built up, and this has been going for long already, I doubt they're getting much punitive action here.
I'm not talking about data breaches, that's covered in previous point. I'm talking about punitive action towards spammers that dial random numbers, etc. as they're easily identifiable by the operator
I've maybe twice (in ~20 years) had an unsolicited SMS (I'm in UK), my phone number is online too. I know people get them, but it's hard to tell how they're selected, just luck I guess.
Used to get a lot of phone spam before the telephone preference service (TPS) came in, but not since. Quite a bit of spam in relative terms when running a business landline in a retail shop; tech support scams, service switch scams, invoice scams, but only about once a month.
A summary -- during the Trump administration, the chairman of the body that regulates SMSes and phones decided to (summary) make it easy to spam with few consequences. It takes longer to make an effective solution than to destroy one. The FCC is starting on an effective solution and this is the start, but it will take a while.
I did a hackathon a few years back a few years in a row and Telnyx was a sponsor the first year. One of the sponsors started asking for legitimate company information in order to keep your account with them. I wonder if this is something the FCC should request from these companies, I also wonder how effective it would be. I dont think all robocalls will die, but a significant number probably will.
Once you have an actual company behind the robo calls you can sue. Telecoms providers should be required to be helpful in providing information when abuse is reported or be liable themselves as if they were responsible.
It seems like a solvable problem but nobody is actually solving it.
On most (all?) carriers, you can forward spam SMS messages to 7726 ("spam" on the keypad) to report messages as spam.
That said, I've got no idea if they actually do anything actionable with this data. It certainly doesn't seem to have reduced my spam volume. Now I just let Android Messages filter the spam out.
"Report Junk" was originally added for iMessage (with reports going to Apple, I assume). iOS 16 expanded the feature to support reporting SMS/MMS "Depending on your carrier and country or region": https://support.apple.com/guide/iphone/block-filter-and-repo... (scroll to "Report spam or junk messages").
"In the list of messages, touch and hold the spam message, then tap Report Junk. Or, if you’ve opened the message, scroll to the bottom of the message, tap Report Junk, then tap Delete and Report Junk."
I’ve wondered the same thing. I’ve used 7726 to report large, long-lived campaigns (to AT&T Mobile’s 7726) and as far as I could tell, nothing happened. The senders rotate TNs so often that AT&T would either need to track it back to the point of ingress or do content-aware blocking.
My most recent experience was enduring several weeks of daily spam, all diligently forwarded to 7726 (“Thank you for reporting SPAM. We'll take it from here.”), only to finally get fed up enough to send a complaint to the FCC after which the spam stopped immediately.
In iOS when you forward a message, bafflingly, it does not copy the original source address, rather just the body so depending on the message you’re likely to be either misleading the recipient, plagiarizing without attribution, or sending spam content firsthand. Contrast with email in which convention is to copy a few headers to preserve context through forwarding.
In the case of 7726, I’m further confused that there seems to be no acknowledgement of this source of ambiguity. Do they want to know the source of the spam, so I should manually add it to the message? Or are they just training a content recognition model and by sending anything other than the original text verbatim I’m throwing it off?
Also, when the forwarded spam contains a URL, iOS often automaticity chops off that part of the message and shows an unhelpfully truncated version of it below the message in a separate bubble. Is iOS treating the forwarded spam as trusted data and probing the spammer’s URL, tracking parameters and all?
SMS forwarding sends the content, not the sender (phone number) info. In principle, they can search your previous messages and find the sender, but it's unclear if that would raise some privacy issues.
Most likely they just use the reported message to train their spam filter, not to block the particular sender number of that message.
You're probably right, but mining the results of that trained filter should provide quite a bit of data to a telco even so. It's not like it's a new bad actor for every message.
I've done this many times. It goes into a Zendesk-powered black hole. Looks like the oldest Zendesk autoresponse I have is from 2014. There's no way to tell whether it's making a difference (is anyone even aggregating reports by volume?), so I stopped.
Are offshore carriers responsible for spam calls that spoof numbers (based on your data)? Those two carriers are onshore so I think they would have to comply with the SHAKEN/STIR protocol which would make calls originating from their network easier to identify and block. Offshore carriers don't have those restrictions. I am surprised a company is able to operate like this onshore.
I was referring to vendors of commercial 10DLC and short code messages, not consumer-facing mobile providers. Consumer-facing mobile providers (where doxxing is a risk) could reply with just the carrier’s abuse contact (ie, abuse@ and/or a phone number). And even if it was only implemented for 10DLC, not consumer-facing mobile, that would be a start.
Here’s how others address it. For phone calls and texts:
- Slowly increase velocity limits on new DIDs/TNs. Often, examine the outbound content before raising limits - is it something anyone would request? where/how?
- Require the recipient to have opted-in on the same carrier (ie, no importing lists)
- Don’t let the affiliate/reseller sign up customers on their own. Centralize onboarding/KYC.
- Verify the end customer’s government-issued ID.
For texts:
- Block (and flag/escalate) based on message content, like the domain name/URL they’re linking to or a pitch phrase they’ve used.
Telcl industry lingo terms I looked up (posting in case this will be helpful to others):
DID: Direct Inward Dialing is a method organizations use to route incoming calls to specific private branch exchange (PBX) systems without an operator. Organizations purchase DID numbers from a telephone company or service provider and assign them to individual extensions within the organization.
TN: Telephone Number, this initialism is interchangeable with DID.
DLC: Installations using Digital Loop Carriers connect analog phone lines of individual users into a single signal sent on single lines to the central office of a phone company. The combined signal is separated into original signals at the central office.
Thank you! One correction - 10DLC is 10-Digit Long Codes. Sometimes this is called “Application-to-Person” (A2P), in contrast to "Person-to-Person" (real people typing on our phones or equivalent).
A 10DLC A2P SMS is an SMS sent from a 10-digit number and triggered by API (or anything else automated). Maybe the SMS is your doctor’s appointment confirmation system or an online retailer telling you your order has shipped… or maybe it’s a spammer. If it comes from a 10-digit phone number instead of a 5-6 digit short code, that’s 10DLC.
There’s also “Person-to-Person” (P2P) 10-digit SMS, like you texting a friend. Those can also be used to spam (hook up a computer to a consumer SIM), but it’s much less common, especially in the US. Most US-originating SMS spam comes from 10DLC A2P numbers.
> - Verify the end customer’s government-issued ID.
This never happens. Lots of PPP or bank fraud investigations go nowhere because the perpetrators used fake IDs all the way down. No company is actually checking the governments database of drivers licenses or state ID cards. Only recently did eCBSV come out which would allow companies to digitally check that an SSN actually exists (mostly to stop synthetic identity fraud) but that still doesn't stop identity theft.
Some of this is about increasing friction, not collecting flawless info. Is it possible to fool Stripe Identity (https://stripe.com/identity) repeatedly? Probably. But it’s a pain to make new fake docs (or switch carriers) every time an account is flagged.
I can't imagine even combined these companies are more than a single percentage of Twilio's volume. A quick search shows these two at ~300 employees to Twilio's ~7,900 - if you assume volume is somewhat linear to costs and subsequently revenue, Twilio is an order of magnitude larger. Even a smaller percentage of Twilio being spam is much more volume than a large percentage of these companies.
Founder & CEO of Plivo - https://www.plivo.com/ here. At Plivo we offer similar API services to Twilio for voice calls and SMS. While API offerings have made it easier for developers and tech team to integrate communications into their applications, one of the challenges here is the scale at which spammers and folks using stolen credit cards are always attempting to abuse all of our platforms.
Most of us companies, work quite hard to deter these spammers at sign up and later using automated systems to analyze usage patterns including content filtering, but its quite a cat and mouse game.
Something that has worked for us has been to restrict signups to only work emails. It does have it's disadvantages but we have been able to limit the random gmail id signups at scale by bot/spammers that abuse the system for use cases like robocalling and more.
For a tiny personal project (delivering alarms for calendar entries to my Light Phone 2), I used Twilio for several years. I was always impressed by how easy and cheap they made it to implement SMS delivery, even for a hobbyist.
Late last ever, they started sending me warning notes insisting that I fill out all kinds of paperwork for my "business" if I wanted to continue sending SMS messages. None of the paperwork made any sense for a hobbyist, but they insisted. It was clear that this requirement was coming from outside of Twilio, so I wonder whether it was the result of earlier discussions with the FCC. Since I don't use the Light Phone any more (couldn't do without a camera), I just turned off SMS delivery rather than deal with all the new bureaucracy. But I still use them for another hack: I can call a Twilio number and leave myself a message, which they will then deliver to a hook on my web server, along with a transcription.
I'm impressed with Twilio technically, and I can sympathize. I wouldn't want to be caught between the FCC and a bunch of SMS spammers, especially if the spammers were customers.
This was due to the 3 big US wireless carrier's colluding to form the Campaign Registry, which is trying to force any business users of SMS to pay a verification fee ($50 iirc) and monthly fees ($ to $$ per month) just so you can send SMS for business reasons, even if it's person to person traffic where your just replying to your clients that texted you.
Had the FCC implemented something like this the rules would be much more consistent and the fee structure would not be so exorbitant, but instead the big 3 have formed a cartel to attempt to control SMS messages in the USA.
Not to mention TCR just raised (last november) their monthly prices for the starter brand campaign from $0.75 to $2.00 and included a $4.00 setup fee (which was previously $0) for each starter brand. On top of that they added all kinds of additional registration paperwork for the law-abiding SMS sender. It's infuriating how this organization exists to extort legitimate businesses, and yet we still all receive massive amounts of spam.
I had a similar setup with Twilio, I switched to using Signal via signalbot framework. It’s a fairly straightforward process and it runs on my Pi in a docker container.I can even send it attachments and it will archive them for me. Sky is the limit.
My biggest gripe is with Action Network.org and related tools like NPGvan.
I’ll get multiple texts from politicians on the same day when I’ve actively “unsubscribe and report as junk” for several years now. I’m political active but don’t want to be text spammed.
I’ve reached out multiple times asking to remove my contact or to add me to a global deny list and they say “that’s not possible, we don’t control who our clients send to” which is absolute garbage. But if they had that feature the people who pay them would get fewer messages delivered so they don’t want to implement it.
No matter how many lists I take myself off, there’s no way to prevent someone from adding it back on to a different list and these days candidates each have dozens.
It’s frustrating to lose agency like that and I’ve stopped donating through them all together :(
The trick to removing yourself from ActionNetwork's mailings is in how you phrase it.
If you ask to be "removed from mailing lists", they will tell you that the only way to do so is to click the "Unsubscribe" link in the footer, and that there's no way to prevent yourself from being added to new lists.
But if you're persistent, they'll admit that there's another option: you can ask to be added to the "global block list", which they'll warn you is irrevocable. (I'm sure there's no good reason for the irrevocability, except to make people think twice about taking that option.)
Like you, I have stopped donating to candidates who use them.
In many jurisdictions (e.g., California), there’s no requirement for a registered voter to have a phone or email account. Political campaigns are allowed to use voter registration records to generate their spam lists, and most of them do.
Years ago I updated my voter record to remove the email address and phone number, and by the next election, my text, voice, and email political spam dropped to near zero.
NGPVan is a scourge. I gave several thousand dollars to political causes in the 2020 cycle and I have regretted it ever since. Never again, and I sincerely hope they are bankrupted by a huge class action.
You need to email NGPVan directly. Tell them you want off all of their systems. They will say they don’t have a way to do this. You then reply that they are lying. You can also threaten to contact the FCC (a bluff given political spam is exempted from so much). They will then remove you.
I run a few projects that interact with their API for SMS. I recently had to go through some extra hoops to 'verify my business' with them, due to the newer carrier regulations. But overall, works how I expect it to and with minimal issues.
Dear Mr. Lawson:
We have determined that Twilio Inc. (Twilio) is apparently originating illegal robocall traffic on behalf of one or more of its clients. As explained further below, this letter provides notice of important legal obligations and steps Twilio must take to address this apparently illegal traffic. Twilio should investigate the identified traffic and take the steps described below, including blocking the traffic if necessary, and take steps to prevent Twilio’s network from continuing to be a source of apparently illegal robocalls. Failure to comply with the steps outlined in this letter may result in downstream voice service providers blocking all of Twilio’s traffic, permanently.
...
Applicable FCC Rules. This letter is based on FCC rules that apply to originating providers like Twilio. First, under the safe harbor set forth in section 64.1200(k)(4),4 any provider may block all traffic from an originating provider that, when notified by the Commission, fails to effectively mitigate illegal traffic within 48 hours or fails to implement effective measures to prevent new and renewing customers from using its network to originate illegal calls. This letter provides notice under section 64.1200(k)(4) and describes the mitigation steps you must take. Second, section 64.6305(e)5 permits providers to accept calls directly from an originating provider only if that originating provider’s filing appears in the FCC’s Robocall Mitigation Database. As explained below, if Twilio continues to transmit illegal robocalls, the Bureau may initiate proceedings to remove Twilio’s certification from the database, thereby requiring providers to cease accepting calls directly from Twilio. Third, sections 64.1200(n)6 and 64.6305 prescribe various additional obligations for mitigating and preventing illegal robocalls. We remind Twilio that failure to comply with any of these obligations may result in additional enforcement action pursuant to the Communications Act and the Commission’s rules.7
...
If after 48 hours Twilio continues to originate unlawful robocall traffic from the entities involved in this campaign, downstream U.S.-based voice service providers may begin blocking all calls from Twilio after notifying the Commission of their decision and providing a brief summary of their basis for making such a determination.15 Furthermore, if after 14 days, Twilio has not taken sufficient actions to prevent its network from continuing to be used to transmit illegal robocalls, then downstream U.S.-based providers may block calls following notice to the Commission.16 U.S.-based voice service providers may block ALL call traffic transmitting from Twilio’s network if it fails to act within either deadline.
I don't know if I'd say the FCC universally has teeth. It's handling of ISP conduct is mixed and disjointed.
What's key here is that robocalls are so universally loathed by everyone that dealing with it has extremely widespread bipartisan support. Coupled with the authentication technology to actually source the offenders, the FCC knows on this particular issue nobody in government will slap them down for doing what needs to be done, and they have the information to do it.
Government agencies can be very effective when they know that an action will not be questioned politically.
I don't quite get the hate for Twilio here. I've found them to be generally responsive when issues are brought up.
How would it be possible for them to police every action of their customers? I expect actions to be brought against the individual violators, and then escalated to Twilio, and handled appropriately. As is the case here.
It would be different if they actively support systemic violation, but I don't think that's the case?
It's not. There was 1 or 2 customers who were bad out of probably hundreds of thousands. I'm not sure why that required them to publicly shame Twilio when they probably do more to stop robocalls than most other companies in this field (for instance Twilio banned caller ID spoofing in 2019, way before STIR/SHAKEN became mandatory). I think the FCC can try to create a tough guy image all they want but this kind of whack a mole enforcement will not work at scale.
Twilio is a public company with the pressures of consistent growth expectations. It has a perverse incentive to allow as much abusive customer behavior as it can get away with; even spammers pay their bills. That means being lenient when enforcing compliance, and not being proactive enough even when they're aware of these bad actors but not enough people are complaining.
So, I totally agree with the premise (robocalls are horrible, Twilio shouldn't allow them, etc).
However, to defend Twilio... I have about a dozen numbers, all for little automations, and the past 6 months they've been REALLY heavy handed about requiring them all to be registered and a bunch of other requirements. I get a ton of emails like "Register your 10DLC numbers to avoid unregistered fees", etc. They've been tightening the requirements, too. At first it was 3,000+ messages/day, now it's my 1-message-a-day-to-the-same-number accounts they're cracking down on.
The phone system needs to be changed so we get the full stack with every call, along with the name of the caller, so customers can block shit en masse uBlock Origin style.
The number of VOIP callers I want to contact me: 1 (my doorbell (I assume it's VOIP, not sure))
The number of non-US callers I want to contact me: 2 (family members who could just contact me in other ways)
Even if I have "agreed" to let some company contact me, like the phone company or my ISP, I'd still rather not receive calls from them.
I don't care about an individual's actual country of origin. Plenty of my friends are not American. But if I get a call that has any hops from an international network, then I want to block it, because it is spam (barring my two family members).
If a phone company does not provide information about all the hops, then all calls from that company should be blocked as well. Ideally phone providers would not be allowed to forward calls from such a network at all.
Also to follow up on my previous message since it's too late to edit it, I actually don't think anyone should be able to call me on the phone without providing me their full name.
I also don't think anyone should be able to send me physical mail without me approving each individual piece of mail through some sort of digital service that I would likely ignore.
The article states that the FCC has been on Twilio about a specific robocaller.
The Traceback Consortium conducted tracebacks and determined that Twilio was originating apparently unlawful robocalls on behalf of MV Realty through its dialing provider PhoneBurner. The Traceback Consortium notified Twilio of these calls and provided access to supporting data identifying each call… Twilio told the Traceback Consortium that PhoneBurner had obtained called parties’ consent for the robocalls. Neither Twilio nor PhoneBurner provided the Traceback Consortium with evidence of consent.
The article skims over the details from the FCC, in this situation Twilio is guilty by association. They are the CPaaS provider for a company called PhoneBurner, which in-turn provides services to a Mortgage company (MV realty) who is the primary offender of the robocalls.
The FCC is taking a firmer stand and threatening those that support robocalls all the way down the chain. All CPaaS providers need to do a better job managing their customer vetting processes.
> The article skims over the details from the FCC, in this situation Twilio is guilty by association.
Its not “guilt by association”; Twilio has, under the relevant laws, a positive obligation to prevent illegal use of its platform on pain of disconnection.
> (4) A provider may block voice calls or cease to accept traffic from an originating or intermediate provider without liability under the Communications Act or the Commission's rules where the originating or intermediate provider, when notified by the Commission, fails to effectively mitigate illegal traffic within 48 hours or fails to implement effective measures to prevent new and renewing customers from using its network to originate illegal calls. Prior to initiating blocking, the provider shall provide the Commission with notice and a brief summary of the basis for its determination that the originating or intermediate provider meets one or more of these two conditions for blocking.
There are some other fun things in section (n) about the requirements for a voice provider.
> (n) A voice service provider must:
> (2) Take steps to effectively mitigate illegal traffic when it receives actual written notice of such traffic from the Commission through its Enforcement Bureau. In providing notice, the Enforcement Bureau shall identify with as much particularity as possible the suspected traffic; provide the basis for the Enforcement Bureau's reasonable belief that the identified traffic is unlawful; cite the statutory or regulatory provisions the suspected traffic appears to violate; and direct the voice service provider receiving the notice that it must comply with this section. Each notified provider must promptly investigate the identified traffic. Each notified provider must then promptly report the results of its investigation to the Enforcement Bureau, including any steps the provider has taken to effectively mitigate the identified traffic or an explanation as to why the provider has reasonably concluded that the identified calls were not illegal and what steps it took to reach that conclusion. ...
> (3) Take affirmative, effective measures to prevent new and renewing customers from using its network to originate illegal calls, including knowing its customers and exercising due diligence in ensuring that its services are not used to originate illegal traffic.
A few years ago I received a VM from a spam caller, the content of which was a Twilio tutorial, verbatim ("You did not reveal yourself to be human. Goodbye!")
Yes, I was addressing the comment "This is the first time I heard about twilio and robocalls" - not saying Twilio has acted correctly, but saying that Twilio has known about it for years, so it's definitely not a new phenomenon.
I was CTO of a company that was doing consumer text messaging through Twilio. I would say Twilio actually does a good job of monitoring messages going through its system. Our system at times were used by spammers to send spam text and Twilio's automated bot would catch these and would then ask us for reports if we have permission to send automated text messages to the numbers.
> A quick Saturday evening update - outbound dialing was fully restored and stabilized Friday. Whisper/Barge was restored late Friday evening. We anticipate click-to-call will be restored before end of day Monday, if not sooner. SMS, Inbound, and number purchasing is expected to be restored by end of day Wednesday, if not sooner.
Good. Spam calls and texts are a blight, and nobody was doing anything about it until regulation kicked in.
Last year, after receiving several spam texts from numbers that were registered to Bandwidth.com (which was already difficult to discover), I sent an abuse report. I was not only told that Bandwidth.com couldn't do anything about it (other than forward the report to the reseller), but also they couldn't even tell me who they were reselling services to due to privacy reasons, and did not even know who the end customer was. They advised me to contact the police... To report text message spam.
Exactly. There is a gross information asymmetry that underlies the problem. In order to participate in many parts of society, you need a phone number. For 99% of us, the link between that phone number and your identity is basically public.
Then, along comes scam callers and illegal telemarketers. They have the capability to spoof arbitrary phone numbers to call you, which you as an individual do not have. Then, even if you do discover a real outgoing number that traces back to them, they can hide their true identity behind this bullshit “privacy” excuse.
You can buy jigs on aliexpress that hold 128 SIMs and round-Robin across 8 GSM radios.
It’s not all for spam per se. Some countries/providers charge a ton for international incoming calls, so bypassing this by IP and making calls in-provider only saves a lot of $$$ for gray-market connectivity.
And it’s cheaper for setting up of in-bound calls too than a business line.
Aside from increased costs, if the phone system were fixed to give us all the stack from the caller info, we could just block any call from outside the US.
Most of these guys will charge you 10-20% less than bandwidth.com or Twilio will
in return for slightly lower reliability. nCLI means you can't set caller ID because the call is coming over GSM, i.e. a simbox type setup. TDM usually means they are reselling traditional phone lines meant for businesses. If you think this already isn't being used to facilitate scams you'd be wrong: https://globalvoipforum.com/threads/offering-russia-for-fore... (unless by "forex traffic" they mean promoting Interactive Brokers). That's an example I found in 5 seconds. Go on some Facebook groups and you will find people offering grey routes to call America for "Amazon traffic," "bank traffic," "crypto traffic." I never really took the time to investigate what those terms mean but it does not sound good to me.
> We have determined that Twilio Inc. (Twilio) is apparently originating illegal robocall traffic on behalf of one or more of its clients. As explained further below, this letter provides notice of important legal obligations and steps Twilio must take to address this apparently illegal traffic. Twilio should investigate the identified traffic and take the steps described below, including blocking the traffic if necessary, and take steps to prevent Twilio’s network from continuing to be a source of apparently illegal robocalls. Failure to comply with the steps outlined in this letter may result in downstream voice service providers blocking all of Twilio’s traffic, permanently.
Seems like quite a reasonable request. Put in an effort. Outline what those processes are and stay on top of them.
Say what you will about US regulatory agencies, I wish we had even a whiff of that in Germany. Over here, the best you can hope for is for the regulators to negotiate with the companies to shut down individual numbers that have been used for illegal activities for months.
They might fine the companies running the robocallers/callcenters if they're in Germany, but they're absolutely never touching the providers who are happily supporting the criminals and instead throw their hands in the air and say "guess we can't do anything".
Even so, the US treats corporations with kid gloves. If I, as a mere human, blatantly and continuously committed crime, they’d kick in my door, shoot my family dog, and charge me with everything they could, expecting a plea deal. But when a company does it, they send them friendly letters: “Pretty please, with sugar on top, would it bother you much to stop committing crimes? We will give you a popsicle if you at least write us a letter saying you’re trying!” You can tell who’s in charge, and it’s not the general public.
Yeah, that's the kind of thing that erodes people's trust in "the system". I'm sure it's harder to go after corporations and their armies of lawyers, but their crimes are usually appropriately larger, too. But still, easier to go after individuals 10000 times than go after one corporation once to have the same impact.
I think one major reason is the lesser extent to which this is a problem. I can't remember the last time I got spam calls. A year or two ago it was much worse, but even then I got maybe one a month on mobile and one a week on my landline. Both numbers are publicly listed.
I don't know how it works, I only get like two a month. A friend of mine gets two or three a day and has just disconnected his phone and advised friends and family to only use his mobile.
The same applies to the large scale phone fraud though, which quickly gets into tens to hundreds of millions of euros per year. Police won't do much because the criminals are outside Germany and cooperating with e.g. Turkey is hard, and with India it's impossible. Phone companies don't care because they're making money and the regulator is asleep at the wheel.
Let's just make the phone companies liable for damages where they can't produce the customer (no KYC) or the customer is international. They'll quickly figure out who is legit and who isn't when it actually hurts their bottom line.
Meanwhile in Spain: past month I finally convinced my mother that they should give up the land line for good. She uses Internet through the cell phone only, where it's easy to block all the spam.
The land line calls were mostly spam, mostly from established companies, and some scams. A side effect: they went from 70€/month to 15€, 22€ after the first year.
I had got them a 35€ contract (land/fiber + 2 cellphones) three or four years ago, but somehow Movistar managed to creep the bill to double and had announced that it will start charging 120€ this year. Because reasons.
Protecting your parents from scam & spam will matter a lot in the future. I've trained my mother on erring on the side of not believing whatever the email or person on the phone says and calling me to verify. It works great, she'll happily take a note from them e.g. when her mobile provider (or someone claiming to be her provider...) calls and asks how I can reach them. The legit calls will be happy to provide a callback number, and the other ones will give up when she's persistent that she can't help them. They'll move on to easier victims.
The cost cutting can be immense as you mentioned. Plenty of people have ancient contracts that they never changed.
> Let's just make the phone companies liable for damages where they can't produce the customer (no KYC) or the customer is international. They'll quickly figure out who is legit and who isn't when it actually hurts their bottom line.
This would result in prepaid sim cards going away which would create a lot of problems for homeless people and illegal immigrants.
In the US, maybe. In Germany, prepaid sim cards already require full KYC with ID. There's no problem, you can get them with a preliminary ID card the government hands out to asylum seekers. There's barely any undocumented migrants in Germany because there's little reason to: if you're from most of Europe, you can come here legally, if you're from Africa or Western Asia, you can claim asylum.
Especially in regards to expensive numbers, some critics go so far and say they got an "employment ban". They are not soft at all. But obviously they can only react.
They could just do the same thing the FCC does: threaten the providers with revoking their licenses unless they get their KYC in order and do spam detection & prevention.
They're fining ~20 companies per year for spam and have shut down a few numbers and stopped billing on a few foreign premium numbers. Other than that: nothing. They're simply ignoring the companies that are complicit.
If they're not the right organization to enforce rules, that's fine, let's create one that does and hasn't been closely embedded within the industry for the past decades.
Why don't iOS and Android support sending calls from unknown numbers straight to VoiceMail (or block entirely). Why isn't this a first-tier feature?
If such functionality were well-implemented, you'd be able to disable it for a limited amount of time if you're expecting a call, and then the setting would kick back on automatically.
Apple and Google could work together (or even 100% independently) to tackle this at the handset endpoint level, yet there is no serious investment.
They both have the data to create extremely robust solutions that could kill such life nuisances once and for all. Why do they continue to sit on their laurels rather than treating this as the serious abuse it is?
I get more text-message and phonecall spam than ever. Whatever [meager] measures have already been attempted are completely insufficient and have failed.
Imagining a future where my children perceive this as normal doesn't seem right. What can we do about this?
That's like a whitelist for email because you don't want to deal with spam though. It severely diminishes the medium and makes everything more complicated.
What if your mother had an accident and is in the hospital, should the hospital send you an email and ask you to allow incoming phone calls? Could they even, if your spam filter wouldn't let their email through?
And if it's straight to voice-mail, you'd still need to spend the time to check it, albeit maybe you could check when it's better for you.
They could screen it with a voice assistant, but I doubt that'll work well, spammers will just set their systems up to say stuff that gets them through the screening and then switch to the spam once they get to you. And when the assistants catch on, it has lots of fallout because suddenly your kids' school can no longer reach you because the assistant flags everything about schools and kids because spammers have abused it.
The iOS texts are especially bothersome because they appear on every device and machine hooked up to iMessage.
I just looked and Android does have this setting buried under several slices of the phone app settings layer cake. It's better than nothing but I'm unwilling to accept that this is respectful to end users. It's really hanging all out non-experts to dry, when they absolutely should be in control.
What does the FCC accept as 'proof' of consent to receive automated calls?
Could Twilio simply add a boolean to their 'make a call' API endpoint where the user has to declare that they have, in fact, obtained consent to call a particular number?
That would provide no technical barrier against fraud, but it may suffice as a legal CYA for Twilio.
Key takeaway, there is no safe harbor CYA of the type you suggest, they need (and basically immediately) to take effective steps to prevent robocalls that are factually illegal, they don't have the option of getting CYA certificates from their users to insulate them if the users keep making illegal calls.
While I'm certainly far from being a contract lawyer, it looks to me like the FCC is interested in receiving evidence of consent for the offending calls, if it exists:
>The Traceback Consortium
conducted tracebacks and determined that Twilio was originating apparently unlawful robocalls on behalf of MV Realty through its dialing provider PhoneBurner. The Traceback Consortium notified Twilio of these calls and provided access to supporting data identifying each call, as indicated in Attachment A. Twilio told the Traceback Consortium that PhoneBurner had obtained called parties’ consent for the robocalls. Neither Twilio nor PhoneBurner provided the Traceback Consortium with evidence of consent.
And:
>If Twilio has evidence that the transmissions identified in
Attachment A were legal calls, present that evidence to the Commission and the Traceback Consortium.
In any event, if consent to place calls is required, then there has to be some mechanism for call origination services (here, Twilio) to demonstrate receipt of that consent. My question is, what exactly does the FCC require as proof of consent?
The consent requirement, under FCC rules adopted in 2012, is “prior advance written consent” of the called consumer, and to include a functioning opt out mechanism as part of the message. [0] So, I would assume the preferred evidence would start with a copy of the written consent.
Don't threaten, do it. Threatening means the service has time to think creatively on how to make it less obvious. No money lost. Until it's more expensive to break the law, it will continue to be broken.
It's not so simple to shut off people's telephone numbers. Consider some customers might be using the service for health and safety reasons. Better to threaten and then follow through that take the liability hit of just shutting off services.
Slightly OT, but last week, I got about 400 phone number verification texts from various online services.
Presumably someone was spamming service sign ups using my number. Any clue why?
The verification codes were typically 6 digits, so if they did this with a million other numbers, they would "get lucky" about 400 times, but that seems unlikely to me to be what they were doing.
Also hall of shame to SeetGeek for allowing 50 sign up attempts in as many minutes all from the same number; every other service stopped well before that.
How exactly will this fix the problem? Is Twilio doing less than others to stop robocalls or something? And if so what are others doing that Twilio isn't?
Surely if they disconnect Twilio then the robocallers will just move on to another service? And the only people who will be negatively impacted by this are those who want to use Twilio legitimately.
I'm really struggling to understand the sentiment here.
The FCC would not send this unless they felt Twilio specifically had an inadequate method of preventing abuse on their platform. They started with smaller providers that likely had worse protection. I suspect the FCC currently considers Twilio the most vulnerable service at this present moment.
It's also very likely they had previous communications between the FCC and Twilio, and possible that, like many tech companies, Twilio refused to delete a customer without an official order.
Someone should fix phone calls. It shouldn’t be so easy to spam and phone numbers should be clearly associated with the business behind it. Something similar to SSL certs. Also, I remember seeing in the Twilio API an option to add a call reason. It would be great to have a 50 char sentence explaining why I’m being called so I can decide whether to answer or not.
I have the spam filters set to the max on my phone. I was getting 10+ text messages a day and 2-5 calls per day. Someone was using my number to sign up for things. The best one was enabling Google call screening. It has completed cut out all of the spam calls and texts.
Curious, I've gotten a WHOLE lot less robocalls in the past year or two. So much so that I can't remember the last time I received one. I believe I've even stopped being annoyed when I receive a call because I no longer suspect it to be a spam call.
Do companies like Twilio do anything about spam the same or similar way Google for example handles spam?
I guess that they are not obliged to deal with it at least in most countries. I honestly don't know much on this space but this article raised my curiosity.
Millions elderly citizens that worked hard to provide for the current generation, scammed after a life of sacrifice and work. Many of them in manufacturing jobs.
hopefully they do it. Twillio is an awful paternalistic company and getting SMS numbers in Germany is the actual worst. For a client, I ended up having to buy an RPI and a SIM myself because Twillio restricts service severely for anyone not having a big company.
(hug'd)