Unspoofing phone calls - twilio

So I get spoofed calls and they're annoying; however from a little reading it seems like all the spoofing is only done in the Caller ID field, but that there are additionally 2-3 ANI fields that generally are used for carrier billing that are much more difficult to spoof. I also have both legitimate friends and spam calls that use blocked numbers, and again it seems it's just Caller ID being left blank and ANI still being submitted. (please correct if this assumption is wrong/there's a better value to use instead)
My end goal is to set up a "public" number that I give out to people, and that "public" number would read the ANI data, "fix" the caller ID, then forward the call to my actual number/send me a text/notification with the real number. My understanding is this is possible if I internally forwarded the call to an 800 number I own first (then forward the number back to a non-800 number to avoid charges) but I haven't seen this mentioned in any Twilio/Bandwidth.com/etc APIs - they mention a 'from' field but not how that field is determined. I've seen products that do this like Trapcall so I know it's possible somehow, but would prefer not to forward all my calls to a number I don't control.
How do I do this? If I forward a call with a fake/blocked caller ID to an 800 number on Twilio/Bandwidth will the from number of that forwarded call be automatically corrected/unblocked? (And would I be able to compare the from of the original call to the from of the 800 call, where a mismatch would mean a spoofed number?) Or is there some specific way the 800 number has to be setup for this/the 800 numbers off of Twilio don't work at all/etc?
I also read that ANI is not very reliable on VOIP calls, and VOIP calls are more or less anonymous. Is there any way to find out whether an incoming call is being made from a VOIP service or from an actual landline/mobile? I know there's the Caller ID lookup, but if we assume that data is unreliable can we find out just from data made available during the call itself?

Figured it out, it does work from toll free #'s, it's just twilio specifically didn't work with it. worked with other providers.

Related

How do sites like Vonage or PhoneValidator determine whether a phone number is mobile or a landline?

Sorry if this isn't the proper channel for this question; it's hard to tell where else to put it.
Primary Question
Given a phone number (in my case: US or +1), I want to know whether that phone number is designated for use with mobile or landline phones (exclusive or). (Optionally: can I determine whether they were ported?)
I know that the ability to port numbers implies that no data on this is 100% accurate. I'm only looking to be about as accurate as existing services like Vonage's Number Insight API, or PhoneValidator.com, without giving them my customer's phone numbers directly. I'd preferably like to know how they acquire their information so I can replicate it.
I do know that NANPA publishes Central Office Code Assignment Records, which is enough to get me the company who 'owns' a block of numbers, but that doesn't necessarily tell me whether they're mobile or landline blocks.
Reading the TYPE from Google's libphonenumber gives the rather unhelpful FIXED_LINE_OR_MOBILE response, whereas I'm looking for which device type specifically.
Secondary question:
Given that NANPA hands out phone numbers in blocks of 1000, am I safe to presume that a random number within that block is representative of the whole block? In other words: does 222-222-2000 being a mobile number imply that 2000 through 2999 is?
Thank you!

Twilio: Don't want to keep logs of voice callers' numbers

I use Twilio to operate an automated phone line that connects callers to resources for some very sensitive topics. If the phone numbers of callers were revealed due to a data breach or subpoena, it could have negative consequences for them. There's no need for us to log callers' numbers, and ideally I'd like to not store that information at all. However, these numbers show up in my usage logs:
I've searched for ways to prevent these numbers from being logged or to delete them after they've been logged, but I can't find anything documented. Is there a way to do this?
Partial answer: You can delete the record of a call using the API DELETE functionality:
DELETE https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Calls/{Sid}.json
You can have a script periodically request all calls made to the number and call DELETE for each one. If your system involves recordings, transcriptions, or texts, you need to do the same for them.
This is an acceptable solution for our needs, but it would be ideal if the numbers weren't logged in the first place, so I'm still interested in hearing others' answers.

Specifying multiple Twilio numbers when sending an SMS to spread load over all numbers

I am new to Twilio and was reading that the limit is 1 SMS per Second per Number.
If you have more phone numbers, then the overall sending rate increases.
My question is if we need to specify multiple numbers in the code in order to take advantage of the increased rate with having more numbers, or is this taken care of automatically by Twilio, even when I specify only one number in the code?
It is not clear if I manually have to Round Robin across all my numbers myself, or if Twilio does this for us.
I am using PHP to do this.
Twilio evangelist here.
You will have to write the code that round robins across all of the numbers in your account. This should be pretty straight-forward.
What I would do is put all of those numbers in an array (you can use the REST API to get the list of all of your Twilio phone numbers), and then in your message sending loop, just use a counter to keep track of your place in that array. Once that counter reaches the array size, just reset it to 0 to start over at the beginning of the array.
Hope that helps.
Over the years the answer to this question has changed. There is now a Twilio service called Copilot which enables all kinds of number intelligence. See the docs here for examples of how to use it. That docs page lists it as a "public beta" (though it also suggests sending API queries to the 2010 version of their API, so it seems a bit outdated).
Edit: Be sure to read the docs regarding the response, since the Copilot behavior is different than the standard message sending behavior:
There is a slight difference in API response when specifying the MessagingServiceSid parameter. When you only specify the From parameter, Twilio will validate the phone numbers synchronously and return either a queued status or an error. When specifying the MessagingServiceSid parameter, Twilio will first return an accepted status.

Pattern for recording the price of Twilio phone calls

Would like to maintain a local record of the price of all the phone calls that my application makes.
Am not sure what a good pattern for this would be. It looks like the price is not available in the arguments provided during the status call back when the call is closed. I assume this means I'll need to query Twilio's servers to find the price of the call. Can I do this immediately or do I need to wait a certain amount of time for the price to populate?
Is there another pattern that would be simpler, require fewer steps, or be less error prone that I am not seeing here?
Thanks!
Twilio evangelist here.
I'd recommend checking out the Usage Records API. These handy API's give you an easy way to get rollup data for your account, like how much your account spent yesterday, or how many outbound calls it made.
You can also set up Usage Triggers to proactively notify you when threshholds are met.
Hope that helps.

How to recognize fax numbers?

What should be the best way to recognize that a number is connected to a fax without actually sending faxes around ?
I suppose that a short phone call can be made: the goal is to determine if a number that is declared as a fax line is really a fax line, working and available.
If you can make a phone call, many faxes create a "Fax Identification tone".
This signal may be sent by the Terminating FAX machine anywhere between 1.8 to 2.5 seconds AFTER answering the call. The CED signal consists of a 2100 Hz tone that is from 2.6 to 4 seconds in duration. The CED tone is useful for disabling any echo cancellers on the line.
The CED also incorporates a "silent" interval following the 2100 Hz tone. This interval lasts from 55 to 95 (75 +/- 20) mS. Following this interval, the Terminating FAX machine will initiate the Pre-Message Identification procedures by transmitting a 300 BPS "Line Turn-around" preamble.
Some older faxes do not support that though, no idea how they can be triggered (i.e. by you sending a tone first, but that could be really annoying if you have a phone instead of a fax number)
I understand your question as that you have a list of fax-numbers in your customer database and want to verify that those numbers still are valid.
Then you could use TAPI to programatically call those numbers and check if its a fax that answering, no need to actually send any fax, just connect and ask the device (fax) what capabilities it has.
Here are Microsofts information about their TAPI
An easier way could be to have a fax modem on the com-port and using ATI-commands to call the device and send ATX3D and see if the device answers with ATA. (Or something similar, it was ages ago I programmed modems..)
It's essentially impossible.
They make line-sharing switch devices. For example, visit http://www.faxswitch.com/ to see their offerings.
The line appears like a voice line until you send a fax recognition tone. Then the line switches to a fax machine, if one exists.
So, a single number can be voice and fax.
A quick and dirty way of testing if a number is a fax number would be to google (using some API) for "Fax [number]".
e.g.
http://www.google.co.uk/search?q="Fax+01422+329262"
Not in New Zealand at least.
Here, Fax-Numbers do not differ from normal numbers in terms of namespacing.
A fax number may be only 1 digit ( the rightmost ) different from their normal line, or even a company may not have distinct FAX/Phone lines, and they just share a line and use tone detection to initiate fax protocol instead.
Also, you don't need to register with anybody to have fax services work on your phone line, so there's no index you can look up to see if its a fax or not. The only way to know is initiate a call, and see if you get a fax response, and even then, if the Fax happens to be turned off, you'll get a false negative.
I think your question may turn out to result in hunting for phantoms.
Oh, and for additional fun, you may have desktops with their dialup modem plugged into the wall merely emulating a fax device :). If you don't want to include these as "fax machines". you will be most likely out-of-luck.
First, there isn't anything inherent in the number that identifies it as a fax line. Even the phone company doesn't know - it's just a device attached to the wall jack, by the customer.
At some point you just have to trust the user. However, try the following ideas as well:
On each fax, publish a number (preferably toll-free) where the recipient can call to cancel. In some localities this might be a requirement anyway - "unsolicited" faxes are considered abusive in much the same way as spam since they can entail both material and bandwidth costs for the recipient. This will protect you in the eventuality that someone subscribes a number that doesn't belong to them.
Add some kind of error threshold to your software that will halt fax attempts once n attempts fail, and flag the number as inoperative. If you have some other way to contact the user, you could notify them of this event. The same principle works for e-mail addresses - I've received snail-mail notifications from companies when I changed e-mail addresses and forgot to notify them; once the e-mail had bounced a few times, they sent a courtesy letter to remind me to update it.
Many old fax lines are set to automatically pick up even on a voice call, so you could just call and check. On the other hand, it won't work on a lot of new ones, so while you could tell that one is a fax line, you couldn't tell it wasn't.
I'm sure a fax is a modem, so if you connected to it - using AT codes maybe (how 1990's!), you could determine from the response codes that there was a fax there - but you still have to make the call, make the negotiation etc - just dont send a page.

Resources