In this series we will expose the reality of what’s happening in A2P SMS. We’ll review how the current situation can and will be solved through mitigations the industry must adopt.

This series is based on extensive research through 2024, it is not a complete exposé. However, the main mechanisms and mitigations are covered.

Mitigations: SMS Governance / Certification and Published Rates

Augnet was founded to address the lack of governance / certification in SMS messaging, see interview with Daniel Gill. 

Dan Gill is the CEO and founder of Augnet. Check out their team, it’s impressive. Augnet addresses the lack of governance in SMS messaging using a vast network of real devices (both SDK in apps and SIM app). He faced this problem through the sale of Skype where he headed up carrier relations across voice and SMS. There simply were no certifications in the SMS supply chain, things like performance measurement were challenging, almost guess work, DLR (Delivery Receipts) can be faked. Hence it’s open to abuse by the industry itself and any bad actor with a little bit of knowledge.

The routing manipulation uses AIT to lower the performance of competitors’ routes through pumping traffic, so an enterprise like Amazon favors your routes. Spend money on AIT, but win more higher margin revenue. There’s a battle taking place over all the A2P SMS routes. Trust in the A2P SMS ecosystem is only one hop, your partner may connect with companies you do not trust. There’s no accreditation, and often conflicts of interest. There needs to be a source of Truth that is measurable and constantly updated.

It is impossible today for any aggregator to prove 100% of their traffic is white. They may claim 100%, but it only takes one person in any of the organizations that route traffic, or a bad actor that appears a solid aggregator for one country. And that leads to the critical issue of how to monitor AIT traffic entering your network. These are the problems Augnet addresses, plus some really interesting capabilities around encryption, authentication, geofencing, SMS over IP and network awareness.

Trust in SMS is a critical issue, barriers to bad actor entry are low. AIT has enabled fraud on a scale we have never experienced over SMS. When Dan shared how trust could be like a HLR look-up, “is this # a real device over a trusted route”. What shocks me is Augnet is coming up to 6 years old, and it is not broadly adopted. The industry needs to act now, else A2P SMS will continue to lose credibility.

I am shocked that the people causing and covering up these AIT problems claim they are the ones who can restore trust in SMS. Once trust is lost, it can only be restored through external mechanisms.

Uku Tomikas is the CEO of Messente, they focus on business messaging. No claims of being a CPaaS (Communications Platform as a Service), just a pure focus on helping customers be successful using messaging for their business communications.

Customer trust is a core value for Messente. They build that trust through decade long relationships and advising customers on how to optimize their use of messaging to achieve their business objectives. Specifically, on ensuring local brand registration, on best practices for gathering and cleaning customer data, on campaign best practices, on frankly sharing their costs and margins.

Messente will not play games to offer a ‘special’ SMS rate. Uku pointed out he would rather SMS rate pricing be publicly available, so he could focus on Messente’s value-add. Ira Cohen was name checked as a great guest for the TADSummit Podcast when this point came up, as he too agreed with Uku. While the rest of the industry did not.

Implementing Augnet and publishing / harmonizing SMS rates seem like straight forward things the industry could do to begin the process of restoring trust.

RCS Fraud – it’s here

This year I started to receive RCS spam, using group chat to appear like RBM (Rich Business Messaging). Google Guest Cloud provides a low cost entry point for creating such messaging. We’re still in a wait and see mode with respect to RCS. Its ability to allow a crook to copy the look and feel of a brand is an issue, however, it’s still early days.

Current Situation

SMS is in decline as web brands move to other tech (email, in-app, passkeys, IP messaging). Juniper Research forecast global SMS revenue will shrink 28 per cent from $66 billion in 2024 to $47 billion in 2029.

Carriers need to maintain revenues so have raised prices as less traffic makes it harder to meet volume commitments and find traffic to inflate. Brands are using SMS less, yet spending the same / more. 

This situation has happened before, around 2012/2014 Skype reached peak usage, by 2014 traffic was migrating to WhatsApp with group chats. Even though Skype was using less SMS/calling, it was paying more as prices rose.

Skype has declined from its peak, CNBC wrote In March 2020, Microsoft said Skype had 40 million daily active users, a number that’s since slipped to 36 million, according to a spokesperson. https://www.cnbc.com/2023/07/02/the-rise-and-fall-of-skype.html

Telegram can bypass SMS and offer direct messaging over its platform, so called IP bypass. Criminals will pay $10 per SMS, for customer data that they can hijack an account with, e.g. 2FA.

User experience is poor because of SPAM and lack of trust, some brands are so frustrated they moved back to email. Trust must be restored, but it can not be restored by the people who created / covered up the problems in the first place. 

Hence why Augnet is important (governance and certification). Combined with openness and harmonization of pricing. A2P revenue assurance, and critically operators taking back control of the services their customers are paying them for.

Claims RCS, because of Apple’s unclear adoption, will resolve the situation ignores Apple’s iMessage strategy, and RCS’s 16 years of development and many claimed and then failed launches. Hope it is not an option, specific, quantified, and direct action is the only way to stop the rot. If action does not take place, I’ll be writing an epitaph on how the tragedy of the commons killed SMS.

As this series has shown, A2P SMS was not designed with security in mind. Its history has the common thread of a lack of coordination / control, hence bad actors could make a quick buck and move on once the problem became significant enough to warrant carrier action.

Implementing Augnet, publishing and harmonizing SMS rates, implementing A2P SMS revenue assurance, and carriers taking back control over the service their customers are paying them for seem straightforward. Things the industry could do to begin the process of restoring trust. We still have the core problem of SS7, but if we make A2P SMS fraud much more difficult, the crooks may start to look at easier targets.

Articles in this series

Truth in A2P SMS, Part 1 of 5, In the Beginning & Foreign SMSCs. https://blog.tadsummit.com/2024/07/29/truth-in-a2p-sms-part-1/

Truth in A2P SMS, Part 2 of 5, Premium SMS. https://blog.tadsummit.com/2024/08/01/truth-in-a2p-sms-part-2-of-5/

Truth in A2P SMS, Part 3 of 5, First phase of SIM farms & Non-interworking Agreements and Gray Routes. https://blog.tadsummit.com/2024/08/05/truth-in-a2p-sms-part-3/

Truth in A2P SMS, Part 4 of 5. SIM Farms 2.0, AIT, Exclusivity, Control, A2P Revenue Assurance. https://blog.tadsummit.com/2024/08/07/truth-in-a2p-sms-4/

Truth in A2P SMS, Part 5 of 5. Mitigations: SMS Governance / Certification and Published Rates, RCS Fraud, Current Situation. https://blog.tadsummit.com/2024/08/09/truth-in-a2p-sms-3/