TADSummit Preview, Uncategorized

The Definitive Truth in A2P SMS

8 Comments

Responding to your requests, here is the all-in-one post, both links and a long block of text, enjoy! Thank you for all your compliments on this work.

Truth in A2P SMS, Part 1 of 5, In the Beginning & Foreign SMSCs. https://blog.tadsummit.com/2024/07/29/truth-in-a2p-sms-part-1/

Truth in A2P SMS, Part 2 of 5, Premium SMS. https://blog.tadsummit.com/2024/08/01/truth-in-a2p-sms-part-2-of-5/

Truth in A2P SMS, Part 3 of 5, First phase of SIM farms & Non-interworking Agreements and Gray Routes. https://blog.tadsummit.com/2024/08/05/truth-in-a2p-sms-part-3/

Truth in A2P SMS, Part 4 of 5. SIM Farms 2.0, AIT, Exclusivity, Control, A2P Revenue Assurance. https://blog.tadsummit.com/2024/08/07/truth-in-a2p-sms-4/

Truth in A2P SMS, Part 5 of 5. Mitigations: SMS Governance / Certification and Published Rates, RCS Fraud, Current Situation. https://blog.tadsummit.com/2024/08/09/truth-in-a2p-sms-3/

In the beginning (1992-2000)

The first SMS (Short Message/Messaging Service) was an A2P (Application to Person) message sent in 1992. A Merry Christmas message sent over the Vodafone GSM network in the United Kingdom by Neil Papworth from Sema Group using a personal computer to Richard Jarvis of Vodafone using an Orbitel 901 handset.

Through the ’90s SMS grew slowly for consumers, telcos were slow to interconnect SMS within a country, and prepaid accounts were blocked from using SMS because of billing risks, so kids could not yet use SMS. The reason, it was possible to change the SMSC (Short Message Service Center) settings on individual handsets to use the SMSCs of other operators. 

It wasn’t until 1999 / 2000 most operators were interconnected, and the restrictions on prepaid accounts started being lifted as the billing issues were resolved. Then person to person (P2P) SMS began its rapid rise, and with that growth in popularity, businesses started to use A2P SMS through modems, and banks of modems.

There were some trail blazers in business applications, in 1996 Simon Woodhead founded eSMS / SIMWOOD, the first global SMS gateway between the Internet and mobile phones, a proto-SMS-aggregator. There were a couple of earlier country / region specific gateways, however, eSMS was global.

The unique feature of eSMS was e-mail<>SMS so someone would have an @esms.com address with delivery to their ordinary mobile phone. They could also reply directly as SMS and eSMS would send the email. Simon reverse engineered what turned out to be RFC822 (Standard for ARPA Internet Text Messages), though he was not aware of its existence.

And a shout out to that kid’s acumen, RFC822 is actually the email RFC, despite the title. Simon had to extract the plain text from the SMS encoding. Easy for mail clients written by people who’d read the RFC, a bit harder for a kid with reams of paper on his parents floor 🙂

In the early days of eSMS, their community email lists would share information on bugs, features requests, advice, etc. It was essential for supporting a global service. It was like the early days of the internet and the web.

More broadly, technologists from around the world interested in SMS shared ideas and even code on websites, even on how to use foreign SMSCs to transmit and receive SMS between carriers within a country without being charged. Whether they worked or not was another matter. Remember the bulletin board days of hours-long downloads for in the end a corrupted *.exe or *.mp3.

Some in the early SMS application businesses took advantage of this ‘wild west’ between the mid to late nineties. The matrices were constantly evolving as carriers closed routes and improved billing. Businesses would hold their breath as they received van-loads of itemized bills each month that came to zero charge. Soon the gaps were filled, and those businesses evolved. Some of the early SMS movers then focused on the explosion happening on the web. Just like with AI today, it was a crazy, fast moving time.

There were lots of financial alerting and ticker services to your desktop email. eSMS delivered those emails to the phone using SMS, e.g. stock alerts to traders. I knew one of eSMS’s customers who lived close by in Ipswich and worked in the City of London. Those mobile alerts on the train to/from the City of London were invaluable when the train was delayed. 

The business model was a subscription service between eSMS and the bank or its employees. Also the Blackberry device entered the scene in 1999, so email could be received directly on that device, and within the control of the IT department. Blackberry had a good run until 2011, when the iPhone and Android-based smartphones took over, and mobile email became mass market.

But hidden underneath the big headlines, those technologists sharing SMS tips and tricks via websites or email distribution lists were continuing to evolve and focusing on opportunities within the emerging category of A2P SMS. eSMS / Simwood went on to focus on wholesale voice and value added services.

Premium SMS (2000-2010)

Short messages were used to deliver premium rate content services. Content such as news alerts, financial information, ringtones, games, and adult content / services. Between 2006-2008 mobile content was already in decline.  See source https://www.slideshare.net/slideshow/procontentru-andrew-bud-mblox-mef-presentation-at-vas-v-conference-presentation/.

See slide below from MEF; Mobile Entertainment Forum, now called Mobile Ecosystem Forum, or as I refer to them as the Mushroom Ecology Farm as their chairman instructs members to ignore my work, hence keeping themselves in the dark and fed BS.

A large AIT (Artificially Inflated Traffic) generator is one of the MEF’s sponsors. When I published some commentary on one of the generator’s posts about AIT, I received several comments from MEF members frustrated at the audacity of the AIT generator’s AIT posts.

MEF knows what the AIT generator does, yet takes his money. Just like they know about Bill Peters’ treatment. Bill’s arbitration is still ongoing, he was fired in 2022, and I think arbitration is now delayed until 2025. Arbitration is supposed to be fast, in practice it is not. If you’re employed in the US, I recommend you remove the arbitration clause from your employment contract, it’s not in your favor. Learn much more here.

Anyway back to the premium SMS story.

In 1998, the first premium-rate media content delivered via SMS was the world’s first paid downloadable ringing tones, as commercially launched by Saunalahti (later called the Jippii portal and closed down in 2010). Saunalahti was founded in 1996 when three mid-sized internet access providers merged.

Initially, only Nokia branded phones could use the portal. By 2002 the ringtone business globally had exceeded $1 billion of service revenues, and nearly US$5 billion by 2008, before its terminal decline. 

The service fee carriers charged for the premium SMS could be as high as 80% of the content fee (including carrier portal placement as that’s how content was discovered back then), 50% was more common.

Such high fees compared poorly to credit and debit cards with fees of a few % of the purchase price. The content industry moved away from carrier billing, and the Apple and Android ecosystems built out the gift card infrastructure, in addition to credit/debit card payments, to achieve global mass market adoption.

Premium SMS Fraud and Mitigation

A factor that led to the decline of premium SMS was fraud:

  • Recurring monthly / biweekly subscription charges made, when the transaction was only a one-off purchase; and
  • Inflated charges, that is the price quoted was before all the carriers’ fees, so the final charge on the bill was much higher, almost twice.

The carriers ended up dealing with many frustrated customers, so they added processes requiring the content providers to include their customer service number. Unfortunately the chances of that number being answered was low. Carriers also added features like “Purchase Blocker” which is still available today from AT&T.

There also emerged mobile payment providers that ‘managed’ the mobile content payments for carriers. But instead migrated mobile customers away from mobile payments onto credit/debit cards. Carriers were being fleeced from all sides.

The reputable content industry moved away from premium SMS, the lack of control and sky high fees made it a mess, plus the Apple and Android ecosystems built out their gift card infrastructure. Today carrier billing exists in a few countries where personal banking infrastructure remains immature.

I mention the premium SMS experience as it highlights two important aspects of A2P SMS history:

  • A 30 year history in lack of coordination / control from the industry, hence bad actors could make a buck and move on once the problem became significant enough to warrant carrier action; and
  • Fees out of step with more widely used mechanisms, e.g credit / debit / gift cards.

This all led to premium SMS’s demise as a content channel.

We see today price rises and lack of control / coordination in A2P SMS. Is the premium SMS story about to be repeated? The Camara project (Network APIs) is certainly repeating the OneAPI story. This does seem to be a recurring theme in mobile telecoms.

I finish on a quote on why this review of A2P SMS history is important.

Those who cannot remember the past are condemned to repeat it.

George Santayana, philosopher

In Part 3 we’ll get into SIM Farms, AA.19 and AA.60/63 agreements. Here’s the link to Truth in A2P SMS, Part 1 of 5 in the series.

The First Phase of SIM Farms (2000-2015)

Once carriers sorted out international SMS interconnects, the in-country ‘free’ routes disappeared, the SIM farms were reused for the emerging category of A2P SMS. Farms with 64-128 SIMs could be used, the equipment was available from a number of Chinese vendors. 

The cards used were generally domestic prepaid SIMs. They were bought from many locations, e.g. local supermarkets, in low numbers to avoid suspicion. Once set-up, auto top-up was enabled, and they were used to deliver bulk A2P SMS services.

Operators in some countries noticed this revenue leakage, for example, France and Italy started to require official identities to be presented to buy SIMs. Which is still the case today, in France I recently provided my passport as proof of identity to buy a local SIM.

There were also business post paid SIM card bundles, which required no official ID, just a fake business, this avoided the top-up issue. With greater volumes bulk A2P services were available for free, or at least the first 1000 SMS were free, as they gathered the mobile numbers being used in the campaigns, and sold them onto data brokers. Examples of companies that allegedly provided this type of service in addition to many other SMS services was CardBoardFish, which was bought by Mblox (2014), which was bought by CLX/Sinch (2016).

SIM farms remain in broad use today, many aggregators have an association with SIM farms either with a clandestine division, a group of engineers in a corner somewhere, or a third party special operations group. Exploiting the P2P route remains essential for many aggregators to come close to achieving ‘Twilio-like’ margins.

While carriers have improved their detection of SIM farms, they remain in use today. One interesting technology in use today is SIM applets from Wadaro. The main purpose of SIM QoE (Quality of Experience) is to measure subscribers’ experiences of the networks they are using.

Within the feed is a variety of information that can be analysed to characterise devices, the network and, of course, the subscriber experience. For example, serving cell history, mobile originated SMS & voice call history and prevailing radio received.

When one of Wadaro’s tier-1 customers had a significant problem with SIM Boxes they asked for help. Wadaro delivered a layer of analysis that highlighted patterns in their data that indicated the likelihood that a Subscriber was not a Subscriber but was a card in a SIM Box;

  • Multiple ‘Subscribers’ at a static location connected to the same cell, at the same latitude/longitude and subject to the same prevailing radio.
  • Service consumed was of a single type i.e. mobile terminated calls only throughout a 24 hour period. No mobile originated service.
  • IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity – like a device fingerprint) tumbling to avoid detection by the network, the SIM Box repeatedly swaps IMEIs.
    • Wadaro saw changes in IMEI that did not match the profile of the type of device that would have that IMEI (the Type Allocation Code embedded within the IMEI did not match the handset profile)
    • As the network disabled SIMs thought to be in a SIM Box, the owner (crook) of the box would buy a fresh set of SIMs each day to replace the disabled ones. Wadaro would then disable those SIMs using the ICCID (Integrated Circuit Card Identification number) and IMSI being associated with an already identified IMEI.
    • The only options left is for the crook to reprogram / dump the SIM box or move to an unprotected network.

Check out the TADSummit Innovators podcast with Robert Wakeling of Wadaro.

Non-interworking Agreements and Gray Routes (2005-TODAY)

Early global aggregators brokered deals with small carriers selling them global title leasing, that is an SS7 identity to appear almost like a carrier. Carriers have many unused global titles, this monetized an asset that is part of IR.21 (GSMA Roaming Database). The global titles enabled aggregators to route through smaller carriers. With a few smaller carriers, aggregators could achieve roaming across 200-400 carriers (there were about 650 carriers in those days), which is close enough to global coverage.

Large carriers want to provide excellent global coverage for their customers around the world, and this must include small countries such as Jersey, Channel Islands, Isle of Man, Barbuda in the Caribbean, etc. There is not enough traffic for a bilateral agreement, roaming agreements were put in place, and in some cases AA.19 agreements also put in place to define the pricing for the roaming agreement. But AA.19 agreements took time to roll-out across the industry as the assumption was mutual forgiveness.

When a route did not implement an AA.19 agreement, it is called a non-interworking agreement based on MSUs (Message Signaling Unit) that provides the structure for transporting SMS in an SS7 network. Also known as gray routes because there is no AA.19.

Gray routes remain important to the whole A2P industry, without this mechanism accurate routing would be difficult without API access to routing information. SMS to this day relies on signalling/SS7 based access which is often used for gray routes to ensure the market has accurate routing information

Across the gray routes various commercial models were deployed. For example, Western Europe on the basis of ratio deals: x non interworking SMS = x/10 credit against commercial routes into for example Germany. Various P2A (Person to Application) sources, e.g. sports lines, dating, and betting; generated MO (Mobile Originated) fees were used on a revenue share basis to subsidize international A2P traffic into established commercial routes.

Some of the SMS aggregators know of the existence of routes without an AA.19 agreement and exploit them to send A2P traffic into say Vodafone UK from the small carrier. The traffic is real, its UK banking confirmations. Vodafone UK does not want to block this traffic as it would impact their customers roaming in the remote destination and it appears to be a real banking transaction. So the data is allowed to pass, even though it is outside what would be considered “normal” traffic from the small island nation.

It’s a game of whack-a-mole, the aggregators know the thresholds a carrier operates upon. As long as the leakage is less than say $300k per month, no action is taken. Remember these high risk routes have the most genuine traffic, if the carrier checks with the bank for a transaction confirmation, it will be confirmed as genuine.

SS7 access for aggregators also posed a significant risk as access to such resources exposed critical billing identifiers e.g. Global titles, which could then be manipulated. Resulting in large volumes of traffic that could be billed incorrectly to operators who did not originate the traffic. Access to SS7 connectivity also exposes sensitive subscriber information, such as IMSI (International Mobile Subscriber Identity).

It is claimed some island nation carriers received 20-30% of their revenues through aggregators taking advantage of these non-IW agreements. Normally the revenue share is 10-30%, with 15% being the average. There is complicity with some smaller carriers, or people within the small carrier, and the SMS aggregators.

For some carriers, particularly in Africa, A2P SMS is simply not a concern as the % of revenue is so small, perhaps 2%. The focus is P2P voice/SMS and internet access.

Peak use of this type of situation was 2007/8, over the course of the subsequent decade it’s been in decline as AA.19 agreements have become widely implemented. 

Critically, the aggregators know the thresholds a carrier operates upon. As long as the leakage is less than say $300k per month, no action is taken. Revenue leakage through this method is hundreds of millions each year across carriers, with billions over the past decade.

SIM farms and non-internetworking agreements raises an interesting conundrum, the purchase of these SIMs raises the carrier’s market share in their home market, see example below 27k SIMs from one raid. Which made carrier reaction times slow as the SIM farms raised their market share. We’ve seen recent arrests, for example in Thailand where the Thai Bureau of Narcotics Control Board and the Customs Department found, see CXTech Week 22 2024:

  • 96 SIM boxes
  • 4 STARLINK receivers
  • 27,019 Hong Kong SIM cards
  • 6,770 Thai SIM cards

AA60/63 inter-operator agreements became popular 2011/12 onwards, and remain in operation today.  AA60s and 63s are about MT (Mobile Terminated) and are the first official A2P PRD (permanent reference docs) that the GSMA created specifically so a price could be determined between operators for A2P traffic, or to distinguish between unit charges for P2P and A2P SMS.

Aggregators became more sophisticated in their use of SIM Farms. Using them internationally with spoofing, we’ll explore this in Part 4 of the series.

SIM Farms 2.0, AIT (Artificially Inflated Traffic), Firewalls, Exclusivity, and Beyond (2015 – TODAY)

SIM Farms 2.0 are international SIM farms, see recent example in the previous post in this series from Thailand. A simple example is thousands of UK SIMs are used in Belgium for traffic into France with spoofing to make it look like German traffic.

Just like the Thai example was Hong Kong SIMs operating in Thailand for traffic somewhere the authorities did not discover / disclose. The numbers are spoofed, the content appears valid, the game starts to become too complex for the carriers to follow, and they cede control of SMS to “experts.”

Aggregators present themselves as the experts, with a subjective, one-sided story on the thefts and risks the carrier and their customers are being subjected to. Hence the rise of aggregator firewall deployments and A2P exclusive deals. It’s a protection racket. The aggregator now has open CDR (Call/Communication Detail Record) access to the carrier and can engineer the traffic as required.

Take an example of a small carrier who normally sees $1.2M monthly in A2P traffic. With AIT the aggregator can claim they can more than double the carrier’s revenues from all the web brands (Facebook, Google, Meta, Amazon, etc.), by bringing their traffic to the carrier. Well, we’ve seen the outcome of this, the brands have moved to other forms of transport, such as email (that shows how bad things have become).

We’ve seen cold-contact emails proposing SMS generated traffic partnerships with a list of brands with OTP (One Time Passcode) they can use. It’s AIT as a Service (AITaaS). The knowledge has become widely available.

AIT has been around for quite some time. In 2005 Telenor Pakistan was one of the first applications of AIT to quickly ramp up the network and claimed subscribers. Using SIM farms for SMS and calling.

And today carriers are considering aggregators for the Camara Network API aggregation! 5G network availability is 10-15% in many countries. No developer will use Network APIs for such low availability. Private 5G like private 4G/LTE can use provisioning and statistical multiplexing for high capacity use cases. It works. I remain saddened by Ericsson, Nokia, Vonage, and all the shills and sycophants refusal to engage in an open discussion on Network APIs. Its a repeat of OneAPI.

I would like to give some in the A2P ecosystem a clean bill of health, they try, but because the ecosystem has refused to implement SMS governance / certification, A2P revenue assurance, and published pricing, there will always be fraudulent traffic. It does not need to be this way.

Taking Back Control

A2P Messaging product manager for EE, Kevin Britt, revealed in a Linkedin post that starting from 10th July 2024, the operator will block all banking and logistics-based SMS unless it’s submitted via a single dedicated A2P Trusted bind.

The move will allow BT to implement more aggressive and robust blocking controls with the comfort of having no false positives.

Britt urged businesses to make sure they speak to their supplier to check they are prepared as a bespoke setup could be required.

He said that Commify, Infobip, Sinch, Stour Marine, Twilio, Vonage, and Webex CPaaS Solutions firms have confirmed they are ready for the change,

The move comes as Britt says BT has seen an 83% reduction in A2P SMS smishing on its network since March 2023.

Britt commended fellow BT employees and partners:

  • law enforcement actions supported by colleagues dedicated to investigating and mitigating smishing;
  • bespoke firewall developed by BT’s Messaging Operations team; and
  • the SMS partners who comply with the Code of Conduct that BT introduced in September 2023.

Some of the key commitments in the anti-smishing code that BT introduced last year include:

  • blocking messages where the Sender ID includes one of a series of words often exploited by scammers, such as ‘bank’, ‘caution’ and ‘package’;
  • restricting who may use names associated with specific reputable organizations, such as ‘Mastercard’, ‘Student Loans Company’ or ‘Uber’;
  • limiting the special characters permitted in a Sender ID to eliminate the risk of criminals using lookalike characters to mimic genuine organizations;
  • blocking messages from numeric IDs that do not begin with a UK dial code;
  • blocking short codes that do not follow permitted formats; and
  • blocking suspected spam or fraudulent URLs included within the body of a message.

From my perspective the combination of picking the right partners, creating a traffic light warning system (openness in publishing who is on the naughty list to your partner ecosystem – and yes even some of those listed partners could be in the naughty list), adding liquidated damages clauses to agreements and implementing sender ID registry in combination provide critical protections around BT’s firewall, not a third party’s.

Sending spam to a carrier is a breach of contract, we must find a way to encourage the implementation of SMS governance / certification, and liquidated damages looks as good as any.

A firewall can be good or bad, depending on the situation. In the bad old days firewalls came with revenue targets. Rather, BT owns and operates its firewall for the benefit of their customers.

Kevin is, in my opinion, an impressive ‘poacher turned gamekeeper’. Creating a template for the carriers, and the industry should celebrate BT’s success.

A2P Revenue Assurance

Over the past ten years carriers have become increasingly reliant on aggregators to help address the problem of A2P fraud. Given the complexity of number spoofing across numerous international AA60/63 inter-operator agreements.

This path has not always led to successful outcomes. Given the rise of AIT (Artificially Inflated Traffic) to the point brands have moved to other forms of transport, such as email (that shows how bad things have become) and passkeys.

An international group of ‘poachers turned gamekeepers’ will now perform an external, silent evaluation over one month of popular use cases from 30 to 40 brands that are driven by both bots and people. No internal network access is required.

They will deliver a quantified status report across the use cases on the extent of revenue leakage. After which, optionally, a plan can be created to remove those sources, and protect against further leakage. No internal network access is required, the carrier has full operational control.

This new category of protecting A2P revenues and taking back control is proving A2P revenue assurance meets market needs. It’s not just for carriers, you could use this for evaluating downstream aggregators as well. Imagine if such results were published for the whole industry, like the OpenSignal reports on 5G network performance. Accountability in A2P SMS is essential, not hiding on the SS7 network using gray routes to spam to people.

If you’re ignoring this A2P SMS series, or covering up or enabling the spamming of the general public, you must ask yourself one question, “Are we the bad guys?’ Spamming the elderly, children, the tired , overworked, or distracted is simply beyond inappropriate behaviour in telecommunications, it should be criminal.

Mitigations: SMS Governance / Certification and Published Rates

Augnet was founded to address the lack of governance / certification in SMS messaging, see interview with Daniel Gill

Dan Gill is the CEO and founder of Augnet. Check out their team, it’s impressive. Augnet addresses the lack of governance in SMS messaging using a vast network of real devices (both SDK in apps and SIM app). He faced this problem through the sale of Skype where he headed up carrier relations across voice and SMS. There simply were no certifications in the SMS supply chain, things like performance measurement were challenging, almost guess work, DLR (Delivery Receipts) can be faked. Hence it’s open to abuse by the industry itself and any bad actor with a little bit of knowledge.

The routing manipulation uses AIT to lower the performance of competitors’ routes through pumping traffic, so an enterprise like Amazon favors your routes. Spend money on AIT, but win more higher margin revenue. There’s a battle taking place over all the A2P SMS routes. Trust in the A2P SMS ecosystem is only one hop, your partner may connect with companies you do not trust. There’s no accreditation, and often conflicts of interest. There needs to be a source of Truth that is measurable and constantly updated.

It is impossible today for any aggregator to prove 100% of their traffic is white. They may claim 100%, but it only takes one person in any of the organizations that route traffic, or a bad actor that appears a solid aggregator for one country. And that leads to the critical issue of how to monitor AIT traffic entering your network. These are the problems Augnet addresses, plus some really interesting capabilities around encryption, authentication, geofencing, SMS over IP and network awareness.

Trust in SMS is a critical issue, barriers to bad actor entry are low. AIT has enabled fraud on a scale we have never experienced over SMS. When Dan shared how trust could be like a HLR look-up, “is this # a real device over a trusted route”. What shocks me is Augnet is coming up to 6 years old, and it is not broadly adopted. The industry needs to act now, else A2P SMS will continue to lose credibility.

I am shocked that the people causing and covering up these AIT problems claim they are the ones who can restore trust in SMS. Once trust is lost, it can only be restored through external mechanisms.

Uku Tomikas is the CEO of Messente, they focus on business messaging. No claims of being a CPaaS (Communications Platform as a Service), just a pure focus on helping customers be successful using messaging for their business communications.

Customer trust is a core value for Messente. They build that trust through decade long relationships and advising customers on how to optimize their use of messaging to achieve their business objectives. Specifically, on ensuring local brand registration, on best practices for gathering and cleaning customer data, on campaign best practices, on frankly sharing their costs and margins.

Messente will not play games to offer a ‘special’ SMS rate. Uku pointed out he would rather SMS rate pricing be publicly available, so he could focus on Messente’s value-add. Ira Cohen was name checked as a great guest for the TADSummit Podcast when this point came up, as he too agreed with Uku. While the rest of the industry did not.

Implementing Augnet and publishing / harmonizing SMS rates seem like straight forward things the industry could do to begin the process of restoring trust.

RCS Fraud – it’s here

This year I started to receive RCS spam, using group chat to appear like RBM (Rich Business Messaging). Google Guest Cloud provides a low cost entry point for creating such messaging. We’re still in a wait and see mode with respect to RCS. Its ability to allow a crook to copy the look and feel of a brand is an issue, however, it’s still early days.

Current Situation

SMS is in decline as web brands move to other tech (email, in-app, passkeys, IP messaging). Juniper Research forecast global SMS revenue will shrink 28 per cent from $66 billion in 2024 to $47 billion in 2029.

Carriers need to maintain revenues so have raised prices as less traffic makes it harder to meet volume commitments and find traffic to inflate. Brands are using SMS less, yet spending the same / more. 

This situation has happened before, around 2012/2014 Skype reached peak usage, by 2014 traffic was migrating to WhatsApp with group chats. Even though Skype was using less SMS/calling, it was paying more as prices rose.

Skype has declined from its peak, CNBC wrote In March 2020, Microsoft said Skype had 40 million daily active users, a number that’s since slipped to 36 million, according to a spokesperson. https://www.cnbc.com/2023/07/02/the-rise-and-fall-of-skype.html

Telegram can bypass SMS and offer direct messaging over its platform, so called IP bypass. Criminals will pay $10 per SMS, for customer data that they can hijack an account with, e.g. 2FA.

User experience is poor because of SPAM and lack of trust, some brands are so frustrated they moved back to email. Trust must be restored, but it can not be restored by the people who created / covered up the problems in the first place. 

Hence why Augnet is important (governance and certification). Combined with openness and harmonization of pricing. A2P revenue assurance, and critically operators taking back control of the services their customers are paying them for.

Claims RCS, because of Apple’s unclear adoption, will resolve the situation ignores Apple’s iMessage strategy, and RCS’s 16 years of development and many claimed and then failed launches. Hope it is not an option, specific, quantified, and direct action is the only way to stop the rot. If action does not take place, I’ll be writing an epitaph on how the tragedy of the commons killed SMS.

As this series has shown, A2P SMS was not designed with security in mind. Its history has the common thread of a lack of coordination / control, hence bad actors could make a quick buck and move on once the problem became significant enough to warrant carrier action.

Implementing Augnet, publishing and harmonizing SMS rates, implementing A2P SMS revenue assurance, close down the SIM Farms once and for all using Wadaro, and carriers taking back control over the service their customers are paying them for seem straightforward. Things the industry could do to begin the process of restoring trust. We still have the core problem of SS7, but if we make A2P SMS fraud much more difficult, the crooks may start to look at easier targets.