FCC Cracks Down on Scam Texts

Some long-overdue safeguards are being implemented.

Ars Technica (“FCC orders phone companies to block scam text messages“):

The Federal Communications Commission today finalized rules requiring mobile carriers to block robotext messages that are likely to be illegal. The FCC described the rules as the agency’s “first regulations specifically targeting the increasing problem of scam text messages sent to consumers.”

Carriers will be required to block text messages that come from “invalid, unallocated, or unused numbers.” Carriers must also block texts from “numbers that the subscriber to the number has self-identified as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting,” the FCC said.

Carriers will have to establish a point of contact for text senders so the senders can inquire about blocked texts. The FCC already requires similar blocking of voice calls from these types of numbers.

The FCC still has a 2-2 partisan deadlock more than two years into Joe Biden’s presidency, but the robotext order was approved 4-0. The FCC sought public comment on the rules in September 2022 before finalizing them today. The order will take effect 30 days after it is published in the Federal Register, according to a draft of the order released before the meeting.

Given the ubiquity of spam texts, it’s frustrating that it’s taken this long to crack down. Aside from scammers and spammers themselves, I can’t imagine the person who is opposed to this regulation.

More robotext rules may be on the way because today’s “action also seeks public comment on further proposals to require providers to block texts from entities the FCC has cited as illegal robotexters,” the FCC said. For example, the FCC proposes to clarify that Do Not Call Registry protections apply to text messaging.

The FCC said it’s further proposing to close the “lead generator loophole” that “allows companies to use a single consumer consent to deliver robocalls and text messages from multiple—perhaps thousands—of marketers on subjects that may not be what the consumer had in mind.” The FCC “will also take further public comment on text authentication measures and other proposals to continue to fight illegal scam robotexts.”

Complaints about robotexts to the FCC rose from 3,300 to 18,900 per year between 2015 and 2022, the FCC said. Many of these robotexts “promote links to phishing websites or websites that can install malware on a consumer’s phone,” the FCC said.

Again, both welcome and absurdly overdue.

The FCC separately voted today to close another gap in its Caller ID authentication rules that target illegal robocalls. The rules already required phone companies to implement the caller ID authentication technologies known as STIR and SHAKEN.

But the rules don’t apply in every possible scenario, so the FCC has periodically strengthened them. In June 2022, for example, the FCC required carriers with 100,000 or fewer customers to comply a year earlier than these small carriers were originally required to.

The FCC said today’s vote closes another loophole as follows:

The new rules will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls. Although STIR/SHAKEN has been widely implemented under FCC rules, some originating providers are not capable of using the framework. In other cases, unscrupulous originating providers may deliberately fail to authenticate calls. By requiring the next provider in the call path to authenticate those calls, the FCC closes a gap in the caller ID authentication regime and facilitates government and industry efforts to identify and block illegal robocalls.

All steps in the right direction.

There are still far too many loopholes, although mostly those created by Congress. Spam from political campaigns, pollsters, and the like are all explicitly protected in the law.

FILED UNDER: Science & Technology, , ,
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College. He's a former Army officer and Desert Storm veteran. Views expressed here are his own. Follow James on Twitter @DrJJoyner.


  1. Tony W says:

    As job-killing regulations go, this one seems mild.

    I look forward to the forthcoming Republican outrage.

  2. Matt bernius says:

    This is good news for the social safety net as spam and txt fraud are a big challenge that gets in the way of people trusting texts from their county about renewing their benefits.

  3. Argon says:

    So many of those spam texts were builder’s and real estate estimates for ‘Mike’ that I thought maybe I had picked up Mike’s phone by accident…

  4. Mu Yixiao says:

    Now…. if only someone could figure out how to end the 800 fraud that we have to deal with at work.

    It used to be random background sounds (no caller, just sounds like a subway or a basketball game). Now it’s just silence. Really frustrating when it’s a busy day.

  5. Mu Yixiao says:

    If you’re bored or need something to listen to (or read the transcript), here’s what I was talking about with the 800 Fraud. It’s… interesting.

    The Case of the Phantom Caller.

  6. Kathy says:

    Mexican banks make it a point to only send information and never request it on text messages. They advertise this in account statements, at their branch offices, and the online banking sites. They send emails telling you not to trust messages asking for info.

    It would help if they never sent links with their texts, too. Some do, especially in connection with offers or big publicity campaigns. The one bank where I’ve my main account doesn’t send links.