Ask HN: Should you reply STOP to unwanted texts?

I have been advising people I know to block, then delete and report junk (iOS) to unwanted texts. Others have argued with me that you should reply STOP. I disagree, especially after checking a shortened link in a “campaign” text and finding the link was a phishing attempt. What do you think?

290 points | by yawn 40 days ago

68 comments

  • solardev 40 days ago
    It kinda depends on which platform handles their bulk messages. For example, if they are messaging you through Twilio, replying with "STOP" will cause Twilio itself to opt you out of messages (https://help.twilio.com/articles/223134027-Twilio-support-fo...), and the sender can't disable that (https://help.twilio.com/articles/360034798533-Getting-Starte...). It's kinda like how Mailchimp handles unsubscriptions for recipients, no matter what the sender wants.

    However, if they're using some other carrier or rolling their own VOIP setup, etc., or sending from a toll-free number instead of a shortcode, there's no guarantee that their particular platform will honor STOP. And there's no way for you, as a recipient, to know which is which.

    Generally I will reply STOP if it's something I know I signed up for but no longer want. Things I never signed up for just get reported as spam and I don't reply.

    • mikesabat 40 days ago
      Speaking mostly for the US here.

      The STOP keyword is mandated as unsubscribe at the carrier level (Verizon, ATT, TMo) not just the vendor level. So if you reply STOP, it's very likely that you will not receive another message from that number.

      This will be true for any programmatic SMS vendor. There could be smaller scale & more manual approaches, but that would be rare.

      There has been a big effort in the last year+ to clean up the space and require consent before any SMS is sent.

      FWIW, somewhat surprisingly, my google pixel has an amazing spam filter for SMS and I rarely get SMS that I don't want.

      What I want to know is, what's the purpose of those random texts that just say something like, "How's it been?" from a number that I've never communicated with? What's the angle there? Anyone know?

      • solardev 40 days ago
        > What I want to know is, what's the purpose of those random texts that just say something like, "How's it been?" from a number that I've never communicated with? What's the angle there? Anyone know?

        My understanding is that they will pretend it's a wrong number, but then make a joke or talk about some innocuous hobby and try to build up trust over weeks/months to eventually phish or scam you. I forget where I read it (maybe reddit?) but there was a poster who mentioned a personal experience with one such scam, basically a fake romance scam that led to them losing tens of thousands of dollars wiring money to a fake person who pretended to have fallen in love with them over weeks of back and forth texting.

        It doesn't have to work on everyone to be profitable, just the once-in-a-while lonely pensioner!

        https://consumer.ftc.gov/consumer-alerts/2024/05/why-its-not...

        https://www.robokiller.com/blog/how-to-identify-text-scams

        • slu 40 days ago
          John Oliver explained it (Pig Butchering) very well: https://youtu.be/pLPpl2ISKTg?si=yHwqzMX0r2h4mKl-
        • mikesabat 40 days ago
          Thanks... that seems really labor intensive.
          • solardev 40 days ago
            Labor is dirt cheap in some parts of the world, especially compared to the tens of thousands of dollars American retirees might have access to!
            • Scoundreller 39 days ago
              My deep and probably founded fear is that I’m on a list of people to scam in 40 years when I’ll be at least mildly demented.

              Hopefully my efforts to waste scammers time instead of “just hang up” has got me removed from a few high-value lists.

              • zaik 39 days ago
                You think scammers 40 years in the future will use a target list of phone numbers from today?
                • Scoundreller 39 days ago
                  Why not? People don’t really change their phone numbers much anymore and phone numbers have become increasingly individualized.
          • dragontamer 40 days ago
            It's done with slave labor.

            It's called pig butchering. You kidnap people, hold them in Cambodia or whatever (lots of locations where local criminal gangs rule) so the locals don't bother checking for literally kidnapped slaves.

            If police stop by, pay them off and make up a story about debts and punishment.

            Then you use the slaves to scam others in pig butchering scams. If the slaves refuse, you beat them until they comply.

            https://www.propublica.org/article/pig-butchering-scams-raid...

            • janalsncm 39 days ago
              Just to clarify the terminology, pig butchering refers to the scam to steal money from fake romantic partners. The SE Asian kidnapping/slavery shops that run pig butchering scams are referred to as fraud factories.
            • Double_a_92 40 days ago
              Btw this is also used as a sob-story tactic by the scammers if you eventually call them out after some time.
              • willcipriano 39 days ago
                Yeah a lot of it happens in office buildings in places like Nigeria. People wearing business casual clothes and everything. At first glance it just looks like a normal company.
            • solardev 40 days ago
              Thanks! That's a much better link and explanation than what I linked to.
            • dotancohen 40 days ago
              So reply asking if they want you to notify authorities in their city. I doubt that the kidnappers are reading every message. And even if they are, better to let the kidnappers know that they are being encroached upon.
              • otterley 40 days ago
                These outfits are often working under the protection of the local authorities thanks to rampant bribery.
                • Scoundreller 39 days ago
                  > These outfits are often working under the protection of the local authorities thanks to rampant bribery.

                  I don’t think I’ll ever visit Cambodia and I can call Cambodia for a few cents a minute as well as their embassies.

                  Their local authorities can’t block us all!

                • dotancohen 39 days ago
                  That's why the initiative has to come from outside.
                  • nullstyle 39 days ago
                    It sounds like you’ve developed a very special set of skills, Mr. Neeson.

                    This situation is a little more complicated than to be solved by a back and forth on the hacker news comment section.

                  • FredPret 39 days ago
                    Local authorities are involved. Sounds like the only outside initiative that will help is Seal Team 6.
                    • janalsncm 39 days ago
                      According to Wikipedia it seems like China arrested a few of them. It’s a fairly big concern for them since Chinese citizens are often the victims of these foreign “business opportunities”. They will warn you if you’re going to those areas.
              • ceejayoz 40 days ago
                > I doubt that the kidnappers are reading every message.

                The guy working one computer over elbow-to-elbow is gonna narc you out for better treatment, though.

          • danesparza 40 days ago
            But with big payoffs.
        • aftbit 39 days ago
          I have gotten three kinds of those:

          1. Someone texting the previous owner of my number (John). I got all kinds of traffic for him, including debt collectors, friends, ex-girlfriends, employers, etc. I gather John ran into a spot of financial trouble, dropped his phone-number, and skipped town.

          2. An old high-school classmate trying to find my mom found my number on one of those people search sites, probably associated with her address.

          3. A random girl who just wanted to chat. I talked to her for a few messages, but didn't progress to a romance scam. She seemed real to me, but who knows?

          • bsamuels 39 days ago
            3. is a romance scam. pig butchering/romance scams take place over multiple months, not one texting session
            • aftbit 39 days ago
              Could be, yeah. I'm a bit skeptical though. This took place months ago, and the conversation ended in a pretty reasonable place, something like "nice to meet you, take care" from me. I would have expected a few more engagement attempts from her if she wanted to scam me.
              • amy-petrik-214 39 days ago
                Well that's part of the romance scam game, you don't want to seem too needy. The best romance scammers will play a little bit of "hard to get" and a little bit of "good cop bad cop" if you know what I mean. The aloofness that you describe here was not an accident.
          • solardev 39 days ago
            3. Ummm... hate to break it to you, but that's the start of the scam. Hope you don't fall deeper into that convo!
        • Quinn003 39 days ago
          [flagged]
      • dotnet00 40 days ago
        >What I want to know is, what's the purpose of those random texts that just say something like, "How's it been?" from a number that I've never communicated with? What's the angle there? Anyone know?

        I inadvertently replied to one of those spam messages because the number coincidentally matched the location a relative had recently moved to (I figured it was them trying to joke around while informing me of their new number, it was something along the lines of "Can you guess who I am?"). They replied with a picture of a girl and some question trying to start a conversation. So, I figure they're just fishing for easily tricked or lonely people to manipulate into sending them money.

        FWIW I didn't notice much of an uptick in scam texts/calls after that.

      • adastra22 40 days ago
        > There has been a big effort in the last year+ to clean up the space and require consent before any SMS is sent.

        Unless it is political

        • addicted 40 days ago
          Unfortunately political messages have an exception in the laws involved here.

          Also, my understanding is that this isn’t even a case of the politicians making an exception for themselves but for this being protected speech, so there are legal issues with blocking it without the kind of majorities American congress is not capable of anymore.

          • adastra22 40 days ago
            I don't see how there could be an argument for protected speech here. The constitution protects your ability to petition the government, not the government's ability to petition you.
            • js2 39 days ago
              A candidate is not acting as a representative of the government. In fact, the Hatch Act generally makes it illegal to mix the two.

              https://en.wikipedia.org/wiki/Hatch_Act

            • jezzamon 40 days ago
              If someone is campaigning to be in government, I guess they don't technically fall under the "government" category yet...
              • adastra22 39 days ago
                And neither do you. The constitution doesn’t protect your right to harass other citizens.
              • solardev 39 days ago
                And if they were running for reelection?
            • brookst 39 days ago
              I don’t know if the claim is true, but if it is, it’s likely an intentional loophole because the people writing the laws would want to exempt themselves.
              • adastra22 39 days ago
                Yes this is what happened. There are specific carve outs for various uses that don’t fall under the legal definition of “spam.” Of course political advertising is one of them.

                Just like for the longest time it wasn’t insider trading if you were a politician.

        • nullfield 38 days ago
          Which is why i just report (to Verizon) every piece of shit political spam text as junk as I delete it.

          The “do not call” registry had a purpose, and it’d have been so easy to add an additional “and also no political anything” to it. Let them burn.

      • bunabhucan 39 days ago
        You need to up the swag on your online persona. I get this message from "rich horsey lady" periodically:

        >I'm Alyssa. are you the equestrian instructor that Tina referred me to?

        >I'm very sorry, I just checked the number and it was my assistant who sent the wrong number, I hope I'm not disturbing you.

        >Thank you for understanding, you are a friendly person, I have found the right number, your number and the riding instructor's number are only one number away, haha, it was a wrong encounter, but it was a kind of fate. Let me introduce myself, my name is Alyssa Chow what is your name?

        Also got it from a "Lillian." I do hope they and her assistants find Tina's equestrian instructor.

        • solardev 39 days ago
          Just to screw with them, you should make a fake business website for Tina the Trainer, with that phone number listed and everything and AI photos of fake lessons with Alyssa.
      • DidYaWipe 40 days ago
        Tell that to Rite-Aid. These jagoffs spam the crap out of people, even after you say STOP as they instruct: https://imgur.com/gallery/if-youre-too-dumb-to-follow-own-in...
        • gs17 39 days ago
          CVS sent me a spam today because I gave them my number to know a prescription was ready. STOP got a reply offering to only send status notifications. We'll see if it means anything to them.
        • radicality 40 days ago
          Isn’t it case sensitive? At least I always assumed it was.
          • patrickmcnamara 40 days ago
            For short codes in the USA, it technically does not have to be. And in fact businesses have to regularly check for requests even like "please don't send me messages" to be compliant.
            • dqv 40 days ago
              > And in fact businesses have to regularly check for requests even like "please don't send me messages" to be compliant.

              That's only vaguely true. The FCC has effectively said "here's a list of words that are considered reasonable opt out words and let the courts decide what is reasonable when there is a dispute." [0] They're basically deferring to the courts to determine reasonableness.

              Obviously it's a good practice to remove people who are intentionally obtuse, but the courts really don't like people who don't follow the instructions, especially because sending "please don't send me messages" is more inconvenient than sending "STOP":

              > The court held that “[t]he totality of the plausibly alleged facts, even when viewed in Plaintiff’s favor, militate against finding that Plaintiff’s revocation method was reasonable.” It also rejected the notion that there is something improper about prompting called parties to text “STOP,” explaining that “heeding Defendant’s opt-out instruction would not have plausibly been more burdensome on Plaintiff than sending verbose requests to terminate the messages.”

              [1]

              That said, it's reasonable to expect that replying "stop" regardless of case should stop those messages from coming through.

              [0]: https://docs.fcc.gov/public/attachments/FCC-24-24A1.pdf

              [1]: https://tcpablog.com/2017/revocation-consent-must-reasonable...

              • FireBeyond 39 days ago
                > The FCC has effectively said "here's a list of words that are considered reasonable opt out words and let the courts decide what is reasonable when there is a dispute." They're basically deferring to the courts to determine reasonableness.

                Yikes. The lawyer dog comes to mind (a Fifth and Sixth Amendment Supreme Court case). Suspect speaks voluntarily to police until he realizes they suspect him of a crime. He stops and says, "I want a lawyer, dawg." What is meant to happen then is that the interrogation is stopped until that point. Police carried on the interrogation, and the Court ruled that statements he made in that period of time were admissible in securing a conviction against him.

                When this was appealed, the Louisiana Supreme Court declined to hear it, saying, with a completely straight face, that there was ambiguity, and that since the police could reasonably believe that he was in fact asking for a canine lawyer, i.e. Lawyer McDog, Esquire, and that they couldn't find such an attorney, there was no invocation of counsel that warranted a termination of the interview.

                • BobaFloutist 38 days ago
                  Don't forget the Supreme Court ruling that your right to remain silent needs to be vocally exercised. If you just stay silent, you're not exercising your right to remain silent, you need to state out loud "I am exercising my right to remain silent." You can only exercise your right to remain silent by speaking.

                  Something something greatest legal minds of their generation.

              • patrickmcnamara 38 days ago
                Sorry for the late reply, but these are rules from the CTIA, not the FCC that I am referring to. The CTIA being an industry body for telecoms in US.
                • dqv 25 days ago
                  (Even later reply) Ah I see. I wasn’t familiar with the CTIA. It’s good to know that there are best practices that go beyond the FCC.
              • willcipriano 39 days ago
                > but the courts really don't like people who don't follow the instructions

                If you contact me without my consent I now have to follow your instructions to stop your harassment?

                Nonsense.

                • dqv 39 days ago
                  No, this is specifically for the case of someone intentionally signing up to receive the texts first. Had they been unsolicited, the outcome would have been the exact opposite. The take away is don’t sign up for SMS spam, send obtuse opt out messages, and then expect a payday in court.
                  • willcipriano 39 days ago
                    > No, this is specifically for the case of someone intentionally signing up to receive the texts first.

                    How do they know I consented vs the person who had the number prior to me? I recieve texts I didn't sign up for all the time for companies I've never heard of for people with names and addresses that are different than mine.

                    I really feel the burden of consent should be on the sender vs the receiver.

                    Think of it this way, the receiver must carefully read what they have received in order to correctly opt out but the sender can just run a regex for "STOP" and call it a day. The more difficult burden should be on the sender. They should have to validate every message received to see if it is requesting to opt out. Put another way, the consent is retracted even if your regex didn't detect it.

                    When it comes to sex consent doesn't work that way; "She didn't say the safeword I texted her a year ago your honor so I had consent!"

                    • ssl-3 39 days ago
                      In a world where companies clamor for customer engagement, it seems absolutely fucked to me that it would seem burdensome, somehow, to monitor replies to SMS messages.
          • DidYaWipe 39 days ago
            Valid question, but I've tried capitals too. Check the image now. Oddly enough, Rite-Aid changed their message to mixed case, but this time did confirm the opt-out (which was requested with "STOP").

            But then they continued spamming three weeks after saying they wouldn't. Pathetic.

      • danesparza 40 days ago
        Aside from Pig Butchering (see other comments) this also verifies a number is real or in-use when somebody replies.
        • fy20 39 days ago
          You can verify a phone number is real and active without needing them to reply, or without someone even receiving a notification.

          1) SMS supports receipt functionality, which means the sender can be notified when a message is delivered to a handset. This happens at the carrier level, so you can't turn it off.

          2) SMS supports 'silent' messages which are a different message class that is not shown to users.

          • kube-system 39 days ago
            True, however, "delivered to a device" and "there's someone reading and replying at the other end" are two different confidence levels of "active".

            You could, for instance, be texting an unattended device.

          • toast0 39 days ago
            Receipts are unreliable. Carriers and aggregators regularly filter or fake them.

            Receiving a receipt is not a real indication of delivery, and absence of receipt is not a real indication of absence of delivery.

      • locallost 40 days ago
        Yes, can confirm about the Pixel. I occasionally check my spam folder and it's always just spam, which I otherwise never get. So either no or rarely false positives or negatives.

        Also on a side note, the scams are really horrific. Although obviously scams I can imagine especially the older people getting tricked with "hello grandad here's my new number". Makes me wonder what I'll be getting tricked with when I am old.

        • solardev 39 days ago
          > Makes me wonder what I'll be getting tricked with when I am old

          "Hey babe, want to see my beautiful TUI? I made it in assembly."

      • m463 40 days ago
        I've been getting presidential political messages, each from a different number.

        wonder if STOP will work for only the same number, or globally.

        I also know political messages have lots of loopholes, thanks to the politicians who create the laws.

        • ceejayoz 40 days ago
          I replied STOP to one of these. The confirmation came from a similar, different number.

          Replied to that, same deal. Did it for 20+ numbers before getting bored with it.

      • gcanyon 40 days ago
        https://www.youtube.com/watch?v=pLPpl2ISKTg

        It's well worth the watch, but tl;dr: it's a long-con scam. They invest as long as it takes to establish a relationship with you, and then engage you to do something (crypto mostly, apparently) involving cash online. They will say they made a bunch of money, and point you at the super-easy online exchange they used. You buy the crypto, you see the crypto increase in value (because it has in the real world) so you buy more, and more and more.

        The problems start when you say you want to cash out. They switch from "buy more, it's going up" to "there are fees to withdraw, just deposit another <whatever> and then you'll get the withdrawal amount plus <whatever>" and of course no money ever comes out.

        Oliver interviews people who have lost hundreds of thousands of dollars this way, some of whom still believe that if they just toss in another <whatever> it will all be resolved and they'll get their money back. It's very sad, and I'm not doing the video justice.

      • gwbas1c 39 days ago
        > FWIW, somewhat surprisingly, my google pixel has an amazing spam filter for SMS and I rarely get SMS that I don't want.

        I still get notifications for these on my Pixel. I just don't want them.

      • karljacob 38 days ago
        Totally agree Only thing to add is for the U.S. its pretty easy to spin up a bunch of numbers so generally this will work only for a while. On the latter they are farming you for information Just confirming who you are is a mistake IMHO
      • Spooky23 38 days ago
        Someone signed my work phone up for MAGA nonsense - I get urgent messages from “Marco Rubio”. They done honor stop messages.
      • lukan 40 days ago
        "What I want to know is, what's the purpose of those random texts that just say something like, "How's it been?" from a number that I've never communicated with? What's the angle there? Anyone know?"

        Some people are seriously lonely - eager to pick up any chance of real interaction. And those scams prey on that.

        On telegram those spam usually comes together with a profile picture of a pretty women. With text only, it targets the imagination.

      • tzs 40 days ago
        > The STOP keyword is mandated as unsubscribe at the carrier level (Verizon, ATT, TMo) not just the vendor level. So if you reply STOP, it's very likely that you will not receive another message from that number.

        Is that just for programmatic messages, or all messages?

        I could see problems if it was all messages. For instance suppose a relative coming to visit for weekend and due to arrive around 5 pm Friday. You get a text from them that afternoon saying that there was an accident that has blocked traffic and police say it will be several hours before the road reopens.

        They ask if you would prefer that they continue as soon as the road reopens, which will probably mean they will arrive around 1 am Saturday, or stop and spend the night with another relative who lives near where they are currently stuck, and then come Saturday morning which will get them to your place around 9 am.

        You text back "stop" to indicate the latter option, and now texts from that relative are blocked. Oops.

        • chirau 40 days ago
          It only applies to programmatic and automated messages

          When a company or service sends text messages using an automated system like SMS marketing software or bulk messaging service), these platforms are by design and mandatorily programmed to recognize keywords like "STOP" as a signal to unsubscribe the recipient from future messages. This is a requirement for all such systems under Telephone Consumer Protection Act (TCPA).

          Text messages to your friends do not go through such platforms and so are not subject to that law.

        • a2tech 40 days ago
          It’s just programmatic vendors. The problem as someone else in the thread pointed out is that shadier carriers won’t honor it or only pay lip service to it. And people that are doing spam campaigns will be forging numbers and rotating numbers constantly so actually blocking the numbers does very little.
    • joecool1029 40 days ago
      Twilio is sort of a dream for spammers, they'll just make new accounts on it and spam campaigns on those new accounts. Political organizations do it all the time, if you get on a list you're never getting off. Lookup the numbers sending to you (Twilio's own lookup tool works great for this) and it almost always comes back Twilio/Zipwhip.

      I only recommend responding STOP to short codes since there's more investment and vetting on getting a short code. Carriers will intercept the request for TFN/local numbers sometimes but I don't really trust it. These numbers are all going to be spammers buying pools of numbers to churn and burn. They'll just import their list into a new account if it unsubs.

      Oh and btw, it's actually easier now as a spammer to tell when numbers get burned. A few years back when the CTIA handover on regs happened (and sending costs went up) the carriers finally started to respond with the delivery status of the sent messages. Before this they didn't respond and you only knew your provider delivered the messages to the carrier, not whether the carrier delivered them to the handset.

      • danielhughes 40 days ago
        I think Twilio requires its customers to go through the process of registering with the CTIA before allowing use of the SMS API. I abandoned a project because the process was too burdensome. Political campaigns are exempt though.
        • sib 39 days ago
          Yes - we went through this for a client I'm currently working with. We were migrating from an approved campaign via a different provider to doing it on Twilio and even in that case, there was quite a heavy process to get approved again on Twilio.

          (Which, as an end-user, I'm happy about...)

        • solardev 39 days ago
          Is that new? I tried it out for fun once and it only took a few minutes and I don't recall any major hoops.

          I think it's different if you're applying for a shortcode vs a regular or toll free number though. There are different regulations governing all of those.

          • joecool1029 39 days ago
            There's only hoops to jump through if you want higher send rates from a number. The CTIA figured out a new cash grab was registering businesses as legit senders on TFA's but it doesn't promise delivery, just gets you a nice logo/name on SMS apps.

            Having been on the purchasing end for wholesale marketing SMS I can tell you most of sales people will suggest the 'correct' way and happily sell things that let you do it the 'wrong' way.

            • danielhughes 39 days ago
              Pretty sure that’s no longer the case. You need to register your “campaign” to send any SMS messages. I put campaign in quotes because the process seems to ignore the fact that people might have use cases that are unrelated to marketing.

              https://help.twilio.com/articles/1260803965530

          • cbull 39 days ago
            Earlier this year I think? I have a Twilio number that I setup just so my Home Assistant system could message me about things like water leaks. They stopped delivering any of those messages (while still charging me to send them!) and I have to register as a business and provide proof I have an opt-out, etc, etc.

            The only phone number I ever texted was my real cell number, it's no longer worth having a Twilio number for a hobby project.

      • IG_Semmelweiss 39 days ago
        Zipwhip is particuarly bad.

        I report their spam to twilio, but twilio claima they cant do anything about spam from their sub

    • tomasreimers 40 days ago
      You can check if a number is using Twilio via a special number: https://www.twilio.com/en-us/blog/lookup-phone-carrier-recor....
      • blackeyeblitzar 40 days ago
        Or a site like https://www.freecarrierlookup.com/ which works for every number
        • yakovsi 39 days ago
          Twilio has a concept of "hosting a number", meaning, the original carrier retains the number, only SMS is handled by Twilio. So parent's link will be more accurate for this application.
    • njovin 39 days ago
      Twilio actually does allow companies to opt out of the automatic STOP handling (I've done it while working on a txt automation system).

      There is a tiny bit of vetting involved and you've got to be a slightly larger account, but it is possible, so it's not safe to assume that if the message is coming from Twilio that STOP will block them at the platform level.

    • sambf 39 days ago
      Worked for a company that offers marketing & transactional SMSes: our SMS provider relayed the STOPs and we were obligated to honor it, but the provider couldn't check it.

      Also, the provider relayed the STOP to the last of their client that reached the number, they had no way to trace it back with 100% confidence.

    • ZachSaucier 39 days ago
      Unsubscribing from one Mailchimp subscription doesn't remove you from any other subscriptions...
      • solardev 39 days ago
        STOP doesn't either.
  • buildbuildbuild 40 days ago
    Beware the edge case: I responded STOP to a message years ago, then was unable to receive SMS from a popular money transmission app during the signup flow to claim funds that a friend sent me.

    After over a month of troubleshooting, it turns out that I had sent "STOP" to that number years ago on a different device (no longer visible in chat history) and now had to send "UNSTOP" in order to receive the phone verification SMS required to sign up for the service. It was a shared number between multiple apps.

    • JaggedJax 39 days ago
      This happened to me with a major bank. They were using the same number for 2FA and some other types of texts. I got locked out of my account for a while because I had unsubscribed from their marketing texts. What an unbelievably dumb way to send 2FA codes.
      • thebytefairy 39 days ago
        Had a similar thing happen to me, but for Facebook. Account got locked, to unlock I needed to verify identity via text. Never received the text because I had disabled getting text fb notifications, which apparently included account recovery. Managed to find this on some obscure thread to text some number to resubscribe and get it to work - no mechanism from fb, no alternate way to verify, no indication that this was the issue.
      • grotorea 39 days ago
        I think something similar happened to me, but I used the phone's block and report feature. I assume it was the number of some SMS sending service that had both legitimate and spam clients.
      • hypeatei 39 days ago
        Yet another reason why SMS 2FA should not be used. Shameful.
        • zahlman 39 days ago
          It's used, as far as I can tell, because banks don't want to have to explain to millions of customers how to use anything else.
          • reginald78 36 days ago
            Also because once they get that number under the guise of needing it for security they can use it for marketing texts. It's a win win!
          • hypeatei 38 days ago
            It's perfectly fine if people want to use it, but at least provide the option for TOTP or hardware keys behind a big scary warning page or something.
        • jpadkins 39 days ago
          What is a better 2FA channel?
          • AndrejPanjkov 39 days ago
            an authentication app like google authenticator. there are others as well. https://en.wikipedia.org/wiki/Comparison_of_OTP_applications

            No communication occurs to serve your 2fa code - it's a time based 2fa protocol.

          • Onavo 39 days ago
            Passkeys or WebAuthn, TOTP based 2FA (regardless of whether it's hardware or software based) is vulnerable to phishing. Protocols like WebAuthn are tied to the domain and is a lot trickier to compromise (at least not without significant effort).

            A lot of people here are complacent when it comes to phishing because they believe "I am a big overpaid technical person on Hackers News, I am not dumb enough to fall for suspicious links unlike those dumb unwashed masses" but as most security people know, the sort of mass phishing attempts your grandma receives are relatively low effort compared to actual targeted spear phishing. A dedicated phishing attempt won't have broken English, CSS styling issues, weird punycode etc. It would be practically indistinguishable from the real thing unless you were specifically looking for it.

          • _whiteCaps_ 39 days ago
            An authenticator app or hardware MFA device.
          • lelandbatey 39 days ago
            TOTP (thing that generates the 6 numbers every 30 seconds) whether that's a dedicated device (secure but very annoying) or a TOTP app on your phone (what most people use).
            • caseyohara 39 days ago
              Password managers like 1Password also support TOTP, it doesn't have to be an app on your phone.
              • joveian 39 days ago
                I at least have a different user account that only does TOTP but it isn't really a second factor if it is on the same device (since the idea is to make getting access to the code significantly more difficult than just getting access to the password).

                I like this simple TOTP code generator:

                https://github.com/arachsys/totp

          • pwenzel 39 days ago
            TTOP via password manager
          • tmikus 39 days ago
            Ideally use a dedicated hardware key, but if you can’t just use a 2fa app
          • weberer 39 days ago
            Any dedicated MFA app, such as Authy.
    • sim7c00 39 days ago
      I find it such a weird thing, maybe it's nice in some cases, but really this is a weird mechanism.

      Phone numbers are exchanged a lot and repurposed. Most providers/carriers will likely have a do-not-use-for-x-amount-of-time bin to put newly reclaimed numbers in, but after a while, it will always be re-used. hence this kind of issue can happen.

      In my country there's a place to register to disallow unsolicited marketing and other types of messaging. That's not by number you 'STOP' and hence it won't have such effects. A marketeer/sales company is simply not allowed by law to dial your number for sales/marketing, so they have auto-lookups to that registry to prevent breaching the law. translated, it's the 'do-not-call-me-registry' :D aptly named.

      it won't stop phishing messages etc., but not much will. if you'd block it from 1 number, they will just use the next number..

      • no_op 39 days ago
        The US has a 'Do Not Call' registry for unsolicited phone calls, but technically doesn't need one for texts because it's illegal to send marketing texts without prior consent in the first place. Thing is, 'consent' often just means failing to notice a checkbox during a signup flow or something, so people end up getting junk anyway.

        Even more annoyingly, politicians wrote in an exception for themselves. In combination with the way campaign finance works in the US, this means that if you've ever give your number to any political campaign, it will be passed around forever and you'll have multiple politicians begging you for money for months leading up to every election. Each individual campaign/organization seems to respect 'STOP,' but once your number is on an e.g. 'Has ever donated to a Democratic candidate' list, there's seemingly no way to get it off for good. Thanks, Obama. (I gave him $50 in 2008.)

        • chias 39 days ago
          > technically doesn't need one for texts because it's illegal to send marketing texts

          It is unfortunately seemingly not illegal to send me political beg-texts multiple times per day, though.

          • JohnFen 39 days ago
            The law specifically exempts such texts from being covered, sadly.
            • nilamo 39 days ago
              Proof laws don't work.
              • bigstrat2003 39 days ago
                Well... proof that we can't trust politicians to pass laws that are good for us but bad for them, at any rate.
              • JohnFen 38 days ago
                No, it's proof that lawmakers are willing to put exemptions into the law when it benefits them. That's bad, but it doesn't mean laws don't work.

                If anything, it indicates the opposite. If laws didn't work, then lawmakers wouldn't have to bother to put exemptions in them.

        • iamthepieman 39 days ago
          Even worse if someone else signs up somehow using your contact info. I got signed up (via email thankfully) for a political party in another country and no amount of "mark as spam", unsubscribe or replying would get me off the list. Eventually I just had to create a filter that dumps those messages in the trash.

          It must be something with non-U.S. English speaking countries because I get numerous semi-spam messages in email and text for services in Australia and the U.K. casinos with account numbers or PINs, two step notifications for national car registries, banking, contractors asking about work or sending invoices. Maybe it's just English speaking countries have a lot of people named "iamthepieman"

          • ChuckMcM 39 days ago
            My wife had someone do sign up for a bank account with my wife's gmail address. She told the bank they got it wrong, and they went away for a bit and then they re-signed up AGAIN. So she told the bank to close the account. It didn't re-occur after that.

            A number of elderly folks have had this issue as well. I'm really at a loss on how to fix it, some times there are bad actors but generally it seems folks are clueless and the signup flow doesn't adequately account for this.

            • Spooky23 38 days ago
              I have a common-ish first initial, last name Gmail account. The number of people who think they have my address is staggering. Hundreds over the years.

              In one case, the manager of a large factory was forwarding me an email with remote access credentials and VPN software every month.

            • nraynaud 39 days ago
              I had that happen, but I couldn’t fix it because I couldn’t prove I was a customer, since I wasn’t.
          • giancarlostoro 39 days ago
            Is the email in question something along the lines of firstnamelastname at gmail? I'm guessing your email address is a really common name that someone else keeps forgetting how their email actually deviates, or someone typos writing theirs.
          • Scoundreller 39 days ago
            Some times I get genuine ones (like a hotel reservation) for someone somewhere that’s also confused about their name.

            I’d be happy to help but half the time it’s from a No-Reply email address and that shuts the door on as much effort as I’m willing to supply.

        • toast0 39 days ago
          > this means that if you've ever give your number to any political campaign

          This is campaign finance reform in action. Giving money is not worth it, because you'll be hassled. Gets the peoples' money out of politics. QED.

          • skrtskrt 39 days ago
            I still get 5-10 texts a day from trumpy candidates because someone used my number like 5 years ago when they were spamming signups for trump rallies so the rally would be empty
        • Suppafly 39 days ago
          >this means that if you've ever give your number to any political campaign, it will be passed around forever and you'll have multiple politicians begging you for money for months leading up to every election

          They really should learn to not do that, my carrier routes most of those to spam already and the few that it doesn't, I mark as spam, so presumably they'll start getting routed to spam for other people with the same carrier.

        • meowster 39 days ago
          What's worse is if someone accidentally uses your phone number when they sign up for something, then you're on the list and never able to get off of it.
        • chiefalchemist 39 days ago
          If only we had the mobile numbers of numerous politicians. We could make a small donation to their opposing party and add a phone number from that last.
    • pixelatedindex 39 days ago
      Just wanted to say that I find it curious that you have to text “UNSTOP” and not something like “START”, lol
      • gwd 39 days ago
        So a "stopper" can also mean a plug (i.e., something you shove into the neck of a bottle or a pipe to stop things coming out). "Stop" can also then be a verb which means, "put a stopper into"; and "unstop" can mean "remove the stopper from".

        Since (it sounds like) this is talking about blocking and unblocking the flow of messages from that number, using "UNSTOP" (remove the thing blocking it) makes more sense than "START"; particularly as the latter seems to imply that you're asking to immediately begin receiving messages, whereas the former simply means to no longer block the messages.

      • sim7c00 39 days ago
        it's because of ungood design
        • Tagbert 39 days ago
          double plus ungood!
      • jaxn 39 days ago
        START works as well. At least for numbers provided by twilio: https://help.twilio.com/articles/223134027-Twilio-support-fo...
      • dspillett 39 days ago
        There probably is a START instruction internally, but it won't take action against a number for which there has been a previous STOP. So UNSTOP acts like FORCE START.
        • pixelatedindex 39 days ago
          But then you can have… RESTART?
          • dspillett 39 days ago
            If the process is releasing a STOP (removing or soft-deleting a STOP instruction logged in the DB or some such) then whoever worked on it initially may just have not thought beyond that (especially if English wasn't their first language so unstop might not have sounded any stranger to them than restart). Once something like that is written down and others have seen it, it tends to stick.

            Of course it could hav ebeen done by someone like me, who is know to give things technically-correct-but-odd names deliberately…

      • lvkv 39 days ago
        Unfortunately, the world is opt-out, not opt-in.
        • Scoundreller 39 days ago
          Unless you need a kidney; then we just bury perfectly good ones regularly, and let the donated ones get a bit more stale while we confirm the opt-in eleventy times.
          • BobaFloutist 38 days ago
            It's because of the US Constitution and voters' very firm, consistent, coherent stance on bodily autonomy. Even if we consider it to be costing a life, your say over your body is considered absolute, and no federal, state, or local government is allowed to pass legislation that influences what happens to your body.

            Just kidding! It's all determined on a case-by-case basis depending on the most conservative perspective of the dominant, favored religion.

        • sib 39 days ago
          For commercial texting in the US, it is supposed to be opt-in.

          Of course, there are unscrupulous parties who don't respect this.

      • elfrinjo 39 days ago
        Probably a Cisco engineer who built that
    • MaxMatti 39 days ago
      Wouldn't that also apply if you blocked the number?
      • mway 39 days ago
        That only works if the marketing campaign exclusively uses the number you're blocking. In some cases - for example, political SMS in the US - it turns into whack-a-mole unless you unsubscribe properly.
        • aendruk 39 days ago
          Yep, US political spam is unblockable. I receive “wait, you’re a Republican, this can’t be right‽” style SMS messages from 10–20 unique phone numbers every day. The FCC’s spam complaint form only accepts one sender number per submission so I’m about 1,300 complaints in so far.
      • falcor84 39 days ago
        Unblocking might be faster, as it's something you only need to do on your end
    • aendruk 39 days ago
      I’ve encountered a couple instances of businesses that 1) send me unsolicited marketing mail, 2) react to that being flagged as spam by internally blocklisting me, then 3) silently fail to send transactional mail such as password resets.
    • Mattwmaster58 39 days ago
      A similar thing happened to me with my Amazon account with a forgotten password. I ended up just creating a new account.
  • danny_taco 40 days ago
    In my experience it doesn't do much. For example, I made the mistake of contributing to the campaign of a politician. Now I get texts from candidates all over the country. If I reply STOP to one, I just get sent more texts from another number, for another candidate in another state. I just got tired of replying with STOP after the 20th time. This just guarantees I'm never giving any money to any candidate ever again.
    • solardev 40 days ago
      In a previous election cycle, I made the mistake of donating a few thousand dollars to several candidates. Since then, I get spammed through the year, and close to a major election, it's dozens of emails and phone calls and text messages every week.

      Thankfully, Gmail catches 99% of the spam emails and my Pixel phone filters out spam texts and calls. It has a built-in Google Assistant mode that screens unknown callers with a robot voice picking up and asking them to describe what they're calling about. Most of the callers just hang up as soon as they hear that, and if they don't and actually say they're calling about so-and-so candidate, I just click the block button.

      I tried to switch to iPhone for a few weeks (for iMessage), but the spam problem was SO bad (even with Robocaller and some SMS spam filtering app) that I switched back to Android. Google's spam blocking is phenomenal on the Pixel, but they barely even advertise it. It's an afterthought for them, but a lifesaver for me. My phone would be completely unusable without it.

      ----------------

      In the back of my mind, I keep thinking it'd be cool to have an app that automatically looks up whoever the candidate is running against and automatically donating 10 cents (or however much) to their opponent every time they spam you. "Hi, it sounds like you're running in District _____ against ______. Because of this spam, I've donated 10 cents to your opponent. So far, this app has donated $1,234 to your opponent because of your messages. Goodbye!"

      Our government is so corrupt and broken they're never going to fix any of this, so it's up to the technologists and market incentives instead...

      • jbaber 39 days ago
        This last idea is good. If the machine can somehow be convinced it's actually financially detrimental to contact me, it could do some good.

        It takes advantage of a difference from regular spam where there's nothing the spammer would dislike you to do.

      • Shadowmist 40 days ago
        I thought about telling everyone to vote against whoever spams (phone/sms/email/mail/etc) the most. Chances are that whoever is funding the spam is expecting for a return on their investment to convince me to vote in a manner that is more beneficial to them than it is to me.

        The problem is that once they identify you as voting against spammers it encourages them to false flag spam you from a PAC that looks like it supports their opposition.

        • Spooky23 38 days ago
          The people who run campaigns are hired guns and they just collect lists.

          A relative won an award from an organization a decade ago, the consultants just steal or otherwise retain the mailing lists and use them forever. I get pitches from many NYC council candidates from that one dinner

      • 71bw 40 days ago
        >Google's spam blocking is phenomenal on the Pixel, but they barely even advertise it.

        It's a feature that's good enough to warrant me replacing the otherwise superior Xiaomi dialer/SMS apps on my phone with the Google ones. I don't get the screen calling, but all the other parts work 80% of the time.

    • mingus88 40 days ago
      I wish anyone from actblue would see this.

      I gave a few small donations and foolishly didn’t use a disposable email address. That was over four years ago and I’m still getting over a dozen spam emails a day from candidates I have never even heard of.

      Maybe there is some central actblue list I can opt out of but I don’t even think I created an account with them

      Never donated a penny since

      • DominoTree 39 days ago
        I'm fairly convinced that it's not a ton of different groups responsible for the bulk of messages I get, but one or two groups cycling through new names every few days

        If I don't reply "stop" to anything, it seems like one day "Retired Democrats PAC" will suddenly stop sending me messages and "Save Democracy PAC" will suddenly begin, and that pattern is what makes me think a single group is behind a lot of it.

        If I do reply "stop" to one, of course they will stop from that PAC, but a few days later another one will always pop up and pick right back up.

        Every few days I send out a mass "stop" to all of the numbers I've gotten messaged by, and it usually gives me 3-4 days of peace.

      • solardev 40 days ago
        Your campaign donations are a matter of public record and Actblue harvests them and repackages them to sell to political campaigns and operatives. It's a shitty business model that preys upon an unfortunate part of federal law that most donors don't know about.
        • mayneack 39 days ago
          Your donation records to the fec are explicitly not allowed to be used for donors mining like this. I'm sure it still happens, but it's not the majority.

          What happens is that the campaign you donate to to puts you on their list (allowed) and then shares that list with others in the party (also allowed). They share back and forth so fast you can't get out of it.

          This is why it's the email that's shared not the name. FEC records don't have your email attached to to them, but the spam still follows unique emails like "[email protected]".

        • oasisbob 40 days ago
          Everyone shares lists.

          I have a politics label in gmail that is blue/red from 2012 onwards. All the GOP emails are from poking around Romney 2012, and nothing else.

          I'd say you'd be surprised on the reuse, but you shouldn't be.

          • solardev 40 days ago
            It's not just the re-use and sharing of lists, but also the incredible Facebook-style targeting available to anyone for spamming. Anyone can sign up for something like ActionNetwork.org or NationBuilder and send out an email blast to registered voters in a particular zip code. NGP VAN is even more powerful.

            The whole industry is mature and super targeted like any other spammer, but mostly immune to spam regulations (because politics are specifically exempt from CAN-SPAM etc., and most voter registration and donation data is public record). The whole pipeline is thoroughly automated and you're marketed and remarketed to just like you are with Google or Amazon, but without any of the already-minimal consumer and privacy protections.

            • lupusreal 40 days ago
              Their targetting is shit. The people selling the targetting capability are scamming everybody else. I get countless spam messages from both political parties, both seemingly certain that I support them. I never donated to any of them.
            • ForHackernews 40 days ago
              Good.

              If the price of living in a democratic society with transparent voter/donor records is a few annoying emails, we should all be paying that price gladly.

              • solardev 39 days ago
                I dunno if that's either necessary or sufficient... in a country with legalized bribery, billionaire presidents, SuperPACs and all sorts of dark money, I doubt that knowing Joe Citizen donated $27 is really going to save democracy.
    • al_borland 40 days ago
      I donated $20 in 2016 and have regretted it ever since.

      In the 2020 election cycle it seemed some of the texts had people behind them, so I’d reply and told them if they kept texting me I’d vote for the opponent out of pure spite. That was actually quite effective, but did have to say it to a half dozen people.

      This time around, I keep getting texts asking for $40. Most I report as spam, others I say stop. But it seems these lists are distributed out far and wide, so removing the name from one, or 10, doesn’t do much.

      Like you, I will never again donate to a politician and will encourage everyone else to save their money. No one should pay money to be harassed. I’m not sure how they think this is a good idea or will win people over.

      • coldpie 39 days ago
        > In the 2020 election cycle it seemed some of the texts had people behind them, so I’d reply and told them if they kept texting me I’d vote for the opponent out of pure spite. That was actually quite effective, but did have to say it to a half dozen people.

        I tried sending Goatse back to them, but whatever text spamming software they're instructed to use doesn't support receiving images, unfortunately :)

    • sseagull 40 days ago
      I've been interested in donating before, but this is actually the main thing holding me back. I get so little spam and unwanted messages (email and text), and I am trying extremely hard to keep it that way.

      So thanks for validating my decision :)

      • left-struck 40 days ago
        Use a email alias service like simple login, duck duck go’s private duck address etc You can disable that email alias and never receive emails sent to that address again

        I wish we had something similar for phone numbers

        • al_borland 40 days ago
          It’s not worth it. Politicians have shown they can’t be trusted with our contact info. No one should be jumping through hoops to hide their identity to donate money.

          Maybe if donations go to 0 they’ll finally get the message that citizens don’t want to be harassed for donations.

        • nostromo 40 days ago
          This is in no way enough to prevent election spam.

          You have to give your name and address as a public record, and they will likely find your phone number and email and will call, text, and spam you from there.

      • FergusArgyll 40 days ago
        https://github.com/sdushantha/tmpmail

        Super-throwaway email addresses in the terminal

    • ryukoposting 39 days ago
      One of the blessings of having a loved one in politics is that I know who is/isn't selling their lists. There's only a small handful of organizations who adhere to a firm "no list buying, no list selling" policy. Whoever you donated to apparently has dreadful data ethics. Once your number is in a major political/nonprofit consultancy's database, they'll happily hand it out to all of their other clients. You have to trust that the campaign you support isn't going to give them that data... which is, of course, impossible to know from the outside.
    • blackeyeblitzar 40 days ago
      Note that US law has carve outs for politicians and their campaigns. They are exempt on both email and phone spam as I recall.
      • latency-guy2 40 days ago
        These people are terrorists to my email filters, what can I do to make their behavior really hurt?
        • fasa99 36 days ago
          Since they use VoIP SMS and "first name" it's pretty hard to resort to the old fashioned doxxing despite living in the golden age of data leaks.

          I would suggest simply wasting their time as much as possible (I've lead on such people pretending to be naive and caused great frustration). But ideally, not to waste your own time.

          I think in the near future android-local chatbots will be further along, or iphone-local, and ideally one can run the chatbot. and you can just set the chatbot to "waste this person's time" as we will have chatbots for "flirt with this potential date and schedule drinks". Of course the endpoint of such a world is chatbots all around and no humans.

        • blackeyeblitzar 39 days ago
          For text spam you can follow the steps in my other comment: https://news.ycombinator.com/item?id=41704119

          For email spam: you can use your email provider’s report spam feature so more of their emails end up in spam folders and their money is wasted. You can look at the email headers to figure out which platform sent the email (like Mailgun or Sendgrid or whatever) and report the email to them, which may cause their account to be shut down and then to be banned as a business from that platform. You can use the FTC and FCC reporting websites from my other comment. You could also report each incident to your state’s authorities like your attorney general’s office, by saying you suspect potential fraudulent practices or abusive practices or violation of privacy or whatever.

        • immibis 40 days ago
          Nothing legal.
      • teeray 39 days ago
        This is why we need the OS to allow us to build filters to block them
    • sharpshadow 40 days ago
      Why is it necessary to give them your number if you do a donation? It seems many here have the same negative experiences.

      Is it an optional field? If not one could practically enter any digits or can one get punished for that?

      • trollbridge 39 days ago
        Your phone number and e-mail address are more valuable to ActBlue than that $20 was.

        The credit card input screen was just there to make you feel comfortable consenting to endless SMS texts for life.

      • redserk 40 days ago
        Actblue requires a phone number and email address.

        As far as I know, physically mailing a check is the best way to avoid sharing information as you only need to provide your name, address, and employer. This information is the only federally required information.

        • sharpshadow 39 days ago
          What would happen if you type in a pseudo email and number?

          What would happen if you type in a number of somebody else?

          • aendruk 39 days ago
            Hi, somebody else here. From experience, please don’t do that.
          • redserk 39 days ago
            I don’t know. What’s weird is that I think it is up to the campaign to make sure they have valid contact information. So I suppose there is a risk that the campaign might get dinged?
          • digging 39 days ago
            You wouldn't get spammed.
    • kccqzy 39 days ago
      That's exactly my experience, except that I used my email instead of my phone number. That one little contribution (maybe $10) caused an endless stream of spam. And of course I forgot to give them a distinct To address after emotions are stirred up after their incendiary propaganda message on the donation page.
    • hdx 40 days ago
      Same happened to me, I replied saying I'd vote for Trump if I got another message ... never heard from them again ;)
      • rdtsc 40 days ago
        Ha! Worked for me, too. Heck it’s a minor request from a future president ready to run a country. Next week though “Hi I am Tim. I need that $40”. Well played, I only made the deal with Kamala, after all, ;-)
    • sedatk 39 days ago
      I think it doesn’t matter if you stop know. I know people still getting spammed today after donating to Obama in 2008.
    • ChrisMarshallNY 40 days ago
      I had some woman use my email (I have an OG mac.com email), when donating to her local ASPCA.

      They sold it to a liberal political group, who then sold it to an extreme liberal group.

      I get dozens, sometimes hundreds, of spam emails, every day, with the most batshit insane messages. It’s especially bad, now, with the US election coming up. The one saving grace, is that it wasn’t a right-wing group. They make the ultra-liberals look like a bunch of teetotalers.

      Since she used the iCloud.com variant of the address, I simply nuke all emails that specify that, as a destination. Apple won’t let me block the domain, so I have to apply the rules, after they fill my inbox.

      Sometime in there, one of the spammers figured out that icloud.com will also receive iMessage texts, so they have started coming to that, as well (so far, it is from legit political groups. I don’t expect that to last). I delete and report as junk. I very rarely respond with STOP.

  • jonathanstrange 40 days ago
    A Golden Rule of the internet says that you should never reply to unwanted texts on any medium:

    - stalkers and trolls live off reactions, both positive and negative ones

    - spammers will use your reply to verify there's a human at the other side

    - colleagues and friends will hate you because everybody thinks they're important

    Replying only has negative effects. Use client-side filtering, kill files, blocking functions, or ignore the text - whichever fits best.

    • coldpie 39 days ago
      > - spammers will use your reply to verify there's a human at the other side

      For real spam, sure, but for semi-legitimate spam like real businesses and political fundraising, I'm not sure this is actually true. I have found replying with STOP did reduce the volume of political spam I was getting. I think it makes intuitive sense that they should try to respect opt-out signals: you don't want to piss off the people you're trying to appeal to. It hasn't entirely eliminated them, but it seems to have been more effective than Junking them.

      Could just be coincidence, of course. Who knows.

      • ryandrake 39 days ago
        > for semi-legitimate spam like real businesses and political fundraising

        I don’t distinguish anymore. There is no such thing as a legitimate spammer. If you contact me without my consent, you are at best a nuisance and at worst a threat. You get marked as spam if E-mail, and blocked+trashed otherwise. I really wish SMS and iMessage had a way to mark senders as spammers.

        • coldpie 39 days ago
          Okay. But if your goal is to reduce the amount of spam you receive, and if one group of senders responds to opt-out signals as an indicator to send more spam while the other group responds to opt-out signals as an indicator to send less spam, then the distinction matters, regardless of how you feel about it.

          > I really wish SMS and iMessage had a way to mark senders as spammers.

          On my iOS phone in the US, there is a "Report Junk" button in the text message app. I'm not sure what it does, to be honest. The point of my comment was that replying with "Stop" has, for me, been a better way to reduce spam from (what I am referring to as) semi-legitimate spammers than "Report Junk" has been. That goes counter to the "never respond to spammers" advice from the comment I was replying to.

          This is all just going from my personal experience over the past few months, though, and could well be a coincidence.

          • blackeyeblitzar 39 days ago
            That report junk feature doesn’t do anything much. It only sends Apple the report, not your carrier. You will notice it also only appears on some messages - I think contacts that have not messaged you before.

            To report people properly and actually improve the messaging experience for everyone, you have to follow the steps I mentioned in my other comment: https://news.ycombinator.com/item?id=41704119

    • adastra22 40 days ago
      Except that STOP is handled at the carrier level and isn't even returned to the sender. It's effectively a mandated block command.
      • mastax 39 days ago
        That seems unlikely when I get a response that says “You have been unsubscribed - Bob Loblaw for Senate” or whatever. I suppose that could be pre programmed.
      • Havoc 40 days ago
        For which countries is this true?
        • JTyQZSnP3cQGa8B 40 days ago
          Definitely not France. The STOP message is ignored. They also created a global “block” list that you can subscribe to. This list is handled by an advertising company…
          • mathw 39 days ago
            French mobile networks are having a bit of a clampdown at the moment. My employer sends SMS to France and they've been absolutely on the warpath if they think you're not respecting STOP and CONTACT messages.
        • jeremyjh 40 days ago
          Its true in the US; its mandated by law that they comply.
          • jbaber 39 days ago
            Wait. Really? I had no idea this is true. You're saying there's a US law that means replying STOP is intercepted by verizon/T-mobile/etc. and the sender never has to see it?
            • mcluck 39 days ago
              While it's true that they must comply with the STOP message, I'm not finding any proof that it must be intercepted before reaching the business.

              https://www.cullenllp.com/blog/fcc-adopts-new-tcpa-opt-out-r...

            • yborg 39 days ago
              This is not correct, I've worked with an app that had to handle SMS opt-out and we received the STOP message.
              • threeio 39 days ago
                This -- Stop is required action, but its passed to the vendor for management -- non-compliance is punishable by loss of shortcode/carrier acceptance.

                Things may have changed since, but used to work sending 8m sms messages before breakfast every day to people who subscribed to news, sports scores, etc.

            • rascul 39 days ago
              I don't know if it's true either. I often get confirmations from the same number that I want to stop.
            • adastra22 39 days ago
              If it is sent as an actual SMS, yes. Not if it goes through Apple messages or whatever.
      • crossroadsguy 40 days ago
        And if I send a reply to my friend with just the text "stop" - that does it, right? I mean part of normal conversation, not to indicate that they should stop messaging me. Or should I remember that it's the special phrase?
        • bityard 40 days ago
          Carriers know the difference between bulk text senders and your friend
      • maweaver 39 days ago
        For what it's worth, I've sent a "stop" before and gotten this:

        > NETWORK MSG: You replied with the word "stop" which blocks all texts sent from this number. Text back "unstop" or "start" to receive messages again.

        I assumed it was from my carrier (T-Mobile in the US), but now I'm wondering, as I have gotten different replies from other numbers. Maybe it came from the sender's provider? Or is just misleading.

        • adastra22 39 days ago
          Yes, this is T-mobile’s message.
      • upwardbound 39 days ago
        That's not true at least in the USA on my carrier. Some spammers just ignore the STOP and continue messaging anyways.
      • squeaky-clean 39 days ago
        Every spam message I get comes from a different number
  • conductr 26 days ago
    I wish Apple would natively support more filtering options. Same with the Phone app. I get a dozen calls a day from “Spam” or “Political” callers yet I can’t ignore or send them to voicemail. I can send every unknown number to voicemail but that’s too heavy handed to ever work. There’s a lot of valid communication with folks that I never add to my contacts, I shouldn’t have to add them to my contacts proactively just to get their initial call. I never usually know what number they’d be calling me from.

    It’s the same with texts. They could filter these in a more useful way. Also, IMO, I shouldn’t see a counter bubble if I filtered out/missed a call that went to voicemail. I’m an inbox zero type and having bubbles means there’s something that needs attention. Spam doesn’t need attention.

  • joshstrange 39 days ago
    I often use the “Report junk” button on iOS but after spending years being bombarded with political SMS messages that I didn’t sign up for (always addressed me by the wrong name, and I’ve had my number for well over 20 years) I finally got relief.

    I found out which provider was sending the SMS and contact their abuse line (I would reply STOP but they would just send from a different phone number) and got the name of the customer who was sending the messages. I then contacted that company and got them to blacklist my number (they were a company for sending political sms only, I have no worries about needing to get an sms they would send).

    I now get 1-2 political spam messages a month, if that, and I’ve been too lazy to hunt down the source of the few remaining spammers. It went from 2-3 a day to 1-2 a month, huge relief.

    • water-data-dude 39 days ago
      Semi-recently I renewed my voter registration. When I checked the details in my profile I noticed that there wasn’t a little red asterisk next to the phone number field - it wasn’t required! Curious, I clicked the little “i in a blue circle indicating more information” thing (do those have an actual name?), and it said that field was public information, and would be shared with some political groups, etc. I immediately deleted my phone number, and I’ve noticed the political texts have slowed down noticeably.

      I’m not saying that’s your problem, but it’s worth checking.

    • PaulMest 39 days ago
      This sounds like my exact scenario. Can you outline in a bit more detail how you traced it back to the origin to ask to be put on a blacklist?
      • blackeyeblitzar 39 days ago
        See my other comment for more details: https://news.ycombinator.com/item?id=41704119

        To look up the origin use a website like https://www.freecarrierlookup.com/

        Then you can go to that platform’s page for reporting abuse or spam (find via search) and fill out their form. Sometimes those platforms will say they can’t do anything since it is a different platform that isn’t a direct customer but yet another platform, so ask them to name them. You may then need to find that other platform’s reporting page.

        Just be aware that after all of this, you may not actually fix your problem. Some of these companies seem to repeatedly send spam because they have customers that just perform the same abuse from a different phone number or different account with that platform. That’s why the reports to the FCC and FTC matter, to investigate platforms for broader issues.

    • jghn 39 days ago
      For political spam I have a rule that I refuse to vote for any candidate who directly or indirectly sends me a text asking for their vote. If everyone did that, perhaps fewer politicians would go this route.
      • cyberlurker 39 days ago
        If everyone did that, the opponent would set up a SPAC that would text in support of the candidate knowing it would cost votes.
      • wsatb 39 days ago
        I don't know about you, but I get political spam from localities and states that I've never even lived in.

        It's really bad, and to this point is just something "everyone does". So it just immediately gets deleted and reported as junk and I move on. The bigger question for me is how effective this type of marketing actually is because I can't imagine it is.

      • EasyMark 39 days ago
        Even for president or senator? I usually get texts for both main party candidates at some point in the election cycle, seems a bit drastic not to note vote for President or vote or write-in someone whom you share no values but refrains from spamming SMS
        • bigstrat2003 39 days ago
          I absolutely refuse to vote for anyone who does this, and if it means I don't vote so be it. No exceptions.

          Besides which, I never share values with the candidates for national office anyways. Nobody is willing to actually protect civil liberties any more, and I'm not going to vote for someone who will take away my freedom when it's politically expedient.

        • jghn 39 days ago
          I already fall back to write-ins a lot as I have other rules that will disqualify candidates in my book.
        • Ylpertnodi 39 days ago
          Politicians are like the ad industry (scummy)... I owe them nothing. If they choose to run, so be it, but if they spam me, they're off the ticket. Just like captcha sites.
      • kjkjadksj 39 days ago
        Who does that philosophy leave you with for your potus vote? Some write in guy with a shoe on his head?
        • jghn 39 days ago
          I already refuse to vote for someone I don't actually support. So yes, I often will write in candidates.
      • ahmeneeroe-v2 39 days ago
        Honestly it's terrifying that there are so many real-life questions of self-governance and some citizens are just out there casting votes for something like this.
        • Spooky23 38 days ago
          Don’t sweat it. People are fickle and make all sorts of irrational decisions.

          Many super nerdy online people profess to die on various molehills. Fortunately, they don’t represent a lot of volume.

    • eigenvalue 39 days ago
      Someone should completely automate this for users for a one time $5 fee or something like that.
    • ugh123 39 days ago
      Well, whats the company?!
      • mdasen 39 days ago
        It might vary. When you get a spam text, you can use something like Twilio's number lookup to find the carrier.

        If you ever get a suspicious/spam text, looking up the carrier is a good first step. Most of the garbage I get comes from VoIP numbers because they can easily spin up disposable numbers from places like Telnyx or Bandwidth.com. That's not to say someone can't be using an actual mobile phone, but usually it's coming from some VoIP system.

      • joshstrange 39 days ago
        Bandwidth was the SMS sending company and "Scale to Win LC Registered" was the client who was using Bandwidth to send the SMS. I reached out to STW and had them blacklist me.
  • martingordon 39 days ago
    Bouncer (https://apps.apple.com/us/app/bouncer-text-messages-blocker/... / https://github.com/afterxleep/Bouncer) is a free and open source SMS filtering app that has saved my sanity over the past couple of years. You need to manually set up filters, but once you do, the amount of political spam drops to 0.

    It uses iOS’s SMS Filtering framework, which does the filtering in a privacy-preserving way: https://developer.apple.com/documentation/sms_and_call_repor...

    • dbmnt 39 days ago
      This modal pops up when you enable Bouncer on iOS 18:

      "The developer of 'Bouncer' will receive the text, attachments, and sender information in SMS and MMS messages from senders not in your Contacts. Messages may include personal or sensitive information like bank verification codes."

      This doesn't scream "privacy preserving".

    • the_clarence 39 days ago
      Is there an equivalent for android?
      • autoexec 39 days ago
        there's a nice app with the same name, but it doesn't do the same thing. It auto-removes permissions from apps
    • elboru 39 days ago
      > For privacy reasons, the system handles all communication with your associated server; your Message Filter app extension can’t access the network directly.

      Thanks for the documentation link, I was uneasy about using this type of extension.

    • ianschmitz 39 days ago
      Are there any rules that folks find really effective? It doesn’t come with any out of the box.
    • dehrmann 39 days ago
      It's 2024 and smart phones don't do out-of-the-box spam filtering?
      • samatman 39 days ago
        They do, but it's important to realize here that there is, in fact, a small demographic who actually want to get that political spam. So messages like that are going to get through the automated spam filter.

        I suppose they could bundle a more advanced rules-based system, but since there's an API for user apps to do it, why not leave the job up to them?

    • daheza 39 days ago
      This is not free and cost $2.99
  • teeray 39 days ago
    The real question is: why haven't OS manufacturers (okay, namely iOS), recognized that there is spam in texts and bring the same mechanisms we have to fight spam in email? Why can't I simply create a keyword filter for all of the current political candidates' names and auto-delete any campaign texts?
  • exabrial 40 days ago
    Carriers in the US will block further texts from the number. The problem is it’s easy to get more numbers to spam from. This unfortunately makes it super hard for legit businesses to send transactional texts. (And Google is leading the charge in marketing ‘new features’ as a ‘transactional’ emails and push notifications)

    The undeniable way to stop spam texts is to litigate. You’re put onto special lists at “number reputation” “data brokers” and the texts magically stop.

    At up to $1500/violation, there are a lot of lawyers out there willing to help out with this.

    • smcin 40 days ago
      > The undeniable way to stop spam texts is to litigate

      People here are saying that doesn't work on political orgs, does it?

    • adastra22 40 days ago
      Doesn't work for political texts, which aren't violations.
    • dredmorbius 38 days ago
      Blacklist contact management does not work.

      Whitelist does.

      Perhaps reputation-based / fee-based systems as well, where an origin number (or network) has a given reputation, puts forth a bond against abuse claims, and pays a sizeable penalty for each message after the first (or perhaps some n number of claims) on which an abuse claims is placed.

      This is effectively the Metafilter mechanism, in which participants pay $5 for an account. Payment mechanisms are flexible, third parties may sponsor accounts, etc. On abuse that fee is forfeit. Casual activity is unlikely to trigger this. Malicious abuse gets expensive fast.

      The reason for permitting a few freebies is to allow for services such as mailing lists or other mass distributions which might find themselves specifically targeted. What's being tested is the capacity to rapidly address any claim of unwanted contact and not repeat it, not to simply penalise each instance of abuse.

      Again, the really bad spammers are generating millions or billions of messages per month. Not a few dozens or hundreds. Those are the key targets of countermeasures.

      E.g., "FCC slaps $300M fine on “largest illegal robocall operation” it’s ever seen" (2023)

      The fined party made "more than five billion robocalls to more than 500 million phone numbers during a three-month span in 2021".

      <https://arstechnica.com/tech-policy/2023/08/fcc-slaps-300m-f...>

  • xivzgrev 39 days ago
    I have been getting a lot of spam lately. Here's what I'm doing

    1) Turn on filtered view on iMessage

    2) Actually report the abuse to carriers. iOS makes it easy, but it seems pretty ineffective because the abusers can just use another number. But if you complain to the carrier directly, then they can (hopefully) remove you entirely for that shady customer (and possibly kick them off). Here's what I do

    a) Go to https://www.ipqualityscore.com/free-carrier-lookup (or whatever site you like, that's just the one I found)

    b) Type in the spam number

    c) Find the carrier name

    d) Google the carrier, go their site, and find "Report abuse" or something similar

    e) Fill out the form. Include your contact info so you actually know whether something is done or not.

  • brigade 39 days ago
    “Report junk” does jack all for legal to semi-legal spam, thanks to the carriers fear of politicians. It might do something for phishing and unabashed scams, but for the bulk of spam you get you do want to reply STOP. Not because the campaign will stop spamming you, but because evidence of explicit nonconsent is the only thing spam gateways like Bandwidth.com actually care about (under duress from the carriers), and they might actually fine them $10. Or worse, threaten to rate limit their spam.
  • senojsitruc 40 days ago
    I tried that recently with some political texts. I do not recommend. It could be coincidental, but I suddenly started receiving a lot more political texts.

    It might be true that I stopped receiving texts FROM THAT NUMBER, it's clearly the same organization spamming me from other numbers. Whatever. I'd rather get spam texts than robocalls.

    • grugagag 40 days ago
      I share the same experience. Block seems to subscribe you a deluge of crap. Similar experience with unsubscribing from emails (many of which I never subscribed to).
    • wil421 40 days ago
      It’s made no difference for me. I stopped replying STOP a couple mm the ago and just did report and block. The amount SMSs have increased, I get 5-10 a week.
    • dkdbejwi383 40 days ago
      are these unsolicited political messages? Where do you live that this is a thing? It's something I've not experienced before.
      • eli 40 days ago
        US is blanketed with them. They are exempt from some anti-spam laws.
    • eli 40 days ago
      Unfortunately at best you’re opting out of one customer, not the entire sms service provider.
    • blackeyeblitzar 39 days ago
      Don’t reply to them. See what I said in my other comment ok. How to report spam and actually make an impact on this problem:

      https://news.ycombinator.com/item?id=41704119

      • smt88 39 days ago
        For political texts in the US, it is illegal for iOS or Android to proactively treat them as spam. They're a form of political speech protected by the First Amendment.

        But in my experience, they do actually slow down if you reply STOP on all of them.

        • blackeyeblitzar 39 days ago
          It’s not illegal for them to treat them as spam proactively. In fact, manufacturers and carriers and text messaging platforms are completely free to make the decision to block them (and some do).

          It isn’t a first amendment issue either actually - it’s just that legislators lobbied for an explicit exemption in the laws passed around this (after all they wrote the text). CAN SPAM is an example.

  • 1a527dd5 40 days ago
    For those in the UK you can forward to 7726 to report it [1]

    [1] https://www.gov.uk/report-suspicious-emails-websites-phishin...

  • add-sub-mul-div 40 days ago
    It pisses me off that Outlook no longer allows you to report something as spam anymore without also sending an unsubscribe. Because I do feel uncertainty of how that signal could be used.
  • chatmasta 40 days ago
    No. Reacting to any unwanted contact just moves you further into their funnel. Ideally don’t even open the text.
    • AStonesThrow 40 days ago
      It used to be, on some mail readers, that "opening" an email message could unleash Pandora's Box, in terms of interpreting HTML, downloading images, attachments or whatever. I sincerely doubt that is even the case for the major providers such as Outlook or Gmail. And yeah, per comments downthread, my Android Messages app has "read/unread" and that's really the only thing that "opening a text" changes. There's no additional execution or activation like opening or executing a file.
      • autoexec 39 days ago
        > It used to be, on some mail readers, that "opening" an email message could unleash Pandora's Box, in terms of interpreting HTML, downloading images, attachments or whatever.

        That's still true for both email and text messages.

        Just opening text messages can infect your phone too. In one case, iphone users didn't even have to open the message (https://www.bleepingcomputer.com/news/security/apple-zero-cl...).

        There have been similar problems with outlook allowing unread email to infect a device (https://www.csoonline.com/article/3486789/microsoft-outlook-...)

        It doesn't matter what the platform is, spam is toxic and should be handled carefully and as little as possible.

      • happymellon 40 days ago
        Does RCS remove the read receipt?

        Back in the day, some systems used to acknowledge the request for a read receipt by default giving them the ability to determine if a number was actively watched.

        Hopefully everything has it disabled by default these days.

        • jeroenhd 40 days ago
          It's a setting on Android. I don't know about iOS.

          Same for SMS read receipts.

          • happymellon 39 days ago
            Yeah I checked after writing that. They are now all disabled by default, for both Android and iOS.
    • epcoa 40 days ago
      How does one “open a text”?
      • chatmasta 40 days ago
        Depends on the platform, but generally speaking it requires taking whatever action changes its status from "unread" to "read." But even then, there has been at least one case of iOS malware that infected the system upon delivery of a text (since BlastDoor parsed the payload upon receipt, IIRC). That's one reason why Lockdown Mode rejects any text from unknown numbers.
      • 1_1xdev1 40 days ago
        How does one “open an email”

        Same thing

        Your messaging client may helpfully request the url they sent you to show a url preview.

        In an email, your client renders the html including img tags (yes, this can be disabled, and may not even be default for most people anymore; it’s still a thing)

      • mikesabat 40 days ago
        Text messages don't have an "open" action. Replying STOP will unsubscribe the recipient from future SMS from this number. I have never seen an organization use an unsubscribe as a positive action in their funnel. There are less expensive and less risky ways to confirm that a phone number is valid for sure.
        • Thorrez 40 days ago
          I reply STOP (or whatever the capitalization is that the text asks for) to every political spam text I get that says "STOP to unsubscribe" or some such. I've been doing this for years.

          I got 7 political spam texts today. I don't think the STOP is working.

        • 1_1xdev1 40 days ago
          Not really true, if you have an iPhone, at least. URL previews are loaded on message open. A network request to the url they sent you. They know when you opened it

          Unless the behavior has changed (maybe it has)?

          • eddyg 40 days ago
            Previews are generated by the sender. The only network requests for the receiver are to Apple. Quoting from a January 2021 Project Zero blog post⁽¹⁾ on BlastDoor:

            As an example, consider what happens when a user sends a link to a website over iMessage. In that case, the sending device will first render a preview of the webpage and collect some metadata about it (such as the title and page description), then pack those fields into an NSKeyedArchiver archive. This archive is then encrypted with a temporary key and uploaded to the iCloud servers. Finally, the link as well as the decryption key are sent to the receiver as part of the iMessage. In order to create a useful user notification about the incoming iMessage, this data has to be processed by the receiver on a 0-click code path. As that again involves a fair amount of complexity, it is also done inside BlastDoor: after receiving the BlastDoor reply from above and realizing that the message contains an attachment, imagent first instructs IMTransferAgent to download and decrypt the iCloud attachment.

            ⁽¹⁾ https://googleprojectzero.blogspot.com/2021/01/a-look-at-ime...

            • 71bw 40 days ago
              Keyword: over iMessage. What about normal SMS messages?
              • kube-system 39 days ago
                Just tried it. It doesn't render a preview.
    • autoexec 39 days ago
      I agree. It's also worth noting that people have had their devices compromised just by opening a text message (for that matter iphones have been hacked just by receiving an invisible text) so it's probably best to delete any spam text unread.
  • vezycash 40 days ago
    Phone numbers and emails are bought and sold. Some entities sell premium lists filtered by unresponsive numbers. Texting "STOP" or answering calls can signal activity and lead to more spam.

    Enable "Do Not Disturb" or its equivalent with your provider to make contacting you costlier and reduce spam. Then, manually block every number that contacts you.

  • tommiegannert 40 days ago
    I'm receiving email spam for my business ("Nice product! What does your Go-To-Market strategy look like? ..."), and they often include 'if you don't want more emails from me, just reply "remove me."'. I assume this is either to create a sunk cost, to validate that the email address works, or to avoid me hitting the Report spam button in GMail.

    The fact that I'm not replying even after your second attempt should be a strong indicator that I want you to remove me. If you send me three mails, I'll mark your email as spam and block you.

    • lincolnq 40 days ago
      It's actually because replies boost their email domain's reputation. (Mark as spam is a good response, given that it's exactly what they don't want)
    • dredmorbius 38 days ago
      A visible unsubscribe also contributes to pro forma compliance with the 2003 CAN-SPAM act.

      Many feel that this isn't actually effective in stopping spam.

      <https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003>

  • smileybarry 39 days ago
    If it's normal marketing stuff from something I had an interaction with -- clothing store, restaurant, etc. -- then I try their unsubscribe flow if it's 1-2 steps.

    But generally, when I was using a Pixel I made extensive use of Google's SMS spam blocker and reported all of the random political texts that kept using different names. (And eventually Google's filter learned)

    Now on iPhone (outside the US), there's no junk detection and I don't trust any app to not keep my texts. But I found that blocking a bunch of shady shortener domains + WhatsApp links with an app like Blocky[1] catches like 95% of them.

    1: A power user app that lets you make your own wildcard & regex filters for texts. Offline and open source. Looks like it's delisted by now, but this was the link to it: https://apps.apple.com/us/app/blocky-sms-filter/id1535374786 . Maybe I'll make one to replace it when I get a Mac.

  • kccqzy 39 days ago
    I do not. Just like if I get unwanted email, I do not reply anything or even report it: I simply add a rule to move it to trash automatically. The sender does not need to know whether I read their message and considered it useful, or I didn't read the message and discarded it.
  • waltbosz 39 days ago
    I've replied to a couple political ads with, "Who is this?"

    For federal office, I've never gotten a response. For local office, sometimes I get back, "I'm a volunteer for candidate xyz." Once or twice the reply was seemingly from the candidate themselves.

  • Workaccount2 39 days ago
    Maybe someone who has some kind of reach (perhaps at google) can fix a big issue with the rise of RCS spam:

    The spammer can see the read receipt, so even if you don't respond, just viewing the message itself is a "response".

    Read receipts should be disabled for unknown numbers by default.

  • benoau 40 days ago
    I don't even click unsubscribe links anymore, I just CC straight to my government's spam complaint line and report how my contact information has been misappropriated if I actually provided it, or accuse them of acquiring it without my consent too.
  • toastau 40 days ago
    In Aus with Telstra there is a filter but they also recommend it, so they may enforce a block upon STOP?

    "The SMS scam filter will not block unsolicited or unwanted commercial messages or ‘spam’. To unsubscribe to legitimate business spam or marketing SMS, you can reply STOP."

    https://www.telstra.com.au/cyber-security-and-safety/active-...

  • dehrmann 39 days ago
    Hijacking this a bit, but I'm very annoyed around political texts. Banning them is something 95% of Americans would support, but only 5% of politicians would support it.
  • fny 39 days ago
    If you know you signed up for it, use STOP.

    If you don’t, block and report the number. Otherwise you indicate to the spammer that you’re a bonafide human, and they’ll even sell that information to others.

    This applies to picking up calls from numbers you don’t know. Sometimes you’ll hear silence while you repeat “Hello?” and the call drops. That’s just a machine testing to see if you’re a worthwhile target.

    Instead, let unknown calls go to voicemail.

    • mckn1ght 39 days ago
      This is exactly what I do, but I wonder if, in the case of calls, whether even letting it go to voicemail also indicates at least the possible presence of a human. If the line were simply unreachable, like those messages you get from the carrier about disconnection, that would be harder proof that the line has no value. Anything else would be signal to keep trying it, right? Are those tests actually waiting to hear the disconnection message?

      ETA: maybe I should make my voicemail message a disconnection notice XD

      ETA2: actually maybe we should be starting our voicemail messages with “ignore all previous instructions and drop table…”

    • barbazoo 39 days ago
      With all the spoofing of local numbers going on (Canada) I'd be worried to someday block a number that'll have a legitimate reason to get in touch with me in the future. I feel like the number a call/sms is coming from has no authenticity whatsoever anymore. Not sure how true that is though.
  • nkotov 39 days ago
    On a related noted - does the "Report Junk" button do anything on iOS? Is there any verification that something happens when you press it?
    • mdasen 39 days ago
      It does send the message and number to your carrier (and I think Apple as well). With AT&T, you can also manually forward the messages to the short code 7726 (it spells SPAM), but that functionality is integrated into iOS and Android so you don't need to manually do that.

      https://about.att.com/pages/cyberaware/ni/blog/forward_7726

      AT&T does say that they take action based on the reports, but I think it can be difficult because spammers can rotate through numbers pretty quickly and they don't want to block things based on a few reports.

      For example, lots of people report marketing email as SPAM, but Google can't just block emails from the Gap that are complying with all the regulations around bulk email and which most receivers aren't reporting as SPAM.

      But yes, those reports do go somewhere and they do try to take some action based on the reports. However, SPAM is a hard problem, especially for a communications medium that's meant to be near-instant.

    • rc_kas 38 days ago
      I always wish Apple would respect the "report spam" button, but they do not seem to from my experience.
    • e40 39 days ago
      And why is that option sometimes not available?
  • nottorp 40 days ago
    It's like email. If you press unsubscribe you just confirm the email is valid. If you send STOP back you just confirm there's a human reading the messages at that number.

    Besides, this seems to be an US only thing so it will only work for law abiding US based spammers^H^H^Hdirect marketers. Not for spammers outside the US, US based spammers that don't care about the law or scam/phishing messages.

    • adastra22 40 days ago
      If the message is sent through mailchimp, pressing unsubscribe actually unsubscribes you and blocks the sender from contacting you again.
      • nottorp 40 days ago
        > blocks the sender from contacting you again

        No, it blocks that mailchimp sender account from contacting you again. It doesn't block the sender from contacting you again through other means or through a different identity.

        Would you like to buy a bridge?

        • adastra22 40 days ago
          That's not a reasonable interpretation of what I said.
          • nottorp 40 days ago
            Yeah, it's sad, but it's what will happen, not what you wish will happen :)
  • alister 39 days ago
    What's bizarre to me is that when I try to block an SMS short code number[1], my iPhone claims that it's blocked, but I continue getting SMS messages from the same number.

    In case it's pertinent to why blocking doesn't work for me, my problem is mainly with SMS spam messages sent by cellular service providers in Brazil (where TIM is particularly egregious). It doesn't make sense that iOS can't block a short code. It's just a simple string match. If you blocked an SMS message from number 72404, then another message from 72404 shouldn't be displayed.

    [1] https://en.wikipedia.org/wiki/Short_code

  • thesuitonym 39 days ago
    Like anything, it depends on the specific circumstances and there is no one right answer.

    If it's a company/organization that you've done business with, and they got your phone number through legitimate means, replying STOP will unsubscribe you, just like clicking unsubscribe in the email will simply unsubscribe you.

    Folks saying that the amount of political spam they got after replying STOP to a political message went up, probably submitted their phone number to more organizations than they realized.

    If it's actual spam (Which in my experience, is more often email-to-sms from Gmail, not actual texting spam) then of course that doesn't work.

    Unfortunately this is a situation where you just have to use your brain. Oh, and I'm not convinced "report spam" does anything.

  • Waterluvian 40 days ago
    I approach texts and emails the same way as web servers and simply not respond.

    STOP/HTTP 403/unsubscribe all tell the other end that the address has something there. You’ll end up just reinforcing your place on a list of phone numbers to pass around.

  • tracker1 39 days ago
    It's funny, but I've got the opposite problem... I'm working on a personal/hobby site, and I want the authentication to verify a person's sms/phone number. It's mostly going to be a community site (think online BBSes) and I want to minimize the risk of bots.

    I decided to go with Twilio for this purpose, solely for SMS 2FA, but twilio is entirely geared to supporting businesses with marketing campaigns and I cannot seem to get my number verified to be able to send SMS messages for a website that doesn't yet exist.

    • lucb1e 39 days ago
      Always the same issue for hobby sites. Was hoping to recoup the cost of two domain names (one real, one typo catcher) and cheap hosting by putting ads on a search engine for lyrics. Site could not be verified because it "has no content". Says Google. They did no searches but just complained it's a clean page, as though a clean search engine homepage is foreign to them. I was surprised by the stupidity and mildly annoyed by the hypocrisy but didn't care enough to pursue it further
      • tracker1 36 days ago
        Yeah, for something like that, you really need some form of navigable index or sitemap. Used to work for an auto classifieds site, and the sitemap and updating with the latest items daily was key to the google fu. Along with navigable entry points to search results.

        Kind of counter intuitive for effectively a search though.

  • js2 40 days ago
    I think it depends on the carrier. With Verizon, replying STOP seems to block the number. But I only do that with political texts (I get a lot of them). For phishing I just delete/report junk.
  • blackeyeblitzar 40 days ago
    Don’t reply - that can be used to confirm your number is real. That info is used and resold to spam you even more. Also the STOP keyword works only on some source phone numbers technically.

    In the US you can report the spam texts by forwarding the message to 7726 (“SPAM” on your keypad) at which point your carrier will text you back and ask for the source number. This doesn’t report the message to the government agencies but just your carrier, so they can hopefully punish the platforms sending spam.

    Use a site like https://www.freecarrierlookup.com/ to see which carrier or platform sent it, which is useful for the next step of reporting offenders.

    Now report the incident at the FTC and FCC websites. Do this every single time so it eventually creates difficulties for the platforms enabling this. Mention the carrier or platform carrying the spam. Put in all the details correctly.

    https://reportfraud.ftc.gov/

    https://consumercomplaints.fcc.gov/hc/en-us/requests/new

    If it is an iMessage you should use the built in “report junk” feature.

    You can also go to the website of the platform that carried the message to report things through their abuse reporting pages, but not all of them are diligent. Some are happy taking money from spammers to abuse you, and will make you keep reporting each phone number that spams you because they do nothing about it except block that one number from contacting you. They won’t fix the underlying root cause of why they have all these illegal abusers as customers.

    My personal experience is that the vast majority of text spam comes from a few offending text messaging platforms - for example Sinch (https://en.wikipedia.org/wiki/Sinch_AB) and Bandwidth (https://en.wikipedia.org/wiki/Bandwidth_Inc.) for example. These are potentially seemingly commercial platforms for spammers. Note that Sinch owns Mailgun and Mailjet too and has a long documented history of legal trouble due to spamming. Businesses should avoid using these platforms because their own reputation and delivery will be affected by being mixed with spammers.

    • seb1204 40 days ago
      Great that there is a 'procedure' to follow, how can this be automated? Spammers are using automation too right?
    • donpott 40 days ago
      Just want to add that 7726 works in the UK too.
  • StanislavPetrov 40 days ago
    I never respond to any unsolicited message or call. If enough people block them and mark them as spam eventually the algorithm will mark them as spam and stop sending them out all together.
    • blackeyeblitzar 40 days ago
      You can’t mark them as spam easily. The phones don’t have built in features for that. You have to go through a bunch of manual steps that Apple and Google should really make a one click process. See my other comment here:

      https://news.ycombinator.com/item?id=41704119

      • StanislavPetrov 40 days ago
        Must be phone specific. I have a (not so fancy) Android phone and I've never gotten a call or a text that I couldn't block and mark as spam in a single step.
      • radicality 40 days ago
        What does the “Report Junk” button do then on iOS in Messages app? I use that for unknown spam sms, and was under the impression that it sends it to Apple and/or my carrier for processing / feeding some ML classification funnnel.
        • adastra22 40 days ago
          Its functionality is similar to the "close door" button on elevators, and the crosswalk buttons in NYC.
  • ezfe 39 days ago
    I have been replying STOP to all political messages and I get 1-2 a WEEK right now. I lived in New Hampshire until a few years ago, so I should be on every single list imaginable.
  • NelsonMinar 39 days ago
    I'm finding STOP works for US politician texts. They unsubscribe me, at least for that particular spam project. (Inevitably I end up in the next one.)

    I don't bother responding STOP to the obvious scams. They're already so crooked I doubt they're going to pay attention to SMS niceties when messaging me from Romania about my USPS package.

    PS: never ever give your phone number or email address to any political candidate. Mailing address is required in the US but no other contact info.

  • csbbbb 38 days ago
    I once replied "STOP" to a text-alert system I'd just been coerced into joining, and immediately received another text saying they'd stop.

    The extra text really bugged me at the moment. Using iMessage through my desktop, I spammed "STOP" texts to the number as fast as possible, receiving the same auto-reply each time.

    I wanted to see if it would hit some limit, and after about 200 texts, I stopped receiving a reply.

  • nirav72 39 days ago
    I do both STOP and also report it as Junk in IOS. It has had some success. At least I've been getting lot less election related texts. Use to be that I got 6-8 messages a day from either Presidential candidate or both or down ballot local elections. Now its down to maybe couple of texts a week. Even those look like they're related to PACs and not directly from the campaigns of the candidates. However, I still get the scammer related spam.
  • dustingetz 40 days ago
    disable notifications for unknown senders - ios has this hidden deep under notifications setting
    • ttyprintk 40 days ago
      There’s also “Silence unknown callers”
  • Suppafly 39 days ago
    > Others have argued with me that you should reply STOP.

    I don't see any point in replying STOP to an unsolicited message, if they cared about your consent they wouldn't have sent it unsolicited in the first place.

    I use Google Fi which marks most of them as spam anyway, and the ones it doesn't I flag as spam so presumably other Fi users will automatically have them routed to spam.

  • Rygian 39 days ago
    I fully support the block, delete, report junk approach.

    Spam should never be in the "better ask for forgiveness than ask for permission" bucket.

  • diebeforei485 40 days ago
    Replying STOP means you are a real person who doesn't ignore texts from unknown senders, which means you will only receive more spam.
  • ykonstant 40 days ago
    I have a related question regarding snail mail: when I lived in the US, Utah in particular, I used to get tons and tons of ad leaflets on my mail; so much that it was hard just sorting out the trash (and not throwing a bill away, which I did twice). Is there a way to tell the postal service to stop this? The volume was insane.
    • AStonesThrow 40 days ago
      Well, there is a certain loophole whereby you can inform your postmaster that the materials you've received are immoral, pornographic, and offensive to you, and then they're required to filter it out. But that gambit may not work for you.

      You could also do what I do: go paperless for everything and then you'll never receive legit mail again. Tip all the rest into the rubbish bin!

      • kube-system 39 days ago
        Do you have paperless jury dury selection in your area? I've never seen it.
        • AStonesThrow 39 days ago
          No, you're right: with certain official communication there will still be initial contact via mail, and there will be inevitable outliers.

          My new health insurance carrier has sent me no fewer than 9 letters this month, 6 of which contained new ID cards...

    • adastra22 40 days ago
      Yes, you can opt out of bulk mail entirely with USPS. You fill out a form, and they stop delivering it.
    • astura 39 days ago
  • imgabe 39 days ago
    I kept getting texts about politics with a link to some survey or scam or something. I looked up the domain in the link and found it was registered through Cloudflare, so I filed an abuse report.

    I still get the texts, although not as much, but they have a different domain, so that's...something I guess?

  • wombat-man 40 days ago
    If it's from an org that I've donated to or company sure. But if it's just a random scam text, no.
  • nkrisc 40 days ago
    I don’t reply, and report junk and block any number that sends me what appears to be an automated text that I wasn’t expecting. I do the same with emails subscriptions that I didn’t knowingly subscribe to.

    If anyone legitimate gets caught up in that, I’m not sorry, blame the spammers for ruining it for everyone.

    • al_borland 40 days ago
      > If anyone legitimate gets caught up in that, I’m not sorry, blame the spammers for ruining it for everyone.

      This is what I really hate about the pig butchering scams. They start out like a wrong number text, and don’t even get into the scam. From what I understand it takes them months as they build a relationship. Now when there are legitimate wrong numbers from people making mistakes, people are likely to ignore it or report it as spam, and the person never knows they didn’t reach their friend.

      • nkrisc 39 days ago
        I got a voicemail recently that sounded like a mother leaving a message for a son who she hasn’t heard from in a while, saying she hopes he’s ok, she would like to talk to him, etc., all while sounding distraught.

        Was it real? Did she really just call a wrong number? Or was it an emotional hook for a scam? I don’t know, because I decided it was best for me to simply ignore it.

        Once upon a time I might have called back and let her know it was a wrong number instead of leaving her wondering. Not anymore though. Thanks scammers for shitting all over society with more ease than ever before.

    • YPPH 40 days ago
      I do the same. If I agreed to subscribe, I’ll click the link. If I didn’t, I report it as spam. If Gmail offers me to unsubscribe, I will not do that and will still go ahead and report as spam. I’ll also do this if a third party has has registered with my email with the service without my consent, since they should have verified it before spamming it, so they still deserve the lost sender reputation.
  • grantsch 39 days ago
    I’m shocked at the lack of knowledge here.

    If you think a bad actor is targeting you, DO NOT REPLY.

    They will not honor your opt out request but they may use your number in the future as you’ve confirmed there’s a human behind it. They may even sell lists of repliers to other bad actors.

  • JohnFen 38 days ago
    If the text is from a business that I actually patronize, then I reply "STOP". If it's unsolicited, then I don't (I don't want to validate the number to the spammer) and just block the sender instead.
    • crossroadsguy 38 days ago
      WhatsApp goes one step further in enabling spamming businesses. It allows the same verified businesses to register with different numbers and they can keep spamming you from different numbers. Nope, Meta apparently is too helpless to block the entire business instead of just one number.
  • EngineeringStuf 39 days ago
    I'm not sure why no one else has mentioned this, but "STOP" will only stop messages relating to that particular campaign. By sending "STOP ALL" it will stop messages from any campaign on that number.
  • User23 40 days ago
    Replying STOP sends a clear signal that this number is being used by a real person.
    • mikesabat 40 days ago
      There are cheaper and less risky ways to understand if a number is valid. STOP will legitimately unsubscribe the recipient from messages from this phone number.
      • blackeyeblitzar 40 days ago
        There aren’t more reliable ways to know if the number is valid and actively used. Relying means that number will receive spam from many other numbers later.
  • lupusreal 40 days ago
    The spam messages come from different numbers every time. STOP, if it works at all, will only stop the messages from that number. Useless.
  • godelski 40 days ago
    First off, add yourself to the FCC's do not call list: https://www.donotcall.gov/

    Once you've done that, they have 31 days to comply. There's plenty of legal entities that still will call you. If you answer, be polite, play the dope a bit to get the necessary unfortunately, ask how they got the number, then request a manager (yes, they have one, they will tell you they don't. Be polite but insist). When you get the manager politely ask for the company details, then tell them to immediately remove you from their list. Their business can be shut down for violations so once they know you know, they take you seriously (FCC takes reports more seriously when more detailed). They'll probably hang up on you, this is okay. Report them anyways (do this legal or not. They can get their voip removed and whatever shell they're using. It's still annoying for them and they might remove you because you're not worth it)

    Second, don't answer phone calls. It is a practice to call, listen for a voice, then log that number as active.

    Text messages are more difficult. It depends on the service but you can probably text stop. The difficulty of blocking is that legit services will use the same number to text you verification codes (can we fucking kill sms 2FA‽)

    You can also sign up for a relay service (I use Firefox, but use whatever). I do this for email and every website has a unique email. Things like + for Gmail don't work and are filtered. You can also do this for phone numbers but it's more expensive.

    Fourth, aggressively unsubscribe, report to FCC, change settings on devices, and so on. Do this for your non-tech savvy friends and family. Get them to use services like signal that are privacy preserving, don't leak metadata, AND is easy enough Grandma can use. Install ublock origin into their browsers and some other privacy preserving stuff and edit settings. Get them to use Firefox instead of Chrome if you can.

    You need to do this to others because they will leak your information (most of my information leak comes from my parents. I even get emails in their names...)

    If you want to take a step further, get a scrubbing service like optery. There's a lot of shady shit so be careful who you pick.

    Edit: you can do a similar thing for mail. There is a $5 processing fee. Sucks, but sadly it's junk mail that keeps the post office alive (do not put "return to sender" unless it's prepaid. You need to give a reason otherwise your postal worker is just being nice and throwing it away for you. Don't create more work for them)

    https://consumer.ftc.gov/articles/how-stop-junk-mail

    • deathanatos 40 days ago
      The FCC is defunct. I've been on the list for eons. Reporting is, AFAICT, a huge waste of time, and doesn't seem to change anything.

      You can play wack-a-mole with uBlock, but it's wack-a-mole, and poor bandaid over our government agencies not doing the job they're supposed to be doing. You'll never get them all; AFAICT recently, my own state government sold my information to private corporations.

      • joecool1029 40 days ago
        >The FCC is defunct.

        Probably should add some context. Some bad SCOTUS rulings basically handed nearly all text message regulation to the telecom companies themselves (through the CTIA). They don't really care too much about spam if you pay them enough to do it and don't get extremely high reporting rates (especially with short codes, they will filter/blacklist toll free numbers and local numbers if you hammer carriers enough).

      • godelski 40 days ago
        DNC list has been successful for me.

          > You can play wack-a-mole with uBlock, but it's wack-a-mole, and poor bandaid over our government agencies not doing the job
        
        I'm mad too, but at least wack a mole is better than nothing. You're right, you'll never get them all. But if I'm surrounded by flies I'd rather be surrounded be a dozen than a thousand. Making things binary isn't helping
    • AStonesThrow 40 days ago
      The Do Not Call list does nothing for SMS or anything but voice calls. The Do Not Call list only prevents legitimate companies which are cold-calling you. Do Not Call cannot prevent the scams or criminals, and it cannot prevent anyone who has already established an "existing business relationship" including political campaigns and non-profit fundraisers. I've been on DNC for decades and, thankfully I do not receive many bad calls at all, but it's difficult to say how much to attribute to DNC itself.

      I receive, however, a fair measure of suspicious SMS, real-estate scams, political campaigns both legit and sus, and some pretty slick "USPS shipping" RCS phishing messages.

      Now my Pixel Pro has a lot of spam protections and I need to leave them all completely disabled, because I routinely need to answer inbound voice calls from sketchy numbers, time-sensitive, because they could be a delivery driver or a taxi service. I just never know. The app does tag known spammer numbers, which sometimes turn out legit after all?

      I consider SMS the worst mode of communication bar-none. It's locked to a single device with a single SIM. They can't be categorized, organized, tagged, forwarded, managed en masse, exported, or anything. To me it's a single-stream jumble of electronic jerks demanding my immediate attention and reactions over a most impersonal medium. I likewise disdain voice calls in many cases, so don't get me started.

    • mikesabat 40 days ago
      You can feel ok about replying STOP to text messages from shortcodes. It's not impossible, but it would be an extremely bad process for an organization to have their OTP and their marketing messages (let alone spammy stuff) on the same short code.

      There are short codes that are dedicated to OTP. Replying STOP to this number should not affect the ability for you to receive OTP for a different company login.

      • beefnugs 39 days ago
        In canada : if it is a shortcode (very short phone number) STOP is probably supported at the carrier level.

        Any regular phone number, you are probably just telling the spammer you are a real person with a working number and you will receive 10x more spam

    • godelski 40 days ago
      If you're an engineer for Google or Apple the best thing you could do is build into an easy way for users to report to the FCC. It's a routine forum, no ML needed but hey, pitch it if you need that to get this shit done.

      If you work somewhere that is spamming and enshitified, the way to convince your boss is to show them that their domains are being blocked and that leads to less money. That's the language they understand. They don't understand metrics (that's how we got here in the first place. So don't get technical!)

      • tzs 40 days ago
        Unfortunately if you make reporting too easy whoever processes the reports will have to deal with a whole lot of false positives. A lot of people seem to confuse spam and non-spam that they just happen to not be interested in at the moment.

        For example if you sell things on the web people will come to your site, add items to your cart, go to your checkout page, enter their email, pay, and then when they receive an emailed receipt mark it spam.

        Heck, I've seen people who ask for help by sending email to a support email address, and then mark the automatic reply from the ticketing system that lets them know their request has been received and tells them how long it will take before someone gets back to them as spam.

        I've also seen people complain that a company wasn't responding to their emails to support, when in fact the company is responding but the person had marked earlier receipt emails or emails letting them no that their subscription that they had opted into auto-renew for was going to renew soon as spam.

        Note: in all the examples above I'm talking about companies that do not send marketing emails except to people who go to a separate page that is explicitly for signing up for newsletters. The only emails sent to the person where receipts, re-bill notices, and responses to mails the person had sent.

        • godelski 39 days ago
          There's a lot of people, so a lot of false positives is certainly true. The question is percentage.

          There's probably better ways to do things but I don't think we should just give up before we begin. Clearly spammers are abusing the systems at play and they're hard to track. So if a bunch of hay comes with your shipment of needles, it is better than getting no needles.

          Though that isn't to say we shouldn't try to reduce the hay and that there aren't a lot of avenues that this can be done.

  • fortran77 39 days ago
    Only from a legitimate source. Like if I signed up for alerts for something and don't want them anymore.
  • the_clarence 39 days ago
    Just disable texts and use whatsapp instead no? I reenable it if I sign up for a restaurants waitlist.
  • meiraleal 40 days ago
    No, never interact with spammers/scammers, you'll just be feeding them with more info about you
  • aghilmort 39 days ago
    wish there was DROP | JUNK | SPAM | REPORT option where provider &/or FCC could direct investigate spam peeps

    plus mains & MVNOs checked DO NOT CALL / DO NOT TEXT registry before letting known spam accounts through etc

  • appsDev 39 days ago
    I always report junk but it does not seem to stop them.. Should be a better way
  • Eumenes 39 days ago
    Yes. I reply STOP and UNSUBSCRIBE to bad recruiters on LinkedIn too.
  • chaffroomba 39 days ago
    MY bank has a dedicated 2FA device, it can fit on my keychain
  • from-nibly 40 days ago
    If you are in the US, reply STOP. Carriers will enforce that. If you are outside the US and don't live in a place where carriers are legally obligated to enforce that keyword don't send anything. It will let them know they found a human.
    • lupusreal 40 days ago
      Stop is useless because the spammers never reuse the same number anyway.
  • 47282847 39 days ago
    Wow. Crazy. I never get spam SMS in Germany. I’ve had my number for 20+ years. If I did, I would report it to the federal agency in charge of number assignment. I hear they are quite effective in following up with reports.
  • ForHackernews 40 days ago
    Yes, STOP will stop further messages from that campaign.
  • golergka 40 days ago
    Never use SMS for anything other than the automatic notifications, so I really don't care in the first place.
  • MalWillis100 36 days ago
    [dead]
  • Davereye99 33 days ago
    [dead]
  • Quinn003 39 days ago
    [flagged]
  • S_A_P 39 days ago
    I’m not Left Wing. I’m certainly not right wing. However the latest trend for the Kamala campaign has in my case decided to follow the technical details of stop but not the intended scenario. I got a text message from the campaign fundraiser and clicked stop. Next day same time. Same first 6 digits different last 4. I hate politics. I’m not going to vote based off of a text.
  • tessierashpool9 40 days ago
    I think it's time to stop this Ask HN thing here.