问题
I'm working on a web service that would use an SMS gateway to receive instructions from customers. Since this would be a commercial product I would like to implement a safeguard to protect our system from SMS spoofs. I don't want people impersonating others by spoofing their number.
I've noticed that Twitter allows people to tweet through text messages, how can they make sure that messages are actually genuine?
Is this possible, and if so how do I accomplish this? Or should I ignore this and just deal with it through support should they get through.
回答1:
How do users spoof their numbers? Every service I've seen that allows users to interact from their phone requires a validation process first (like this). And carriers won't let you send messages through their system from a device they don't know. SMS gateways also provide safeguards to prevent spoofing. So I'm not sure how big a problem this will be for you. I would worry about it once you start encountering it.
回答2:
Unfortunately with services like Spoofcard it is sometimes possible for someone to spoof an sms message. Spoofcard even works in the US even though US carriers have historically been better at blocking spoofed text messages. You can try it yourself at their site. I was able to spoof a text message to/from a tmobile number.
The solution is to implement a verfication question/text for the user to answer but this will cost you/them an additional text message.
回答3:
Fogmo, a popular SMS spoofing site, allow you to contact them and add any number to a 'blacklist'. This would ensure that your customers' phones won't be spoofed to, or from. It's well worth contacting them (and similar sites) to request this.
来源:https://stackoverflow.com/questions/2923591/dealing-with-sms-spoofing