Reputation Policies

Introduction

ClearIP can determine if an inbound call is a possible scam or robocall based on the reputation of the calling number. The Reputation Policies page under the Inbound Services menu allows granular control over when a reputation lookup should be performed and what action should be performed for a poor reputation calling number.

Setup

For each call where a reputation policy is enabled, ClearIP looks at the calling number and queries a reputation database and gets a reputation score from 0 - 100. The higher the score the more likely the call is to be a known robocaller or spammer. If the returned reputation score is higher than the configured threshold, then ClearIP can take action on the call.

Reputation Policies

Reputation lookup is disabled by default unless a policy exists that explicitly enables it.

The action field defines what action should be taken if a reputation lookup is performed and a poor reputation is found. Options include the ability to indicate the call as SPAM in the CNAM value, block the call, divert the call to the diversion device, or only report the reputation score in the SIP message record.

The reputation score threshold determines which calls are flagged as robocalls. Calls with reputation scores greater than the threshold are considered robocalls. The threshold is pre-filled with the value of 79, so that calls with a reputation score of 80 or more are flagged. The threshold value can be altered depending on which calls you want to allow, indicate as SPAM, block, or divert.

To enable reputation lookups for inbound calls, the policy should be restricted to apply to inbound calls by either selecting the relevant Service Provider or Operator field.

Reputation lookup can be enabled for individual called numbers or ranges by specifying a full called number or a prefix. This allows the service provider to offer robocall prevention as an opt-in, value-added service to its subscribers for an additional monthly charge.

Reputation Policies as Opt-in service

Reputation lookup can also be enabled for all subscribers by creating a policy with a blank called number and enabled status. If any subscriber chooses to not have their calls monitored for robocalls, then they can opt-out of the service if a reputation policy is created for their DID with the Status set to Disabled.

Reputation Policies as Opt-out service

SPAM Indication

Note: Netsapiens users must set the Action to Indicate in order for the Netsapiens to treat the call as SPAM. Different SPAM treatment options should be configured in the User Answering Rules and not within ClearIP.

If the Action is set to indicate high risk calls as spam and a high risk calling number is detected, then ClearIP can overwrite the current CNAM value (if one is present) to the value which is returned in the SIP 302 response. By default, CNAM values are returned in the P-Asserted-Identity header, but this can be configured.

SIP/2.0 302 Moved Temporarily
Via: SIP/2.0/TLS sip.clearip.com:5061;branch=z9hG4bK9a53.7bd20137684de80a41291f5f36eb2fd2.0;i=0937f46;received=::ffff:10.0.11.177
Via: SIP/2.0/TCP 1.1.1.1:5060;branch=z9hG4bKmcvvcc2000tlb8g67n20.1
To:  <sip:+14045266060@35.175.114.71:5060>;tag=62d38e97-5eef-4087-8dfd-834332c7aab8
From: <sip:+18778295500@1.1.1.1:49000;isup-oli=0>;tag=gK0023e33d
Call-ID: 40175_124554159@2.2.2.2
CSeq: 953026 INVITE
P-Asserted-Identity: "<SPAM>" <sip:18778295500@2.2.2.2:5060>
Contact: <sip:+14136840320@3.3.3.3>;q=0.99
Reason: SIP;cause=302;text="no-fraud-detected"
Content-Length: 0

If the action is set to indicate high risk calls as spam and no high risk calling number is detected, then ClearIP does not modify the current CNAM value (if one is present) which may have been supplied by ClearIP or an external source.

If the action is set to indicate high risk calls as spam and the STI Verification Policies have been set to indicate call verification in CNAM, then a high risk, successfully verified call will be given the following CNAM value by ClearIP

	[V]<SPAM>

If a ClearIP user plans to use the SPAM indication feature in their Reputation Policies, then they should ensure that any CNAM provisioning or modification functions external to ClearIP take place before the call is sent to ClearIP, so that the SPAM indication is not overwritten. If ClearIP is used as the CNAM provider, then ClearIP automatically does a CNAM lookup before doing a reputation lookup.

Reporting

SIP Messages

The reputation scores of calls previously made can be viewed in the SIP Messages under the column Reputation Score.

Reputation Score

A reputation score is reported for all SIP records. This score ranges from 0 to 100. A score of 0 indicates that no reputation lookup was performed, no reputation was found, or a calling number with normal behavior. Scores of 1 through 100 are used to indicate a calling number with suspicious behavior where 1 is the least suspicious and 100 is the most suspicious.

A reputation lookup flag is set for all SIP records. Only calls with this flag set to yes will be billed for reputation lookup. This is shown in the SIP Messages column Reputation Lookup.

SIP Reports

ClearIP’s reporting tools enable you to monitor and investigate any suspected robocalls.

To view the reputation reports, go to the SIP Reports page under the Analytics menu.

By default, ClearIP will display the number of calls made to specific countries within the past hour. You will need to modify the SIP Report by choosing your desired settings. If you click on the blue Load Canned Reports button on the bottom left, then you can select from some preconfigured report options. SIP Reports

You can select “Calling Numbers with Reputation Score Above 0” as the report type to monitor suspicious calling numbers.

Load Canned Report

Calling Numbers with Reputation Score Above 0 Report

Calling Numbers with Reputation Score Above Zero

When you select this report, ClearIP will automatically display the calling numbers with reputation scores higher than zero, the number of calls received during the selected time period, and the reputation scores associated with each calling number.

Robocalls to a Specific Subscriber

Some service providers like to provide data to their subscribers about how many robocalls have been blocked recently to demonstrate the effectiveness of the service. This SIP report shows the total number of robocalls that have been blocked for each DID in the past week.

View SIP Reports to see high reputation called numbers

Return Reputation Score in SIP response

If the reputation service is enabled, then ClearIP can be configured to return the reputation score in the SIP 302 response. This can be enabled in the SBCs page by setting the Return Reputation Score In SIP Response field to Yes. The reputation score is sent in an X-Reputation-Score header.

SIP/2.0 302 Moved Temporarily
Via: SIP/2.0/TLS sip.clearip.com:5061;branch=z9hG4bK183b.01b255a50f3793000356a73fdb7fe032.0;i=799caf26;received=::ffff:10.0.12.228
Via: SIP/2.0/TCP 192.168.1.89:3000;received=18.208.235.205;branch=z9hG4bK-1387-1-0
To: <sip:14047884802@1.2.3.4:5060>;tag=c0a67211-4099-4ca6-adee-007a3a6e26ed
From: <sip:16237453822@192.168.1.89:3000>;tag=1
Call-ID: 1-1387@192.168.1.89
CSeq: 1 INVITE
X-Reputation-Score: 100
P-Asserted-Identity: "<SPAM>" <sip:16237453822@192.168.1.89:3000>
Contact: <sip:14047884802@1.2.3.4:5060>;q=0.99
Reason: SIP;cause=302;text="no-fraud-detected"
Content-Length: 0

Acceptance Test

Click on the green Add button to add a Reputation policy. Select the Operator or Service Provider for inbound calls, set the Status to enabled and set the Action to Block. If you would restrict the testing for a specific number, then you can enter your test number in the Called Number field.
Note: Netsapiens users must set the Action to Indicate in order for the Netsapiens to treat the call as SPAM. Different SPAM treatment options should be configured in the User Answering Rules and not within ClearIP.

Reputation Block

Generate an outbound call with spoofed calling number 212-555-9100 to the test line. The call should be blocked before ringing the phone.
Go to the SIP Messages page. Check the calling number reputation score is 100.
Click on the Columns button and select the Robocall Mitigation option. This displays a set of columns related to robocall prevention.
Check the Reputation Score for 12125559100. It should be 100 which is the score that indicates the maximum level of robocall activity. Note that the High Risk Calling Number column is “No”. Reputation analysis is different and more dynamic than Inbound Shield. The High Risk Calling Number and Reputation scores may not always agree, but if either indicates a problem, then the calling number should be investigated.
Additional tests can be made with the following calling numbers. These numbers are reserved for testing with preset reputation scores.

Calling Number	Reputation Score
12125559000	0
12125559020	20
12125559040	40
12125559060	60
12125559080	80
12125559100	100

Additional tests can be made with different Actions: Report Only, Indicate, Divert, Block.
Before enabling robocall blocking on production inbound calls to subscribers, we recommend trialing the reputation service by enabling a reputation policy with Action set to Report Only and only sending a limited set of production inbound calls to a few internal corporate desk phones. This allows ClearIP to record detected robocalls in the SIP Reports without blocking calls at first. After this test period is successful, then ClearIP’s robocall blocking can start to be applied to subscriber production incoming calls.