This post first appeared on my SAP Blog on May 2, 2016.
Worldwide, SMS-based mobile messaging continues to evolve and innovate. Nowhere is this more apparent than in A2P or enterprise messaging. Numerous analysts have forecast that enterprise messaging (or A2P messaging as it is sometimes called) will continue growth and prominence through at least the rest of this decade. Why is this? SMS is still the most ubiquitous, far-reaching messaging channel in the world and will remain so for quite some time. While there are a growing number of non-SMS messaging/social media options (WhatsApp, Snapchat, Facebook Messenger, WeChat and many more) virtually all of them require both the sender and receiver to be using the same solution, thus leading to significant fragmentation – notwithstanding that many of these non-SMS chat apps are and will become significant “A2P channels,” going forward. Otherwise, SMS continues to show strength in that regard.
So why is it important that SMS messages are routed correctly? The global SMS ecosystem consists of separate, logical Application-to-Person (or A2P) connectivity network – one where mobile network operators (MNOs) have approved, and in many cases, monetized, this type of mostly commercial and non-human generated traffic. Traditionally, the A2P network uses separate connectivity from the general conversational or Person-to-Person (or P2P) connections. The reasons for this are numerous; however a significant reason is that it helps to control spam and grey route traffic over the P2P networks.
Wait? What do I mean by “grey route traffic?” Grey route traffic is typically A2P SMS traffic that attempts delivery outside of approved A2P connections or routes into the MNOs. Grey route traffic tries to leverage the P2P network and ubiquitous connectivity to avoid MNO fees or approval processes. Much of it attempts to take advantage of MNOs, aggregators, and even senders. As the ability to reach consumers through SMS is immensely valuable, there are numerous messaging aggregators and service providers that use a variety of tactics to attempt to circumvent MNO-supported routing standards.
Unapproved routing puts businesses and consumers at risk
When unscrupulous messaging aggregators try to circumvent operator-approved and monetized routes, they put
the business who is paying for the messages at substantial risk, due to non-delivery of these messages. The mobile ecosystem is becoming increasingly vigilant against so-called “grey route” traffic and is deploying SMS firewalls as well as more aggressive spam control measures.
This practice also increases the risks to consumer by exposing them to potential spam and/or fraudulent messages (phishing attacks, etc.). There are a growing number of unscrupulous, do-it-yourself SMS websites that promise low prices per message and bulk messaging. These services can typically cater to anonymous senders and the sites use a variety of methods to hide the messages among legitimate P2P messages and connections.
The sites may also leverage SIM farms – an organization that leverages thousands of SIMs (or Subscriber Identity Modules), connected to computer servers instead of mobile devices – to send large amounts of messages. They may also be used by unscrupulous senders to send unsolicited messages to large numbers of consumers with the further goal of obfuscating just who the sender is. The messages appear as if they are legitimate P2P messages – the originator is a phone number of a mobile operator (from which the SIM cards are from). SIM farms are also attractive to some businesses because they are very cheap and messages from them may be bounced from service provider to service provider in order to avoid legitimate operator connections – hence is why the routes they use into MNOs are known as grey routes.
MNOs don’t like SIM farms and do take measures to shut them down. Additionally, when they are uncovered as sources of mobile spam, they can be shut down by authorities. In the UK, the Information Commissioner’s Office (ICO) is an independent body set up to uphold information rights takes enforcement action against SIM farms and nuisance calls and spam texts.
What is behind grey route trends?
Most of the world’s MNOs apply termination fees to SMS traffic entering their network from another network through standardized agreements. Termination fees were put into place in early days of SMS as a measure to help control spam. While that goal was accomplished to a point, as SMS traffic continued to grow, the underlying SS7 networks were left relatively open as there are various types of signaling beyond SMS that must flow between MNOs. In the P2P messaging world, traffic between two MNOs is typically balanced – meaning conversational – termination fees effectively cancel each other out.
Grey routes will many times take advantage of national P2P traffic, by setting up shop within a targeted country. Many times, originators will be outside of the country leveraging thousands of “local” or national phone numbers of SIMs in the SIM-farm allowing the message to appear as a P2P message bound for subscribers with a local origination number. This practice breaks the balanced nature between the operators, but since each number may be used only a small part of the time, it gets through various types of filters that the destination operator has in place. This is but one example of how legitimate A2P or enterprise messaging traffic can suffer as it is travels several hops into the destination operator. Enterprise customers may pay lower price, but the traffic has a relatively low chance of delivery and due to multiple hops, there is no way to validate the message even made it to the destination. Consequently, many enterprises are getting heavily fleeced by these bad actors as they are billed for messages sent – not ultimately delivered. Because of the lower prices that many “bulk messaging aggregators” are able to support via SIM-farms and other vulnerabilities, this practice most definitely attracts spammers that will send unsolicited messages to subscribers without their consent, violating laws and regulations in most countries.
Mobile Operator benefits of trusted message routing
Trusted messaging aggregators contract directly with MNOs and other trusted aggregators to provide approved routes to mobile operators. These service providers offer the highest quality routes to mobile operators – many, if not most – with such features as handset or network delivery receipts. Additionally, when working with each MNO, trusted aggregators may be able to negotiate termination rates that enable the aggregator to then pass along favorable pricing to enterprise customers.
The physical connection to the operator may be through the global SS7 network, or now, more than likely, through direct, secure IP connections, and more increasingly, IPX connectivity. Whether connected through IP or SS7, the sender and the aggregator are recognized by the MNO and as such, traffic from this source will be prioritized and delivered.
Trusted aggregators will also work to insure that traffic delivered to the MNO is from trusted sources and can filter any traffic that is not. If an MNO requests that all of their incoming traffic – especially international traffic – flow through the aggregator, they can stem the bleeding of revenue due to uncontrolled inbound messaging through unmanaged SS7 channels. With the addition of an SMS Firewall into an MNO’s ecosystem, the MNO now has a valuable set of tools available to manage their network and traffic, while protecting subscribers from unsolicited messages.
This point is further emphasized as in many countries, MNOs are increasingly being held accountable for non-solicited or spam traffic reaching their subscribers. For example, in India, the regulator TRAI amended regulations calling for a Rs. 5000 for every SMS spam complaint.
Enterprises and Brands benefit the most from trusted routing
Shutting down grey-route and untrusted, multi-hop SMS routing certainly benefits the MNOs, but it is the end-customers – the enterprises, brands, and other organizations who are sending the messages – that stand to benefit the most. These are the organizations that pay the money to send messages and they expect and deserve a high conversion rate. When messages are sent through low-cost providers, these organizations are lulled into thinking that their messages will all reach their intended destinations. Furthermore, many organizations rely on high conversion rates to reach their target ROI on the messaging investment. Low cost or “too low to be true” is just that – too good to be true. Enterprises will never reach target conversion rates.
The concept of consent – that is, the end-users consenting to receive certain commercial SMS messages is at the center of most legal issues around SMS messaging. If an organization’s messages are received by an MNO’s network and there is not a readily identifiable sender address, then many of these messages are very likely subject to being blocked as spam since they cannot be readily identified, regardless of whether the end-subscriber consented to receive these messages.
Enterprises that use SMS for marketing must comply with a growing array of regulations such as TCPA in the United States, Canada’s Anti-SPAM Law (known as CASL), TRAI regulations in India, and the ICO regulations in the UK, to name but a few. All of these have provisions around identity and consent; however, by simply trying to avoid lawful MNO termination fees, they are already on the wrong foot and at worse, can be subject to legal troubles.
Finally, one of the most important reasons for using trusted routes to mobile operators is for delivering two-factor authentication (2FA) tokens to subscribers. Those suppliers and messaging providers that use “cheap routes,” and those that may take advantage of grey routes, do a major disservice to the overall concept of 2FA over SMS. One of the biggest complaints about 2FA over SMS is that many times the delivery rates are low. This can be heavily mitigated if the 2FA providers would simply use approved routes into mobile operators. In our own experience, we see successful delivery rates of many millions of 2FA tokens into operators around the world at success rates greater than 97%! But, we use approved operator routes. It is not our policy to use grey routes, but instead, we rely on our own direct, approved routes into our mobile operator partners.
The bottom line is: Yes, it very much does matters what route a message takes to reach a mobile operator and the consumer. There are legal ramifications as well as quality – whether simple notifications or high value 2FA PIN codes.
 Conversion rate: A measure of successful SMS respondents vs. the number of messages sent. In other words, how many end subscribers responded or acted on the message the received.