While we have been fighting spam and phishing in the SMS realm for many years, with mixed, but generally good success, there has been a great deal of speculation as to how spam control with RCS will work – especially because it is End-to-End Encrypted (or ultimately will be, even across Android and iOS). So, in the age of end-to-end encrypted (E2EE) RCS messaging, a common question arises: how can a carrier detect spam without reading the message content?
The shift of consumer-to-consumer (P2P) messaging from SMS to RCS has brought with it incredible benefits: rich media, read receipts, and a more engaging experience. However, it has also opened a new front in the battle against spam. As bad actors pivot to the P2P RCS channel to exploit its open nature, a new class of sophisticated anti-spam solutions has emerged to fight back. This page will look under the covers to explain how these systems protect you, all without compromising your privacy.
The Core Problem: A P2P Gray Area
Spammers are leveraging a critical gray area in the messaging ecosystem. While the A2P (business) channel is heavily vetted and monetized, the P2P channel is designed to be free and open. Bad actors exploit this by using P2P tools—like messaging apps or SIM farms—to send unauthorized A2P messages in bulk. Since RCS messages can be end-to-end encrypted (E2EE), these messages present a unique challenge: how do you stop spam when you can’t read the content?
The answer lies in a fundamental shift from content-based filtering to behavioral and metadata analysis. The spam filters stop analyzing “what the message says” and start analyzing “how the message is sent.”
Key Defensive Mechanisms
Carriers, platforms (like Google-Jibe), and anti-spam vendors (such as Proofpoint and Syniverse) have a powerful toolkit to combat P2P spam.
- Behavioral Analysis: This is the most crucial layer of defense. The system builds a behavioral profile of a typical human user based on a series of metrics:
- Throughput: Messages are sent at a low volume and frequency, as if a human were typing on a device. A sudden surge in messaging velocity is an immediate red flag.
- Volume: The total number of messages sent in a short period. A sender broadcasting hundreds or thousands of messages is a clear sign of automation.
- Recipient Count: The number of unique recipients a single sender texts. P2P is typically sent to a small group of known contacts.
- Balance: The ratio of outgoing messages to incoming replies. Spammers send broadcasts and receive few, if any, replies, leading to an extremely unbalanced ratio.
- Sender Reputation: Every phone number in the ecosystem is assigned a reputation score. This score is a dynamic metric that can be influenced by multiple factors, including:
- Spam Reports: When a user reports a message as spam, the sender’s reputation score is negatively impacted.
- Carrier Reports: If a sender is flagged by a carrier for suspicious behavior, this information is shared and contributes to the number’s overall reputation.
- Content Hashing and Fingerprinting (for Encrypted Messages): This is the key to fighting spam in an E2EE world. Even though the message content is unreadable, a unique digital fingerprint, or hash, of the message is created on the sender’s device before it’s encrypted. This is a critical step performed by both iOS and Android devices to enable network-level spam detection without compromising privacy. This hash is then sent along with the message’s metadata.
- SHA-256 (for Identical Content): The most common cryptographic hashing algorithm is SHA-256. It creates a unique, fixed-size 256-bit output. If a spammer sends the exact same message to thousands of people, each of those messages will have an identical hash value, which is a clear sign of a broadcast.
- For more on the SHA-256 algorithm, this video provides a detailed, step-by-step explanation of how the SHA-256 algorithm works. SHA-256 | COMPLETE Step-By-Step Explanation
- Perceptual Hashing (for Near-Identical Content): Spammers often use “spun” content—messages that are slightly altered to evade detection (e.g., changing a recipient’s name). For this, spam vendors use perceptual hashing or machine learning models that are designed to find similarities. These algorithms create hashes that are tolerant of minor changes, allowing the system to flag a sender who is broadcasting near-identical content.
- SHA-256 (for Identical Content): The most common cryptographic hashing algorithm is SHA-256. It creates a unique, fixed-size 256-bit output. If a spammer sends the exact same message to thousands of people, each of those messages will have an identical hash value, which is a clear sign of a broadcast.
A Coordinated Defense
No single tool or company can fight spam alone. The defense is a coordinated effort:
- On-Device Filtering: Platforms like Google Messages use machine learning models on the user’s device to detect and filter spam before it even reaches the inbox.
- Carrier-Level Firewalls: Carriers and their vendor partners maintain firewalls that analyze incoming traffic, looking for behavioral red flags and known scam patterns.
- Real-Time Threat Intelligence: Anti-spam vendors aggregate spam reports from millions of users and share that intelligence with carriers in real time, allowing for a rapid, coordinated defense against new threats.
While spammers will always adapt, the new security infrastructure in RCS provides a far more robust, intelligent, and coordinated defense than was ever possible in the fragmented SMS ecosystem. The battle against spam is a continuous, adaptive process, but with the new tools and platforms, the industry is far better equipped to protect consumers.
This video is relevant because it provides a good overview of how a similar messaging protocol, Apple’s iMessage, uses end-to-end encryption for security.