Recently the SMS is increasingly the subject of the phenomenon Fake DLR (fake receipts), a counterfeit of the delivery receipt that some mobile networks return on request from each individual SMS.
3 million messages per day
The CM servers alone process over 2,000 text messages. 125,000 per hour, three million a day. That includes text messages for purposes such as mobile marketing, One Time Passwords (OTP), SMS reminders etc. All those messages find their way from the sender to receiver, coming from B2B SMS applications like MailSMS, GroupSMS or the senders own SMS application and direct API connections to CM's SMS Gateway.
SMS routes and Delivery Receipts
Which route an SMS takes, depends upon a number of factors. The most logical route is that from a mobile phone (P2P) or an application (A2P) to an aggregator (SMS Service) after which the message is delivered to the SMSC of a telecom operator. The operator forwards it to the operator the receiver is connected to. Almost every text message also produces two DLR's, a Delivery Receipt or Delivery Report. One delivery receipt tells whether the message is accepted or rejected, the second indicates whether the message has been delivered or is failed. Such status updates are crucial, because SMS is used in critical business processes. The DLR provides information on the delivery route and time, whether it ended up in a queue, or - at worst - the text has not arrived – it failed. The Retry System by CM, which sends a text message if delivery fails, depends on the DLR's text messages (see also the blog post on the Retry System).
The Delivery Receipt (DLR)
The availability of DLR's depends on whether the network supports DLR's or not. In principle, operators and SMS services only work with networks offering this feature. If the SMS Gateway sends an SMS there’s always a request to return a DLR. Service providers and their customers should be aware of the legal status of many business-critical messages. The process of delivering is seriously disturbed by the so-called Fake DLR's. Fake DLR’s are - as the name states - fake delivery receipts. They pretend an SMS message has been delivered to the mobile phone. In reality, the operator or aggregator has done nothing with the message but throwing it away.
SMS service providers have much difficulties figuring out who is responsible for sending back fake DLR’s. The routes that text messages travel sometimes lead to different operators and/or SMS aggregators. Within this route it may occur a fake DLR is returned. For the sender of the SMS it is often not clear whether its partner is directly responsible for the fake DLR, because the partner often co-operates with a third party to deliver text messages. A Fake DLR shows that an SMS message has been delivered correctly while the opposite is true. In a 'normal' failed delivery, the DLR clearly indicates that the text message could not be delivered for any reason. The only one who can actually discover this method of faking delivery is the customer who has sent the SMS messages.
A real-time logging which shows exactly whether an SMS is delivered or not in combination with a test message to a mobile phone controlled by the client, could be the method to check whether SMS arrives or not. If no text message on the mobile phone is displayed, but the DLR indicates it as delivered in the logging, you know you’re dealing with Fake DLR's. Another method to fight Fake DLR's is the use of so-called test boxes for voice and SMS. These boxes allow operators real-time testing of voice and text messages. CM co-operates with other companies and service providers building a global test network. There are already 400 live destinations.
Another method to slightly influence the Fake DLR method is ‘punishing’ the one’s responsible for Fake DLR’s. CM works proactively to detect deliberate returned fake DLR's. This means that - like after confirmation of actual fraud - the person responsible will be ruled out of handling SMS traffic coming from CM. No SMS traffic means no work and therefore less income.
A properly functioning market is under pressure
Unfortunately, the above methods are not completely infallible. That and the fact that this fraud is difficult to detect hence lead to an SMS market which is slowly losing its value. Already margins on text messages are under pressure due to the rise of mobile internet, smart phones and apps. On the short term sending fake DLR’s might be lucrative business. On the long term however, SMS users will put aside using SMS as a communication channel: After all, you don’t use something that doesn’t work.
The fake DLR's is a phenomenon that since recently gains ground and is considered a form of a cyber threat. CM and telecom partners have solved another recent issue called spoofing. CM is convinced that Fake DLR is a problem that can be dissolved quickly.