Regular readers will know we take spam and scam calls, aka nuisance calls, very seriously. Every one is potentially a granny robbed of her life savings. Every one is somebody's evening being interrupted and the integrity and trust in the system on which our livelihoods depend being undermined. Every one using a sub-allocation of our numbering is potentially reputational damage for us, which in the past has led to death threats for me. So we're pretty intolerant of this rubbish gumming up the network, whether it originates from our own customers or off net from those who see the money before the morals.
Every day, tens of thousands of calls try to cross our network and don't make it. Not because of congestion, not because of a fault - because they were scams, sprays, and spoofs, and we stopped them. Over a million a month. Fifteen million in the last year, and growing.
We tightened the net hard through last summer, and at the peak we were rejecting nearly six in every hundred call attempts based on their identified signature. If you've heard us cite "around 5% of traffic", that's the era it comes from, and it was true. It is about half now owing to two factors.
Traffic across our network has two sources - our own customers where we see 100% of their attempts usually, and other networks where we see a proportion of their attempts broadly equivalent to our market share. In the worst cases, we’ll see both - traffic across multiple customer accounts and attempts coming in across multiple peers. We’re agnostic about origin, it all gets treated the same, but we can and do terminate accounts. Sometimes this is within days of passing KYC and having service established. Other times, it's long-standing customers who have regrettably been seduced by apparently easy money. We don't discriminate: bad is bad.
What we’ve seen is a substantial reduction in the proportion originating on-net (of the 100% we see) and a substantial increase in that which originates off net (of the market-share percentage we see). This is of course in part traffic from those accounts we've terminated which has been welcomed with open arms by others. But the vast majority is simply the ongoing inflation in this type of traffic. Over the past year, the share of hostile calls in the traffic our peers hand us has roughly doubled - across every peer.
Part of the driver for this is simply economics. Wholesale phone calls are so cheap and actually free for the originator unless they connect. So turning up the volume, harassing more end users remains a lucrative and viable business, even if only a tiny proportion of them ever engage positively.
We tried to encourage Ofcom to change these motivations in a recent consultation, sadly to no avail.
One network in particular who we have called out repeatedly for their pious virtue-signalling, and specifically in the context as the “Fox in the Hen House”, has KYC requirements as pitiful as their technical standards. By our measurements, they are ten times more likely to be the origin of a spam call than the cleanest of our peers - which, credit where due, is BT. We won’t allow our customers' end-users to be ripped off or harassed, even if they will. I presume this is lax KYC rather than wilful targeting of that market segment, but the result is no different for the poor person on the receiving end.

That is based on the route traffic takes but it is equally interesting if one looks at the Range Holders problem numbers are assigned to. There are some really bad ones but if we look at the top 10, and then consider which networks host these, let’s just say it looks like the route probability would suggest. The smallest of aforementioned hosting operators is clear number one, with 5.6x BT’s number of blocked calls. Market-share weight this and things get exponential. Simwood, despite hosting more ranges than the number one spot, and seeing 100% of the traffic by virtue of the sampling taking place on our network, doesn’t appear on that list at all. So this appears to be Range Holders with lax KYC, favouring hosts with lax KYC, who also have lax KYC over the traffic they pass. How many times can you say correlation isn’t causation before giving up?

I’d dearly love to publish these league tables, maybe as a real-time dashboard like we have internally. I think they’d be really insightful to policymakers and hopefully drive responsible CPs to make different choices. Unfortunately various rules in our industry introduce hurdles to that. Maybe Ofcom will s135 us for this data? The blurred images above are the best we can do for now.
The result of all this on our side is a dramatically cleaner network: the failed-call share has fallen, and the population of abusive numbers originating here at any moment has fallen by roughly two thirds.
Meanwhile, excluding the effect of customers terminated, our catch rate is rising. Same customers, sharper filter. That's the pair of numbers that matters: cleaner network, keener blade.
Despite us catching more bad stuff in a cleaner population, the really important thing for us is false positives. Anyone can block 1m calls and in fact we’ve already told Ofcom we could block 30m just by enforcing one of their long-standing rules. The trouble is, doing so unilaterally we’d be out of business because those blocks would result from decades of poor discipline by other operators, either not knowing or not caring about the existence of said rule.
We treat blocking a legitimate caller as a serious incident. The entire system is engineered backwards from that:
- No block is forever. Every block is time-limited and expires automatically. A number is re-judged on what it does next, not on what it did once. However, persistent offenders now escalate, i.e. the blocks get longer each time.
- Every block candidate gets a second opinion. An independent AI adjudicator now reviews the evidence behind every candidate - and it argues in both directions. It can overturn a block as readily as confirm one, and every verdict it gives is logged and scored against what actually happened next.
- Evidence protects the innocent. Numbers with genuinely healthy calling relationships are structurally protected - a borderline signal cannot block them. And where evidence is missing or stale, the benefit of the doubt always goes to the caller. Absence of proof is never treated as guilt.
- We audit our misses, not just our mistakes. We now randomly re-examine traffic we cleared, so we can measure false negatives as rigorously as false positives - and tune the balance on data rather than anecdote.
Everything above is measured against real outcomes, continuously. This month we validated a new early-warning technique against a full year of enforcement history - strictly past-predicting-future - and found it concentrates almost half of the next month's brand-new offenders into a third of a percent of the number space. That means checking bad numbers before they've hurt anyone, not after.
That is a difficult one because compliance won’t always allow us to act upon the profiling of a number based on which Range Holder on which network and which interconnect the calls come from, even though statistically that gives great signal. The danger comes where some innocent user has seen the light and ported out which fails our false positive rule.
We also had an independent machine-learned model audit our hand-built rules: it agreed with every one of them, which is either reassuring or suspicious, and we choose reassuring - it also found two new signals we're now evaluating.
None of it ships as blind automation. New signals face direct scrutiny first and blocking only with corroboration. The system is learning all the time, both from its own evolving baselines and the signal of proven hypotheses. There are now well over 40 proven factors go into any block/don’t block decision, which individually have high statistical probabilities before tying them together.
Lastly we have recently licensed TPS and CTPS data. Calling those numbers isn't signal on its own because we don’t know the intent of those calls, but there are some interesting patterns in there which will no doubt help over time. One of the aforementioned operators purports to offer TPS screening as a service, despite not being a licensee of the data. Curious in itself considering the other data points.
Nuisance calling is an ecosystem problem. Every network that tolerates it - through indifference, through fear of the support tickets that come with imperfect blocking, or because the margin on a spam machine is too nice - keeps the problem alive for everyone. Our experience says the fear is misplaced: block precisely, expire automatically, review everything, measure both error types, and bin abusers. The only question is whose network they land on next, and our stats already answer it.
We would be very interested to hear from other network operators who would be interested in a feed of what is blocked, especially what is blocked coming from their network.