Preventing Spam Calls with Twilio or SignalWire

Due to recent life events, I’ve been engaging with realtors, banks, and lenders. In all cases, I’m looking for information on their services and start by filling out an online form which should lead me to find such information. Typically instead of directly providing the answers I seek, the process breaks down with a statement of “we’ll get back to you”. Then, at random hours, I receive unsolicited phone calls from unknown phone numbers that are wholly unnecessary regarding the service. Better yet, even if the service provides the answers I’m looking for, salespeople often follow up regarding my interest in the service.

Throughout this whole process, I keep asking myself - why can’t people just use e-mail? Well, why not force them to?

I’ve recently stopped filling in my personal phone number in these web forms. If the form requires a phone number, I now supply a Twilio SignalWire phone number with a little bit of TwilML cXML to provide a simple pre-recorded message for voice calls, asking the caller to instead contact me via e-mail with a provided e-mail address. For incoming SMS messages, I have a cXML script that forwards the message to my self-hosted ntfy instance. All of this is accomplished with a few nginx configuration tweaks.

On Twilio and SignalWire

My first stop for this project was of course Twilio, but I had issues getting past “identity verification” in their onboarding procedure, which occurs when an account tries to exit “trial” status - I don’t recommend ever using a VPN with their services! Thus, I started looking for alternatives. SignalWire seems almost exactly the same (for my purposes at least) and substantially cheaper! TwiML and cXML are more-or-less (if not exactly) the same, so the below nginx blocks work for both Twilio and SignalWire.

nginx Configuration

Without further ado, here’s what I have set up (with exact URLs redacted):

Voice auto-responder:

location = /SOME_URL_PATH {
        default_type application/xml;
        return 200 '<?xml version="1.0" encoding="UTF-8"?>
<Response>
  <Play>SOME_URL.mp3</Play>
</Response>';
}

SMS to ntfy logger:

# declare constants
set $NTFY_SERVER "https://ntfy.example.com";
set $NTFY_TOPIC_NAME "signalwire-sms";
set $NTFY_AUTH_TOKEN "SOME_AUTH_TOKEN";

location = /SOME_URL_PATH {
    if ($arg_From) {
        # Make a proxy request to ntfy with the GET parameters as the message
        proxy_pass "$NTFY_SERVER/$NTFY_TOPIC_NAME/publish?auth=$NTFY_AUTH_TOKEN&title=Incoming%20SignalWire&message=From:%20$arg_From%0ATo:%20$arg_To%0ABody:%20$arg_Body";
    }
}

nginx conditionals are quite limited! The SMS to ntfy logic could be better - the conditional only checks for the From query parameter, then expects To and Body to be defined as well. You could use a combination of multiple conditionals to confirm that all query parameters have been set, or even Lua scripting.

By using proxy_pass in this way, I’m prevented from auto-responding to SMS messages with a cXML response. As of now, I don’t expect anyone to send unsolicited SMS messages to my SignalWire number, but if they do, I’ll at least be able to see them.

I chose to use nginx modifications instead of writing a simple webapp simply due to the level of complexity needed to fit my requirements. I already have an nginx server running (for this blog no less), so I may as well use it!