Shortened URLs such as bitly, shorturl, tinyurl etc are temporary links used as part of message content to reduce the number of characters.
Besides, there are dynamic links specific to a user which are created for purposes like KYC, password resets etc. These temporary and dynamic links are generated in real-time and cannot be registered with the telecom companies beforehand, say industry executives. Brands and enterprises also use new links frequently such as those used in marketing campaigns which run for a week or so.
In a directive issued a few weeks ago, the Telecom Regulatory Authority of India (Trai) had asked telcos to stop transmitting messages containing URLs, OTT links, APKs (Android application packages) or call-back numbers that are not whitelisted-or registered with telcos-by senders from September 1.
However, due to non-readiness by companies, Trai has extended that deadline by a month.
“The whole blockchain solution and subsequent orders by Trai are a transition in the messaging ecosystem,” said one telecom company executive. “With regards to the URL mandate, we have conveyed the challenges related to shortened and variable URLs to Trai and the authority has graciously allowed us more time.”He explained that telecom companies deliver nearly 1.5-1.7 billion SMSes per day. Any hasty implementations to the system could cause disruption to the service, which has been observed in the past.He was referring to an instance back in March 2021, when implementation of template scrubbing had caused 50% of SMSes to drop in one single day.
“This is a complex problem to solve, but we have designed a system that checks the landing website of every weblink before allowing the SMS to pass,” said one executive at a blockchain service provider company. “It doesn’t matter whether a link is unique, dynamic or shortened, any enterprise who has whitelisted the static part of their URL, the messages will pass.”
While some companies have demonstrated platform readiness to comply with Trai’s mandate, others are catching up with changes and IT transformation required for such deployment.
Whitelisting means entities sending commercial messages must provide all information related to URLs, call-back numbers, etc., to telcos, who will then feed the information to their blockchain-based distributed ledger technology (DLT) platform. If the information matches, the message is passed; otherwise, it is blocked.
With these checks, Trai is aiming to curb spamming and phishing attempts made to using SMS by plugging-in misleading URLs. Sometimes, these as Wa.me links which lead a user to a WhatsApp inbox where a fraud conversation is attempted. Whitelisting and verifying these links before an SMS is delivered is a proactive measure by TRAI which could prevent fraudulent SMSes reaching subscribers’ inbox.