SMS bad

2022-09-17

Carriers censor SMS and your texts are not encrypted AT ALL.

• I run IT infrastructure for a local small business.
• This business relies on sending and receiving SMS messages to customers.
• We send proofs from our Nextcloud instance running off a .xyz domain name.
• Customers were claiming that they were not receiving messages we were sending.
• After much investigation, it was determined that some carriers were actually blocking messages from being received/sent if they contained *.xyz domain names.
• I discovered this based on this Hacker news article “The Perils of an xyz domain”
• We had to switch to a .net domain name just so that our SMS messages would send

In summation, xyz domain names are treated as spam because of how cheap they are. This practice is anti-open internet and also mean to poor people who are trying to save money on domain name costs by buying cheap xyzs.

This means that the content of your SMS messages are absolutely not private it any way. The carrier has complete access to anything you write in an SMS message. It’s highly unlikely that this censorship (and yes, it is censorship) is occurring on-device.

1. I hate that carriers (or whoever down the line is choosing not to deliver the message) get to decide what domain names are spam or not spam.
2. I hate that my carriers can ever know what is in my message
3. Also fuck Apple

I plan to phase out SMS in the next N years in favor of some kind of self hosted web based messaging platform so that I can direct people to send messages who don’t know how to use Signal or Matrix.

Conclusion

SMS is not secure, all your messages can be read (no encryption), and content you send gets censored.