TRAI's New SMS Rules: How Pre-Tagging Will Crush Fraud and Spam

Variable components such as URLs, application download links and callback numbers that change depending on recipients or over time must now be explicitly tagged, an official statement said.

Under the new requirement, senders must explicitly tag each variable field at the time of template registration, i.e. must specify the purpose for which the variable is going to be used, the statement added.

"For example, tagging a variable as #url# implies that the variable contains a URL. Unless these variable fields are pre-tagged, Access Providers cannot identify or scrub them to determine whether the inserted values are from whitelisted domains, numbers, or links," the Ministry of Communications said.

Pre-tagging helps in automated identification and scrubbing of variable fields.

With the introduction of mandatory pre-tagging, these variable elements will now have to be categorised and registered upfront by the principal entities (PE), making them traceable and accountable.

Access Providers and Principal Entities are required to complete the modification of existing templates within a period of 60 days.

After expiry of this compliance window, messages sent using non-compliant templates will be rejected and not delivered.

Evidence from multiple Unsolicited Commercial Communications (UCC) investigations showed that the absence of predefined tagging has been routinely exploited for fraudulent and phishing activities.

Absence of predefined tagging allowed unregistered or malicious URLs, app links, and callback numbers to be inserted into approved templates without detection.

The direction from the Ministry aims to further strengthen the anti-spam and anti-fraud framework by ensuring complete visibility of variable fields in SMS and enabling Access Providers to apply stringent content scrubbing.

- IANS