Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: What are you doing about A2P 10DLC for hobby projects?
3 points by abound on May 19, 2023 | hide | past | favorite | 6 comments
I use Twilio for SMS and MMS in a random assortment of personal projects: alerting for a home server, chess over MMS, notifications to/from family members solving puzzle games, etc.

I've been receiving the various Twilio emails about A2P 10DLC [1], but have mostly ignored them until now as it seemed like things were still in flux. Now that the dust has settled, it looks like I'd need to register as a "Sole Proprietor", pay $4 for a "Brand", pay $15 for "Campaign Vetting", and then pay $2/month for that "Campaign" in order to continue sending messages (mostly to myself) the way I do at present.

It's not necessarily that the cost is prohibitive, it's more so than I don't really want to pay $2/month for a service I'm sometimes not using at all.

As far as alternatives, I looked into a few different options:

- Using a toll-free number [2] - This requires verification too, but via a different process. It looks like toll-free numbers in the US cost $2.15/month.

- Using a different notification system - I already have a (Twilio) SendGrid subscription, I could just move SMS + MMS-based services to email, and I really should use a PagerDuty-type service for my homelab alerts anyway.

- "Special Use Cases" for A2P 10DLC [3] - "Low-volume hobby projects" didn't make the cut as a special use case.

- Move to another SMS + MMS API - Since A2P 10DLC is an initiative of US carriers (as far as I can tell), all Twilio competitors (e.g. [4]) have to offer more or less the same flow (campaigns + external vetting) and pricing.

- Build an alternative service - Not a particularly realistic option, but I don't see why one couldn't (attempt to) make a campaign on behalf of all hobby projects and offer to enforce limits on their behalf (low volumes, perhaps a phone-number allowlist per project with low quotas, etc), and have that (and your internal business practices/controls) go through the vetting process and get approved by carriers.

[1] https://support.twilio.com/hc/en-us/articles/1260800720410-What-is-A2P-10DLC-

[2] https://support.twilio.com/hc/en-us/articles/360038172934-Information-and-best-practices-for-using-Toll-Free-SMS-and-MMS-in-the-US-and-Canada

[3] https://support.twilio.com/hc/en-us/articles/4402972441243-Special-Use-Cases-for-A2P-10DLC#h_01F9J4T5823K3ENEDAN7WM70Z7

[4] https://www.plivo.com/docs/privatebeta/sms/10dlc/quickstart/



I use Twilio for a friends & family only project, and just this week jumped through the hoops to register. I'm willing to suck it up and pay the $2/month because I understand the purpose of this whole thing is to reduce spam. I hate the spam texts I get more than I hate paying $2 so for me it's worth it. However, I understand your reluctance and also considered (and might eventually switch to) something other than SMS, maybe back to good old emails or if I get everyone onto a single messaging platform I'd use an API into that.


That's a useful bit of perspective, I'd been cynically looking at this as a money grab by carriers, but if it does end up reducing spam, seems like a net positive.

I think my main ideological qualm is that now I'm paying both for usage _and_ for the subscription. I also don't understand what the monthly fee is for in this case. Once the campaign is vetted + verified, what ongoing cost is there for them? Just feels like rent-seeking behavior by the carriers.

At the end of the day, I might just bite the bullet, go through the process, and pay the fee though, I'm not super enthusiastic about any of the alternatives


I could be wrong here, but I think it's to significantly increase the barrier to spam senders. Today it's dead simple and effectively free to register as many fake accounts as you want and send millions of spam messages. The new rules + fees make that both time prohibitive and cost prohibitive. The latter is important because spamming is a business model - if spammers can make more off their scams than it costs, they will find a way to do it.


That's heartening to hear, I'm a firm believer that the best way to eliminate these undesirable behaviors is to remove the financial incentive to do so. That said, as far as I can tell, this solution doesn't seem to get to what (in my completely layman understanding) is the heart of the problem, which is number spoofing. Even if every number is registered to an owner who has vetted their campaign with the carriers, if someone can "pretend" to be someone else's number, it seems to circumvent that whole system.

Really stressing that I have absolutely no knowledge of telephony networking, I think of this like IP spoofing. If this new system don't include some authentication credentials attached to each campaign, it doesn't seem to ensure that the entity sending a message/call from a given phone number is indeed the "owner" of that phone number.


Why not run it over something like Telegram? The Bot API works well for such use cases.


Telegram would definitely be an option, it's just that neither I nor my family + friends are really on Telegram. I've spent years slowly convincing folks that Signal is The Way™, but unfortunately Signal isn't as amenable to API usage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: