Telstra blocking 30k malicious domains a month

Telstra is currently blocking around 30,000 malicious domains a month as part of its

“Cleaner Pipes” program. The telco in 2020 first detailed its DNS filtering initiative after

a 12-month trial that sought to protect customers from malware.

Yesterday the telco’s chief information security officer Narelle Devine

revealed that a companion project targeting SMS phishing had notched

up a new milestone and was blocking more than 1500 malicious texts a


Since Telstra launched its SMS scam filter in April it has blocked

more than 185 million malicious text messages, the telco said.

“So Telstra is blocking scam text messages now at a network level before

they even reach your mobile device and after spending some time fine tuning the

technology we’ve now rolled that out to every customer on Telstra’s network which

means less scam texts reaching you,” Devine said.

The CISO added: “The actual capability is complex and it’s constantly evolving. But

in really simple terms, we’re applying knowledge of what the scam messages look like

to block them at a network level. So we have automatic machine scanning and it picks

out suspicious content such as malicious links and other characteristics like time,

sender and recipient. So if a message looks suspicious, we’ll block it before it reaches


Telstra said that it had also stopped more than 200 million scam calls from reaching

customers since the mid-2021 rollout of a new blocking feature.

The SMS phishing milestone followed the federal government in November 2021

changing rules to telecommunications interception regulations to effectively enable

telcos to scan texts for malicious contents.

The change, signed by former Home Affairs Minister Karen Andrews, allowed a

court to take into account the interception of a communication by a telco employee

“for the purposes of identifying and blocking malicious SMS messages” when determining

if the interception is reasonably necessary.

The update to the regulations defined a malicious SMS message as one that

“contains a link or a telephone number” and is meant to mislead the recipient into using

that link or number, with them “likely to suffer detriment as a result”.

For further details, follow the link below: