AWS sms-voice high security documentation change
Summary
Expanded documentation for SMS Protect capabilities, including detailed rule modes (Allow/Block/Monitor/Filter), phone number exceptions, message feedback integration, and added warnings about AIT risk model limitations and costs.
Security assessment
The changes explicitly address combating SMS Pumping (AIT), a security threat involving bot-driven SMS fraud. The addition of risk evaluation modes (Monitor/Filter), phone number blocking rules, and disclaimers about model accuracy directly relate to mitigating security risks. The documentation now emphasizes protection against artificially inflated traffic attacks.
Diff
diff --git a/sms-voice/latest/userguide/protect.md b/sms-voice/latest/userguide/protect.md index a332382b8..8785439bf 100644 --- a//sms-voice/latest/userguide/protect.md +++ b//sms-voice/latest/userguide/protect.md @@ -7 +7 @@ -Protect is a set of capabilities that allow you to send SMS messages to countries where your customers are and monitor your message deliveries. You can use all of the protect features to help protect against Artificially inflated traffic (AIT). For example: +Protect is a set of capabilities that help you to manage SMS message deliveries to all countries where your customers are located, helping you to combat Artificially Inflated Traffic (AIT). SMS AIT (or SMS Pumping) occurs when bots target web and mobile applications, especially workflows that trigger immediate SMS sends like login or sign-up processes. Protect lets you set rules at the account level, by country, or by use case (such as transaction alerts vs. authentication). These rules instruct how End User Messaging evaluates risk and delivers your messages. With SMS Protect, you can set configurations to: @@ -9 +9 @@ Protect is a set of capabilities that allow you to send SMS messages to countrie - * You can create a protect configuration and set the country rule mode to block all destination countries except the ones you want to send SMS or MMS messages to. For the countries you want to send messages to you can set the country rule mode to allow messages. + * Create protect configurations – These are containers for your rules, where blocking decisions are made. Create separate configurations for different use cases to optimize protection. Set rules at the account level or for specific use cases. To apply protect configurations, reference them when making API calls by either adding the _ProtectConfigurationId_ parameter to `SendTextMessage`, `SendMediaMessage`, or `SendVoiceMessage` API requests, or by associating it with the SMS configuration set you send messages with. @@ -11 +11 @@ Protect is a set of capabilities that allow you to send SMS messages to countrie - * If a valid phone number is blocked you can use [phone number override rules ](./protect-rule-override.html#protect-rule-override.title)to make an allow exception for the phone number. You can also add rules to block specific phone numbers too. + * Set country rules – Within each [protect configuration](./protect-configuration.html), define country-specific rules. Choose from: @@ -13 +13 @@ Protect is a set of capabilities that allow you to send SMS messages to countrie - * Use [message feedback](./message-feedback.html#message-feedback.title) to track if customers are performing actions from messages they received. For example if you send a user a trackable link and then once the link is opened you know the message has been received. You could also use this to know if a user has received and used a one time password (OTP). + * Allow (service default) – Permits all messages. @@ -15 +15,22 @@ Protect is a set of capabilities that allow you to send SMS messages to countrie - * Use [protect configuration monitoring](./filter-and-monitor-messages-monitor.html#filter-and-monitor-messages-monitor.title), an [event destination](./configuration-sets-event-destinations.html#configuration-sets-event-destinations.title), and CloudWatch to monitor your message deliveries and create alarms. + * Block – Prevents all messages to the specified country. + + * Monitor – Allows messages while informing you of AIT risk (additional cost applies). + + * Filter – Allows messages but blocks those identified by our risk model (additional cost applies). + + * Manage phone number exceptions – Use [phone number rule overrides](./filter-and-monitor-messages.html) to create allow exceptions for protect blocked numbers or block specific numbers that would otherwise be allowed. + + * Implement message feedback – Track customer engagement with [message feedback API](./message-feedback.html). For example, use trackable links to confirm message receipt or monitor usage of one-time passwords (OTPs). + + * Enable monitoring and alerting – Utilize protect [metrics and dashboards](./filter-and-monitor-messages-monitor.html), event destinations, and CloudWatch to oversee message AIT risk and deliveries. + + + + +###### Important + + * Messages using “monitor” or “filter” mode incur additional charges for AIT risk evaluation. See [pricing for details](https://aws.amazon.com/end-user-messaging/pricing/). + + * Protect’s filter and monitor modes use statistical models that generate AIT risk predictions based on patterns in data. We are always working to improve these models, but as with any such models, the accuracy of their predictions is not guaranteed (e.g., there is a chance that legitimate SMS messages may be flagged as an AIT risk). + + * Filter and monitor modes are designed to help you mitigate the impacts of AIT, but do not guarantee complete protection from AIT. We recommend using additional safeguards on your web and mobile applications for well- rounded AIT protection.