Block Spam Calls and Robocalls with Node.js

January 10, 2017
Written by
Samuel Mendes
Contributor
Opinions expressed by Twilio contributors are their own
Reviewed by
Paul Kamp
Twilion
Kat King
Twilion
Jose Oliveros
Contributor
Opinions expressed by Twilio contributors are their own

block-spam-robocalls-node

Spam, scams, and robocalls are at best annoying. For high-volume customer service centers, they can significantly impact the bottom line. Let’s leverage the Twilio Marketplace and our Node.js skills to block spam callers, robocallers, and scammers.

Before getting started, you should already know how to handle incoming calls with Twilio.

Get a Spam Filtering Add-on

The Twilio Add-ons Marketplace is a great place to find Add-ons for your Twilio apps. You can integrate third-party technologies without leaving the comfort of the Twilio API. You can access the Add-ons from your Twilio Console. Today, we’re going to look at two Voice Add-ons that can help us with this spam problem: Marchex Clean Call, and Nomorobo Spam Score.

Installing the Add-on

Once you’ve decided on the Add-on you’d like to use, click the Install button and agree to the terms. In our use case today, we want to make use of these Add-ons while handling incoming voice calls, so make sure the Incoming Voice Call box for Use In is checked and click Save to save any changes:

Marchex Clean Call Add On Twilio Console Screenshot- use in Incoming Voice Call box checked

Note the “Unique Name” setting. You need to use this in the code that you will write to read the Add-on’s results. In the code for this guide, we are sticking with the default names.

Check Phone Number Score in Node.js

When Twilio receives a phone call from your phone number, it will send details of the call to your webhook (more on how to configure that later). In your webhook code, you create a TwiML response to tell Twilio how to handle the call.

For spam-checking, our code needs to check the spam score of the number and deal with the call differently depending on whether the Add-on considers the caller to be a spammer or not. In our example code here, we’ll return a <Reject> TwiML tag to send spammers packing and a <Say> TwiML tag to welcome legit callers.

The code is a simple Express application:

Editor: this is a migrated tutorial. Clone the original code at https://github.com/TwilioDevEd/block-spam-calls-node

'use strict';

var express = require('express');
var bodyParser  = require("body-parser");
var VoiceResponse = require('twilio').twiml.VoiceResponse;
var dig = require('node-dig');


function App(){
  var app = express();

  app.use(bodyParser.urlencoded({extended: true}));

  app.post('/', function (req, res) {
    var twiml = new VoiceResponse();
    var blockCalls = false;

    const addOns = 'AddOns' in req.body && JSON.parse(req.body['AddOns']);
    if (addOns && addOns['status'] === 'successful') {        var results = addOns['results'];
      blockCalls = should_be_blocked_by_marchex(results['marchex_cleancall']) ||
        should_be_blocked_by_nomorobo(results['nomorobo_spamscore']) ||
        should_be_blocked_by_whitepages(results['whitepages_pro_phone_rep']);
    }

    if (blockCalls) {
      twiml.reject();
    } else {
      twiml.say('Welcome to the jungle.');
      twiml.hangup();
    }

    res.writeHead(200, {'Content-Type': 'text/xml'});
    return res.end(twiml.toString());
  });

  var should_be_blocked_by_nomorobo = function(nomorobo) {
    if (!nomorobo || nomorobo['status'] !== 'successful') {
      return false;
    }

    return dig(nomorobo, ['result', 'score']) == 1;
  }

  var should_be_blocked_by_whitepages = function(whitepages) {
    debugger
    if (!whitepages || whitepages['status'] !== 'successful') {
      return false;
    }

    return whitepages.result.reputation_level >= 4
  }

  var should_be_blocked_by_marchex = function(marchex) {
    if (!marchex || marchex['status'] !== 'successful') {
      return false;
    }

    return dig(marchex, ['result', 'result', 'recommendation']) === 'BLOCK';
  };

  return app;
}

if (process.env.NODE_ENV !== 'test') {
  App().listen(3000, function () {
    console.log('Block Spam Calls listening on port 3000!')
  })
}

module.exports = App

Notice the code has checks for both of the Add-ons we mentioned before. The code is written to be very flexible and handle missing data in the JSON response, so feel free to copy and paste even if you only plan to use one of the Add-ons. Next, we'll analyze this application in more details.

How to Check Marchex Clean Call

Here’s an example of what Marchex Clean Call will return:

{
  "status": "successful",
  "message": null,
  "code": null,
  "results": {
    "marchex_cleancall": {
      "request_sid": "XRxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "status": "successful",
      "message": null,
      "code": null,
      "result": {
        "result": {
          "recommendation": "PASS",
          "reason": "CleanCall"
        }
      }
    }
  }
}

How to Check Nomorobo Spam Score

Here’s an example of what Nomorobo Spam Score will return:

{
  "status": "successful",
  "message": null,
  "code": null,
  "results": {
    "nomorobo_spamscore": {
      "request_sid": "XRxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "status": "successful",
      "message": null,
      "code": null,
      "result": {
        "status": "success",
        "message": "success",
        "score": 0
      }
    }
  }
}

Making a block call decision

In our example, unanimity is required for accepting a call. So we look at the advice from each Add-on, and if even one of them tells us to block it, we'll reject the call.

'use strict';

var express = require('express');
var bodyParser  = require("body-parser");
var VoiceResponse = require('twilio').twiml.VoiceResponse;
var dig = require('node-dig');


function App(){
  var app = express();

  app.use(bodyParser.urlencoded({extended: true}));

  app.post('/', function (req, res) {
    var twiml = new VoiceResponse();
    var blockCalls = false;

    const addOns = 'AddOns' in req.body && JSON.parse(req.body['AddOns']);
    if (addOns && addOns['status'] === 'successful') {        var results = addOns['results'];
      blockCalls = should_be_blocked_by_marchex(results['marchex_cleancall']) ||
        should_be_blocked_by_nomorobo(results['nomorobo_spamscore']) ||
        should_be_blocked_by_whitepages(results['whitepages_pro_phone_rep']);
    }

    if (blockCalls) {
      twiml.reject();
    } else {
      twiml.say('Welcome to the jungle.');
      twiml.hangup();
    }

    res.writeHead(200, {'Content-Type': 'text/xml'});
    return res.end(twiml.toString());
  });

  var should_be_blocked_by_nomorobo = function(nomorobo) {
    if (!nomorobo || nomorobo['status'] !== 'successful') {
      return false;
    }

    return dig(nomorobo, ['result', 'score']) == 1;
  }

  var should_be_blocked_by_whitepages = function(whitepages) {
    debugger
    if (!whitepages || whitepages['status'] !== 'successful') {
      return false;
    }

    return whitepages.result.reputation_level >= 4
  }

  var should_be_blocked_by_marchex = function(marchex) {
    if (!marchex || marchex['status'] !== 'successful') {
      return false;
    }

    return dig(marchex, ['result', 'result', 'recommendation']) === 'BLOCK';
  };

  return app;
}

if (process.env.NODE_ENV !== 'test') {
  App().listen(3000, function () {
    console.log('Block Spam Calls listening on port 3000!')
  })
}

module.exports = App

Call Handling Options

Rejection Options

Using <Reject> is the simplest way to turn away spammers. However, you may want to handle them differently. The whole universe of TwiML is open to you. For example, you might want to record the call, have the recording transcribed using another Add-on, and log the transcription somewhere for someone to review.

Call Accept Options

For this example, we’re just greeting the caller. In a real-world scenario, you would likely want to connect the call using <Dial> (to call another number or Twilio Client), <Enqueue> the call to be handled by TaskRouter, or build an IVR using <Gather>.

Configuring a Phone Number Webhook

Now we need to configure our Twilio phone number to call our application whenever a call comes in. So we just need a public host for our application. You can serve it any way you like as long as it's publicly accessible or you can use ngrok to test locally.

Armed with the URL to the application, open the Twilio Console and find the phone number you want to use (or buy a new number). On the configuration page for the number, scroll down to "Voice" and next to "A CALL COMES IN," select "Webhook" and paste in the function URL. (Be sure "HTTP POST" is selected, as well.)

Webhook - ngrok - root

Everything is set up now, you can pick up your phone and call your Twilio number. Hopefully, if you are not a spammer your call should be accepted and you should hear the greeting.

Testing a Blocked Call

You can quickly call your Twilio number to make sure your call goes through. However, how can we test a blocked spam result? The easiest way is to write some unit tests that pass some dummied up JSON to our controller action. For example, if we wanted to test a Nomorobo “BLOCK” recommendation, we could use the following JSON:

{
  "status": "successful",
  "message": null,
  "code": null,
  "results": {
    "nomorobo_spamscore": {
      "request_sid": "XRxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "status": "successful",
      "message": null,
      "code": null,
      "result": {
        "status": "success",
        "message": "success",
        "score": 1
      }
    }
  }
}

What’s Next?

As you can see, the Twilio Add-ons Marketplace gives you a lot of options for extending your Twilio apps. Next, you might want to dig into the Add-ons reference or perhaps glean some pearls from our other Node.js tutorials. Wherever you’re headed next, you can confidently put spammers in your rearview mirror.