URL Scanner and Data Export to CDR: New Features of the EW SMS Firewall
27 march 2025
The latest enhancements to the EW SMS Firewall allow our clients to block SMS phishing, export data for reconciliation with partners in a convenient format, monitor key metrics in real time, and more. Discover the details below.
EW SMS Firewall is a solution designed to monetize A2P traffic and combat SMS attacks and spam.
Our clients receive daily reports detailing the number of links found in messages and the URLs they contain
Previously, the EW SMS Firewall supported uploading whitelists of up to 1 million numbers. However, when one of our clients needed to add 1.5 million numbers, the system experienced a significant increase in the load, which had a negative impact on its performance.
The Eastwind team is currently working on enabling the system to efficiently process whitelists of up to 5–10 million numbers
Users can now add comments to any actions involving lists and rules. This makes it easy to understand the reason behind a change whenever needed
Previously, the EW SMS Firewall did not support CDR export, so our clients relied on billing systems for reconciliation. However, this approach was inconvenient: billing is primarily designed for charging subscriber services, and its formats and data presentation complicate the analysis of settlements with partners. In addition, generating reports from billing could impact system performance.
Operators can use the CDR file to generate reports for specific partners, with the ability to customize the report content and format to suit their needs.
The EW SMS Firewall has also received a range of additional enhancements that improve usability and performance. For instance, it now supports the XUDT format for segmenting large messages within the SCCP subsystem — in addition to TCAP and MAP segmentation. This means that all SMS traffic, with no exception, now passes through the EW SMS Firewall.
We’ve also sped up the generation of reports and dashboards. There’s no longer a need to export them one at a time — tasks can now be run in parallel.
Moreover, for one of our clients, we integrated the EW SMS Firewall with the Prometheus monitoring system and the Grafana visualization platform, enabling centralized monitoring of system health and performance.
Dashboards showing the status of the anti-fraud system servers and operator’s network can now be viewed directly within the EW SMS Firewall interface
Some of the updates mentioned above were developed in response to client requests. Others were introduced on the initiative of our traffic monitoring experts. Their mission is to ensure the solution delivers maximum value to our clients. As part of our Managed Services, they continuously update blacklists and whitelists, identify emerging fraud schemes, and fine-tune traffic filtering rules. This proactive approach helps operators effectively monetize A2P traffic while increasing subscriber loyalty by protecting them from spam and attacks.
Learn more about what EW SMS Firewall can do
More News
EW SMS Firewall is a solution designed to monetize A2P traffic and combat SMS attacks and spam.
URL Scanner for Smishing Detection
Task
Smishing is a type of SMS attack where fraudsters send messages containing phishing links to steal subscribers’ confidential information. Previously, the EW SMS Firewall did not protect operators’ networks from this kind of threat. It was focused on blocking only “gray” A2P traffic, SMS spam, and attacks such as SMS Flooding, MT Faking, and MO Spoofing. However, between 2020 and 2022, the global FluBot smishing campaign emerged, driving us to begin developing a URL scanner.Once the URL scanner was ready, we analyzed the SMS traffic of one of our clients and, over the course of a month, identified over 1,000 messages containing phishing links. The mobile operator then decided to implement the URL scanner to protect its subscribers from fraud and strengthen customer loyalty.During the FluBot attack, scammers sent messages to subscribers impersonating a package delivery service. To view the tracking number, recipients were prompted to click a link in the SMS. Once they did, they were either tricked into downloading a malicious app or redirected to a phishing site where they unknowingly disclosed passwords to their mobile banking apps and other personal information. As a result, the attackers gained access to the personal data of 10 million subscribers across 30 countries.
Solution
Now, all links in SMS are automatically checked against two databases of malicious websites: URLhaus and Google Web Risk. If the system detects that a link matches a URL from either database, the EW SMS Firewall will, depending on the configured settings, either block the message entirely or allow it through with a phishing link mark.Our clients receive daily reports detailing the number of links found in messages and the URLs they contain
Optimized Whitelist Processing
Task
Mobile operators use whitelists to exempt high-LTV subscribers from message blocking, even if their messages appear suspicious to the anti-fraud system.Previously, the EW SMS Firewall supported uploading whitelists of up to 1 million numbers. However, when one of our clients needed to add 1.5 million numbers, the system experienced a significant increase in the load, which had a negative impact on its performance.
Solution
We redesigned the system’s code and moved whitelist processing to a separate thread, isolating it from the core functions to prevent slowdowns. As a result, the EW SMS Firewall can now handle up to 1.5 million whitelisted numbers without compromising the performance.The Eastwind team is currently working on enabling the system to efficiently process whitelists of up to 5–10 million numbers
Logging and Commenting on Rule Changes
Task
Previously, the EW SMS Firewall did not track the history of changes made to blacklists, whitelists, or traffic filtering rules. For example, the system didn’t log who added a number to the blacklist, when it was added or why. This created issues when subscribers contacted their operator to find out why their number had been blocked — there was simply no record to reference. As a result, subscribers were often left without a clear explanation, which could affect their trust and loyalty.
Solution
The EW SMS Firewall now logs all changes to blacklists, whitelists, and filtering rules. At any time, it’s possible to view when and by whom a number was added, removed, or a rule template was modified.Users can now add comments to any actions involving lists and rules. This makes it easy to understand the reason behind a change whenever needed
Data Export to CDR
Task
CDR (Call Detail Record) files contain detailed information about message parameters: sender, recipient, date, time, and delivery status. Operators use this data to reconcile services provided with reports from SMS aggregators and content providers.Previously, the EW SMS Firewall did not support CDR export, so our clients relied on billing systems for reconciliation. However, this approach was inconvenient: billing is primarily designed for charging subscriber services, and its formats and data presentation complicate the analysis of settlements with partners. In addition, generating reports from billing could impact system performance.
Solution
We’ve added CDR export functionality to the EW SMS Firewall. Now, a single file compiles detailed data on both received and sent messages.Operators can use the CDR file to generate reports for specific partners, with the ability to customize the report content and format to suit their needs.
Other Updates
The EW SMS Firewall has also received a range of additional enhancements that improve usability and performance. For instance, it now supports the XUDT format for segmenting large messages within the SCCP subsystem — in addition to TCAP and MAP segmentation. This means that all SMS traffic, with no exception, now passes through the EW SMS Firewall.
We’ve also sped up the generation of reports and dashboards. There’s no longer a need to export them one at a time — tasks can now be run in parallel.
Moreover, for one of our clients, we integrated the EW SMS Firewall with the Prometheus monitoring system and the Grafana visualization platform, enabling centralized monitoring of system health and performance.
Dashboards showing the status of the anti-fraud system servers and operator’s network can now be viewed directly within the EW SMS Firewall interface
Some of the updates mentioned above were developed in response to client requests. Others were introduced on the initiative of our traffic monitoring experts. Their mission is to ensure the solution delivers maximum value to our clients. As part of our Managed Services, they continuously update blacklists and whitelists, identify emerging fraud schemes, and fine-tune traffic filtering rules. This proactive approach helps operators effectively monetize A2P traffic while increasing subscriber loyalty by protecting them from spam and attacks.
Learn more about what EW SMS Firewall can do