Detect Robocalls with Twilio Lookup, Node.js and the Nomorobo Spam Score Add-on

Time to read: 2 minutes

July 05, 2019
Written by
Tilde Thurium
Twilion

Detect Robocalls with Twilio Lookup, Node.js and the Nomorobo Spam Score Add-on

Robocalls: nobody likes them, except maybe the robots. Twilio is working hard to eliminate robocalls. For the moment we need additional ways of fighting back. Let’s build a tool with Node.js, Nomorobo, and Twilio Lookup to detect robocalls. It’s easier than a Voight-Kampff test, I promise.

Getting Started

What you’ll need:

Nomorobo is a company that maintains a huge database of known spammers and bots, as well as providing a service for filtering out unwanted calls. To take advantage of these features, install the Nomorobo add-on from the Twilio Console. 

Click the install button and agree to the terms of service.  Keep the unique name as nomorobo_spamscore. Under USE IN, check the Lookups box and click Save.

Making The Initial Lookup

Install the Twilio Node helper library from the command line:

npm install twilio

Grab your Twilio account SID and auth token from the console, and set them as environment variables.

Copy the code below into a new file called nomorobo.js. We’re using a Promise here because getting the phone number is asynchronous. Using await in a top-level Node script is currently not recommended.

We’ll use a known robocaller number to test with, in E.164 format -- +19892008374.

const client = require('twilio')(
  process.env.TWILIO_ACCOUNT_SID,
  process.env.TWILIO_AUTH_TOKEN
);

client
  .lookups.phoneNumbers('+19892008374')
  .fetch({addOns: 'nomorobo_spamscore'})
  .then(phoneNumber => console.log(phoneNumber.addOns.results));

Run the code from the command line with:

node nomorobo.js

If all is well your response should look like this:

{ nomorobo_spamscore:
   { status: 'successful',
     request_sid: 'XRcb3d98523ae96ad9869400e22b0da244',
     message: null,
     code: null,
     result: { status: 'success', message: 'success', score: 1 } } }

If your response says “addOn not found”, the Nomorobo add-on might not be installed correctly. Go back to the console and follow the installation instructions again if necessary.

Beep Boop: Detecting Robot Callers

Instead of printing the whole response, we really want to detect whether a particular call is a robot or not. Time to refactor.

First, define a function that takes a phone number. It will return a Promise that wraps a boolean value to indicate whether or not the number belongs to a robocaller. Now that we’re using a function, we can take advantage of async/await for cleaner error handling.

/**
 * Detect whether a number is a robo caller.
 *
 * @param {string} phoneNumber - The number the call is coming from. in e.164 format
 * @return {Promise<boolean>} true if the number belongs to a robocaller
 *
 */
async function isRoboCaller(phoneNumber) {
  try {
    const response = await client
      .lookups.phoneNumbers(phoneNumber)
      .fetch({addOns: 'nomorobo_spamscore'});
    const score = response.addOns.results.nomorobo_spamscore.result.score;
    return score === 1;
  } catch (error) {
    console.log(error);
    return null;
  }
}

We can call it as a standalone script and pass in the phone number as a command line argument. Add a check at the topmost level of the module to kindly prompt the user if they’ve forgotten to pass in the phone number.

if (process.argv.length < 3) {
  console.log('Please provide a phone number in E.164 format like this: +19892008374');
  return;
}

Since our async function returns a Promise-wrapped value, we need to print the value inside a .then() block or our script won’t tell us the result.

const number = process.argv[2];
isRoboCaller(number).then(result => {
  if (result !== null) {
    console.log(`${number} is a robocaller: ${result}`);
  }
})

Try checking some numbers from phone calls you’ve received recently.

node nomorobo.js +18338926626 # an actual spam call I received
+18338926626 is a robocaller: true

node nomorobo.js +14155513000 # San Francisco Water
+14155513000 is a robocaller: false

Hooray - we’ve built a useful little script. Take that, robots.

Of course, you can also export this function for use as part of a larger application. Or you could make it a command-line util with colors and better argument parsing. Check out our guide to writing Node.js CLIs.

Looking Out For Something Real

Twilio Lookup is good for more than identifying bots.  You can also identify unknown phone numbers, add 2-factor authentication to any application, and more.  If you have ideas about how to use Lookup, I’d love to hear about them. I’m @annthurium on Twitter, or hit me up in the comments below.

Related Posts

Related Resources

A newspaper article

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
An Open book

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.
User group reactions

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.