Founder of Blueprint. I help companies stop sending emails nobody wants to read.
The problem with outbound isn't the message. It's the list. When you know WHO to target and WHY they need you right now, the message writes itself.
I built this system using government databases, public records, and 25 million job posts to find pain signals most companies miss. Predictable Revenue is dead. Data-driven intelligence is what works now.
Your GTM team is buying lists from ZoomInfo, adding "personalization" like mentioning a LinkedIn post, then blasting generic messages about features. Here's what it actually looks like:
The Typical Tekelec SDR Email:
Why this fails: The prospect is an expert. They've seen this template 1,000 times. There's zero indication you understand their specific situation. Delete.
Blueprint flips the approach. Instead of interrupting prospects with pitches, you deliver insights so valuable they'd pay consulting fees to receive them.
Stop: "I see you're hiring compliance people" (job postings - everyone sees this)
Start: "Your Tijuana gateway processed 847 SS7 MAP messages with invalid IMSI prefixes on November 12th" (specific gateway, exact date, precise count)
PQS (Pain-Qualified Segment): Reflect their exact situation with such specificity they think "how did you know?" Use verifiable data with dates, record numbers, facility identifiers.
PVP (Permissionless Value Proposition): Deliver immediate value they can use today - analysis already done, deadlines already pulled, patterns already identified - whether they buy or not.
These messages are ordered by quality score (highest first). Each demonstrates precise understanding backed by verifiable data sources.
Alert international gateway operators to specific SS7 signaling anomalies at their exact gateway location with precise message counts and dates. Target carriers operating cross-border signaling infrastructure who face SS7 fraud exposure but lack real-time visibility into suspicious traffic patterns.
SS7 fraud is a massive blind spot for network operations directors. When you name their specific gateway, provide exact message counts, cite a specific date, and identify the technical signature (invalid IMSI prefixes), you're surfacing intelligence they cannot get from their existing monitoring tools. This is exactly what they can't see without better infrastructure.
This play requires network monitoring data showing SS7 anomalies from your existing customer base or threat intelligence feeds, aggregated to show suspicious pattern counts by gateway location.
This is proprietary threat intelligence only you have - competitors cannot replicate this play without similar network visibility.Alert international gateway operators to SS7 traffic anomalies expressed as multiples of their normal baseline. Target carriers with cross-border interconnects who face SIM swap fraud threats but lack baseline traffic analytics to identify when authentication failures spike abnormally.
Providing exact counts is powerful, but showing "23x your normal failure rate" proves you know THEIR specific baseline - not just generic threat data. This demonstrates deep familiarity with their network patterns and positions the threat in context they can immediately assess as urgent.
This play requires baseline traffic analytics for the carrier's gateway to calculate anomaly multiples (e.g., "23x your normal failure rate"), which means historical monitoring data from your platform.
This is proprietary baseline intelligence only you have - competitors cannot calculate these anomaly ratios without similar network monitoring history.Alert international gateway operators to Diameter signaling anomalies (AVP manipulation) at their specific gateway with exact message counts and dates. Target carriers managing Diameter traffic who face credit control fraud but lack deep packet inspection visibility into real-time AVP modifications.
Diameter fraud is more sophisticated and harder to detect than SS7 attacks. When you identify AVP manipulation signatures - a technical detail that proves deep protocol expertise - you're demonstrating knowledge that separates you from generic security vendors. This is the intelligence that keeps CTOs awake at night.
This play requires Diameter protocol monitoring across customer networks or threat intelligence feeds showing AVP manipulation patterns, with geographic correlation to specific gateway locations.
This is proprietary protocol-level intelligence only you have - competitors cannot replicate this without similar Diameter deep packet inspection capabilities.Deliver a complete risk scorecard for all of the recipient's international gateway points, with specific risk scores (e.g., 8.2/10, 7.9/10) showing which locations face highest fraud exposure. Target international gateway operators who need to prioritize security investment across multiple geographic interconnection points.
Security directors struggle to prioritize limited budgets across multiple gateway locations. By inventorying ALL their gateways and providing quantified risk scores, you're delivering immediate strategic value - a prioritization framework they can present to executives today. This is actionable intelligence worth paying for.
This play requires network topology data showing all gateway locations plus threat scoring models based on traffic analysis across your customer base, aggregated to calculate risk scores by location.
This is proprietary risk intelligence only you have - competitors cannot replicate these location-specific scores without similar network visibility.Deliver a 30-day Diameter traffic analysis showing three distinct fraud signatures across the recipient's international gateways, with specific attack types and timeline documentation. Target carriers managing Diameter signaling who need comprehensive threat intelligence but lack tools for cross-gateway pattern correlation.
Most carriers can detect individual anomalies, but correlating patterns across multiple gateways and time periods requires sophisticated analytics. By naming their specific gateways with specific attack types (credit control bypass, subscription profile tampering, location tracking anomalies), you're proving you did real investigative work - not pulling generic threat reports.
This play requires aggregated Diameter traffic analytics and fraud signature detection across your customer base, with 30-day historical analysis capability showing pattern correlation across multiple gateway locations.
This is proprietary cross-gateway intelligence only you have - competitors cannot replicate this multi-signature correlation without similar analytics infrastructure.Deliver a risk breakdown of the recipient's highest-risk international roaming corridors based on aggregated fraud pattern analysis. Target international gateway operators who need to prioritize security investment across multiple geographic routes but lack visibility into comparative corridor risk.
When you name the exact corridors they operate (Mexico-US, Philippines-Middle East, Brazil-Europe) and map fraud vulnerability indicators to those specific routes, you're delivering strategic intelligence they cannot get elsewhere. This helps them allocate security resources geographically - actionable value whether they buy or not.
This play requires aggregated threat intelligence across your customer base showing fraud patterns by geographic corridor, combined with the recipient's roaming agreement data from public sources.
This is proprietary corridor-level intelligence only you have - competitors cannot replicate this geographic risk mapping without similar aggregated threat data.Deliver a risk-scored inventory of all roaming partners based on correlation between partner networks and SS7 fraud incident databases. Target international carriers who need to assess which roaming agreements represent highest security exposure but lack cross-referenced threat intelligence.
Carriers know who their roaming partners are, but they don't know which ones are statistically correlated with fraud incidents. By inventorying their 23 roaming agreements and naming the 5 with highest fraud correlation (with specific risk scores above 7.5/10), you're providing prioritization intelligence they can verify and act on immediately.
This play requires aggregated roaming partner fraud intelligence across your customer base combined with public fraud incident databases, correlated to calculate risk scores by partner network.
This is proprietary partner intelligence only you have - competitors cannot replicate these partner-specific risk scores without similar aggregated threat correlation.Deliver a complete gap analysis showing the 4 specific blockers preventing the carrier from achieving STIR/SHAKEN certification, based on cross-referencing their network topology against STI-PA requirements. Target regional carriers approaching compliance deadlines who lack systematic assessment of their certification readiness.
Most carriers know they need STIR/SHAKEN certification but don't have a clear roadmap showing what's blocking them. By naming the exact gaps (missing testbed registration, incomplete CA enrollment, no SPC token provisioning, undefined call attestation policy), you're providing a checklist they can immediately validate and act on.
This play requires capability to analyze carrier network configurations against STIR/SHAKEN requirements, combined with public STI-PA registry data showing current certification status.
This is proprietary network assessment intelligence only you have - competitors cannot replicate this gap analysis without similar technical evaluation capabilities.Alert regional carriers whose SPC token registration shows "pending" certificate authority enrollment status for 60+ days at STI-PA, indicating stuck validation processes. Target carriers approaching STIR/SHAKEN deadlines who may be unaware their enrollment is stalled and require follow-up with STI-PA.
Operations directors often assume "pending" status means the process is moving forward. When you surface that their enrollment has been stuck since October 15th (60+ days), you're flagging a potential blocker they may not be tracking actively. This is helpful intelligence that prompts immediate follow-up action.
Deliver a detailed blocker list showing the 4 missing components preventing STIR/SHAKEN certification, with timeline impact quantification (8-12 weeks added delay if not addressed). Target regional carriers approaching deadlines who need practical mitigation steps with realistic timeline projections.
By auditing their public STI-PA registry entries AND network architecture (showing you did real research on THEIR carrier), then quantifying the timeline impact (8-12 weeks), you're providing actionable planning intelligence. The promise of "detailed blocker list with mitigation steps" is valuable whether they engage with you or not.
This play requires capability to cross-reference public STI-PA data with network topology analysis to identify specific architectural gaps and estimate remediation timelines.
This is proprietary assessment intelligence only you have - competitors cannot replicate this timeline-impact analysis without similar technical evaluation capabilities.Alert FCC-registered regional wireless carriers who have no active STIR/SHAKEN testbed registration with ATIS before the June 30th compliance deadline. Target carriers facing interoperability validation requirements who are running out of time to complete testbed participation and certificate authority enrollment.
When you check the STI-PA registry and find zero testbed entries for their carrier network as of today, you're surfacing a verifiable gap they can confirm in under 60 seconds. The June 30th deadline creates urgency, and the easy routing question makes it simple to reply without committing to anything.
Alert carriers whose STI-PA public registry shows zero testbed entries as of today, with timeline pressure calculation showing 45-60 days minimum needed for validation. Target regional carriers approaching compliance deadlines who need immediate testbed registration to avoid certification delays.
By pulling the STI-PA public registry "as of today" and confirming zero testbed entries, you're providing verifiable current-state intelligence. The 45-60 day timeline adds helpful context showing they're cutting it close, and the routing question makes it easy to engage without sales pressure.
Old way: Spray generic messages at job titles. Hope someone replies.
New way: Use public and proprietary data to find carriers in specific painful situations. Then mirror that situation back to them with evidence.
Why this works: When you lead with "Your Tijuana gateway processed 847 SS7 MAP messages with invalid IMSI prefixes on November 12th" instead of "I see you're hiring for security roles," you're not another sales email. You're the person who did the homework.
The messages above aren't templates. They're examples of what happens when you combine real data sources with specific situations. Your team can replicate this using the data recipes in each play.
Every play traces back to verifiable data sources. Here are the sources used in this playbook:
| Source | Key Fields | Used For |
|---|---|---|
| FCC Form 499 Filer Database | company_legal_name, communications_service_type, service_jurisdictions, fcc_filer_id | Carrier registration verification and service type classification |
| ATIS Robocalling Testbed Participant Registry | testbed_participant_name, test_sessions_completed, stir_shaken_implementation_version | STIR/SHAKEN compliance progress and testbed participation status |
| STI-PA Public Registry | service_provider_code, certificate_authority_status, enrollment_date, testbed_validation | STIR/SHAKEN certification status and timeline tracking |
| GSM Association IR.21 Roaming Database | roaming_partner_networks, interconnection_agreements, signaling_protocols_supported | International gateway operator identification and roaming corridor mapping |
| Company Internal Data (Network Monitoring) | ss7_map_messages, diameter_avp_analysis, fraud_attempt_logs, gateway_traffic_baselines | Real-time signaling anomaly detection and fraud pattern correlation |
| Company Internal Data (Network Topology) | gateway_locations, signaling_infrastructure, network_architecture, certification_readiness | Network architecture assessment against compliance requirements |