But it still does NOT require that you open the SIP ports on the router for incoming connections, as the ITSP doesn't connect back TO the Obi device (or any other SIP client) using the typical SIP ports (5060,5061).
The way it works is as follows:
a) The Obi client firmware opens a random high port on it's hardware (NOT 5060 or 5061). Lets say it's 11111 for this example
b) It then initiates and makes an OUTBOUND connection to the SIP port (5060, or 5061 usually) on the ITSP's server. Let's say it's 5060 for this example.
c) If it succeeds, the ITSP server software opens a random high port on it's hardware. Lets say it's 22222 for this example
d) Then, the ITSP and the Obi negotiate a random ephemeral port for the connection for the ITSP to the Obi. (Lets say they chose 33333)
So in this EXAMPLE, the connections are as follows:
Obi's port 11111 is connected to the ITSP server's port 5060
ITSP's port 22222 is connected to the Obi's port 33333
i.e. At no point is a SIP port (5060, or 5061) open or needed on the Obi hardware. (It's only open on the ITSP's server)
Thus, to get back to the OP, if they are getting phone spam and it's not coming via his phone ITSP's, then their Obi must have the SIP ports open and exposed to the internet.