Understanding STIR/SHAKEN
Note: This topic does not constitute legal advice and may not include the most up-to-date regulatory or technical information. You should contact your counsel regarding the legal impacts of STIR/SHAKEN on your company.
While consumers deal with spam calls or potential scams, businesses are concerned their calls aren’t getting through to their customers due to spam tagging or customers not picking up for unrecognized numbers.
Communications providers have been working to fight telephone fraud by using analytics engines to block or tag suspected illegal calls. There has also been support from Congress, such as the passing of the TRACED Act in 2019, which attempts to shed light into true caller identity and requires communications providers to implement a framework known as STIR/SHAKEN by June 30, 2021.
While there is a lot to understand about the nuts and bolts of STIR/SHAKEN, we wanted to provide some information on the key things you need to know, how it impacts your business, and what IntelePeer is doing for our customers.
Note: To learn more about our plans for STIR/SHAKEN or address any questions you may have, please reach out to your dedicated IntelePeer account rep or contact us today.
If STIR/SHAKEN is not the magic wand to prevent spam and fraud mis-tagging, what is? IntelePeer offers Reputation management services specifically to help legitimate enterprises avoid this problem. These services allow you to prevent, monitor, and correct mis-tagging.

STIR/SHAKEN stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted Information Using toKENs. It’s a set of standards enabling the originating service provider to pass along identifying information such as attestation level to the terminating service provider to demonstrate whether the source of a call is legitimate or not.

Attestation is the originating service provider’s level of confidence that a call’s calling party number is being used by an authorized caller. While it may look like a report card, the attestation levels indicate if the source of the call is known or unknown to the service provider.
Here’s a look at the different types and how IntelePeer applies attestation to calls over our network:
Level | Industry Standard (ATIS) Definition | IntelePeer will assign if |
---|---|---|
Full Attestation (A) | The service provider knows which customer originated the call and knows that customer is authorized to use the calling party number. | Enterprise traffic where the call uses an IntelePeer-assigned phone number, a number that was ported to IntelePeer, or a number where IntelePeer performs all or some of the inbound routing. |
Partial Attestation (B) | The service provider knows which customer originated the call but does not know whether the customer is authorized to use the calling party number. | Enterprise traffic where the call uses a calling party number that is unknown to IntelePeer. |
Gateway Attestation (C) | The service provider does not know which customer originated the call, only from where it received the call, such as from an international gateway. | IntelePeer does not assign C attestation to enterprise traffic (since IntelePeer knows the customer). IntelePeer will apply C only to unsigned traffic received from another network. |
You may be using a legitimate and authorized number unknown to IntelePeer and want to make sure your calls receive the A level attestation. This is known in the industry as the attestation gap. While B attestation typically doesn’t impair call completion, we have methods to elevate the attestation so you are compliant with industry standards and won’t require you to port your numbers to our network.

Terminating service providers use analytic engines to detect suspicious call patterns to try to stop fraudulent calls and illegal robocalls. For suspicious calls, the analytic engines may block the traffic, send it direct to voicemail based on the preferences set by the called party, or simply generate a warning as part of the Caller ID display (that is, Spam Risk).
Using analytics to identify and block calls has been in place before STIR/SHAKEN. Now with STIR/SHAKEN in the mix, analytics engines may incorporate it as one of the factors included in the evaluation. Even calls with A attestation could be blocked if other criteria tag the call as suspicious. It’s important to note IntelePeer does not use analytics to block your outbound or inbound calls.

The good news is that there are a few things you can do with your calling party number to help make sure your legitimate calls get through:
-
Make sure you are populating the calling party number with either a full 10-digit phone number, or an E.164 number including the leading +1. Don’t use an abbreviated phone number or an internal extension, and don’t leave the field blank.
-
The calling party number should be a working, dialable phone number. This means if someone calls the number back, they should be connected.
-
Register your calling party numbers with the leading analytic engines for wireless service providers at Free Caller Registry. Helping these engines recognize your company’s phone numbers can enable your calls to receive more accurate treatment.

IntelePeer is actively implementing STIR/SHAKEN and will apply it to all traffic originating from SIP trunks or CPaaS (SmartFlows and Engage). IntelePeer has received its STIR/SHAKEN SPC token from the Secure Telephone Identity Policy Administrator (STI-PA), which is granted to service providers who qualify under the policy to participate in the STIR/SHAKEN ecosystem. We are listed as an Authorized Service Provider on the STI-PA’s website. We are on track to comply with the FCC’s deadline of June 30, 2021. Most customers don’t need to make any changes to their equipment. In the rare case you aren’t populating your numbers in a way that adheres to certain requirements, one of our engineers will contact you to address it.
As a trusted communications provider to enterprises, IntelePeer has zero tolerance for unlawful robocalls and has implemented multiple processes to prevent and address fraud on our network. We collaborate with industry regulators and the Industry Traceback Group (ITG) to be a part of the solution against scams.

Many enterprises and other organizations have difficulty reaching their customers, prospects, and other contacts, due to the growing rate of robocalls that have left many consumers reluctant to answer any call from an unrecognized number. Terminating voice networks use analytics platforms to identify suspicious calling patterns and tag them as spam, fraud, and more. Unfortunately, those platforms can also mark legitimate calls incorrectly, causing the call to be blocked in the network. Even when the numbers aren’t outright blocked, they can be presented to the consumer with a scam or spam warning.
Enterprises are upset and mystified that mis-tagging is occurring, especially if they are aware of FCC requirements and industry news surrounding STIR/SHAKEN. Press releases and news stories touted the STIR/SHAKEN implementation deadline of June 30, 2021, as the beginning of the end for robocallers. Unfortunately, June 30 has come and gone, and legitimate calls are still being mis-tagged. Even if STIR/SHAKEN hasn’t been sufficient to stop the robocallers, shouldn’t it at least stop the mis-tagging of legitimate calls? Regrettably, no. In fact, STIR/SHAKEN wasn’t intended to replace the analytic platforms and AI (artificial intelligence) algorithms that tag suspicious–and sometimes legitimate–calls. So, why doesn’t STIR/SHAKEN prevent legitimate calls from inaccurate spam tagging?

However, STIR/SHAKEN doesn't assess whether the number is blatantly untrustworthy.
As we mentioned earlier, STIR/SHAKEN uses letter grades A, B, and C to indicate the level of trust the originating or transit network has in the calling party number. These trust levels are:
-
Full Attestation (A)
-
Partial Attestation (B)
-
Gateway Attestation (C)
A attestation means the voice service provider knows that the customer originating the call is authorized to use the calling party number. The other attestation levels mean the service provider has less information about the customer and the calling party number. B and C attestation do not indicate untrustworthiness. Frequently, calls receive B or C attestation even when the calling party number is used legally and properly (e.g., an enterprise who uses multiple providers for route diversity or least cost routing will get B attestation when they route their legitimate number through the alternate providers).

The STIR/SHAKEN attestations relate to the calling party number, helping to demonstrate if the caller is permitted to use this calling party number. STIR/SHAKEN does not assess whether the caller or the call itself is trustworthy. Assessing caller trustworthiness is managed by analytic platforms, which conduct risk assessments on the call itself.
Callers who steal or impersonate calling party numbers should not be trusted; we also need to fear scammers and spammers who use their own phone numbers. Even if the phone number is real and trustworthy (and has A attestation), the call may be made by a scammer or spammer and might not be safe. The analytic platforms need to go beyond STIR/SHAKEN to make this assessment.

That’s right, many of these nuisance calls are legal! STIR/SHAKEN was motivated by the unlawful use of spoofed phone numbers.
Similarly, the FCC authorizes networks to block unlawful traffic. That still leaves many legal, unwanted calls being delivered to consumers. For example, if telemarketers respect the Do Not Call Registry, consent and opt-out rules, and other FCC and FTC regulations, then their mass calling campaigns are not unlawful.
Analytic platforms try to protect consumers from these calls with labels like spam. In addition, the analytic platforms often cannot make real-time distinctions between unlawful vs. unwanted calls. If it is not obvious the call is fraudulent, then the call will be marked as spam. STIR/SHAKEN is of limited value for this purpose.

The June 2021 STIR/SHAKEN deadline did not apply to the entirety of the voice network. It applied only to domestic calls routed entirely over SIP connections.
-
Many networks still use non-SIP SS7 signaling. If the originating network transmits a STIR/SHAKEN “A” attestation, the STIR/SHAKEN information will be completely dropped (or possibly dropped and regenerated as a “C in transit) if the call encounters an SS7 leg in the call path.
-
International calls are not required to implement STIR/SHAKEN. (Much of the fraudulent use of USA phone numbers originates overseas.)
-
Some SIP-based service providers have extensions from the FCC and have not yet implemented STIR/SHAKEN.

As described previously, legitimate calls may arrive at the terminating network with STIR/SHAKEN A, B, or C attestation, or with no STIR/SHAKEN at all. The same is true for illegitimate calls. Thus, call analytic platforms cannot use STIR/SHAKEN by itself to distinguish suspicious vs. legitimate traffic. (In fact, we’ve seen cases where the originating network assigned A attestation, but the terminating networks still mislabeled the call as spam.)
Instead, STIR/SHAKEN becomes one more factor the analytic platforms can use in conjunction with their other data when evaluating traffic. For example, if the other factors are indecisive, then a STIR/SHAKEN “A” can tip the scales in favor of the call being trusted. But if the other factors are negative, then a STIR/SHAKEN A probably won’t be sufficient to counteract spam tagging. Similarly, if there are no other negative factors, then a STIR/SHAKEN C or no STIR/SHAKEN at all would not result in spam tagging.