The Inner Workings of STIR/SHAKEN and Commio Attestation

Michael Tindall

According to the Federal Communications Commission (FCC), Americans receive roughly 4 billion robocalls every month – almost half of which are unwanted telemarketing and spam – the perpetrators many times using caller ID spoofing to trick us into picking up the call. Caller ID authentication provides a common information-sharing language between networks to verify caller ID information, which can then be used by robocall blocking tools and FCC investigators, as well as consumers, trying to judge if an incoming call is legitimate. 

Most people involved in the provision of their company’s telecommunications know STIR/SHAKEN is a set of technology standards mandated by the FCC designed to address the scourge of illegal robocalls, spam, and number spoofing. STIR/SHAKEN works by requiring voice providers like Commio to “attest” to the source of each call, including the caller’s business name, phone number, and more, to establish a call’s legitimacy.

As of the writing of this post, a majority of interconnect VoIP service providers are required to have fully implemented STIR/SHAKEN and provide attestation for all the calls that originate from their network – which means we’re all receiving fewer car warranty calls from fake numbers, and more. However, we still hear a lot of questions about what the levels of attestation mean and how they’re assigned. Hopefully this article will provide clarity. We’ll also look at how analytical software can affect whether a call is delivered despite the level of attestation.

An Overview of Attestation at Commio and Beyond

In the STIR/SHAKEN legislation, service providers like Commio are vetted and certified to provide call attestation based on whether the caller is a customer and the provider knows the number being used. Attestation must be one of three levels: “A” (full), “B” (partial), or “C” (gateway). Here’s what they mean and how we apply them.

Attestation Level Definition Commio Attestation
A (full attestation) The service provider knows the customer and their right to use a given number The caller is a Commio customer, utilizing a phone number that was acquired from Commio
B (partial attestation) The service provider knows the customer, but is unsure where the customer got the phone number The caller is a Commio customer who is:

  • Using a phone number acquired from another provider, Or
  • A third-party call- or contact center using a phone number from an enterprise, Or
  • “Calling on behalf of” (COBO) a personal device, using a mobile number, Or
  • Using the number of another business for legitimate purposes
C (gateway call) The service provider originates the call onto the network, but doesn’t know the call source (the caller is not a customer and the number isn’t known – for example, an international call) The gateway is known, but Commio can’t attest to the caller OR the number


Analytics: How Calls are Labeled as Spam and/or Blocked

Attestation is assigned by the caller’s provider or, in the case of international calls, the provider where the call enters the network. However, the decision to block or deliver the call is made by the destination (or “terminating”) carrier or provider.  To do this, they can use a variety of automated analytic software programs. 

Analytics programs may be purchased from any number of third party developers or created in-house, which also means that they each utilize slightly different decision trees. A call that goes through with one carrier, might be blocked by another – regardless of the level of attestation. 

The chart below shows a few of the possible call outcomes based on the level of attestation and type of call. Not every “A” goes through (though most do); not every “B” or “C” will be blocked (though many are). Most of the terminating providers do not block a call based solely on the attestation level, at least at this time. When the last STIR/SHAKEN deadline for smaller service providers passes on June 30 this year and everyone must be compliant, the number of calls being blocked may go up. There are also industry groups working to ensure that legitimate calls still go through.

Call Examples

Commio Attestation Compliance

As a major provider, Commio has been assigning attestation levels for the past couple years and signs billions of calls every month. We work hard to ensure that new customers produce only legitimate voice traffic. As a virtual local exchange carrier (VLEC), we also have millions of phone numbers available from across the U.S. and Puerto Rico, helping customers to acquire and activate the numbers they need quickly and easily – and allowing them to move from a “B” attestation to an “A.” If you have any questions about attestation or how to change your level, please feel free to contact us.

Chances are, you’re still receiving spam calls and caller ID spoofing. Will illegal calls ever be eradicated? It’s unlikely; as long as there’s money to be made, fraudsters will find a way. But it should continue to improve. In the meantime, here’s some advice from the FCC website.

Consumer Tips

  • Don’t answer calls from unknown numbers. Let them go to voicemail.
  • If the caller claims to be from a legitimate company or organization, hang up and call them back using a valid number found on their website, or on your latest bill if you do business with them.
  • If you answer and the caller (often a recording) asks you to press a button to stop receiving calls, or asks you to say “yes” in response to a question, hang up. Scammers often use these tricks to identify and target live respondents, or to use your “yes” to apply unauthorized charges on your bill.
  • Be Aware: Caller ID showing a “local” number no longer means it is necessarily a local caller.
  • If you answer and the caller asks for payment using a gift card, it’s likely a scam. Legitimate organizations like law enforcement will not ask for payment with a gift card.
  • If you receive a scam call, file a complaint with the FCC Consumer Complaint Center by selecting the “phone” option and then “unwanted calls.” The data the FCC collects helps track trends and supports enforcement investigations.
  • If you have lost money because of a scam call, contact your local law enforcement agency for assistance.
  • Ask your phone company if it offers a robocall blocking service. If not, encourage them to offer one. You can also visit the FCC’s website for more information about illegal robocalls and resources on available robocall blocking tools to help reduce unwanted calls.
  • Consider registering your telephone numbers in the National Do Not Call Registry. Lawful telemarketers use this list to avoid calling consumers on the list.

Date posted: February 21, 2023

Topic: CPaaS   International   Outbound   Outbound Voice   Toll-Free   Uncategorized  

Tags: Caller ID   FCC   FCC Regulations   STIR SHAKEN  

Michael Tindall

Michael Tindall leads Commio's product development and engineering teams. While attending Clemson University, Michael co-founded Tsoft Solutions, purchased by ClearSky Networks. Next he built and ran support for US Networks. Michael then worked for Bandwidth till he was approached by Aaron Leon to build a cloud-based routing system. The rest is history. Michael is a “40 under 40” winner, and one of only 18 OpenSIPS Certified professionals worldwide. When not coding the future of telecom, you’ll find him enjoying movies, cars, entertaining, and exercising.

Recent posts from Michael Tindall

Get the latest from Commio

We’ll send you one email a month featuring our latest blog content.