In today’s time, spam and spoofed calls have become a major challenge for both consumers and businesses. Fraudsters often manipulate caller IDs to appear as trusted organizations such as banks, government agencies, or healthcare providers. Spam and spoofed calls became so widespread that the FCC had to step in with a federal mandate.
According to the FCC’s own data, Americans receive billions of robocalls every year, and a significant portion use spoofed caller IDs to impersonate banks, government agencies, and healthcare providers.
STIR/SHAKEN is the telecom industry’s solution to this problem. It is a call authentication technology designed to verify that a caller ID is legitimate before a call reaches its destination.
By digitally signing and validating calls, STIR/SHAKEN helps carriers identify whether the calling number can be trusted. While it does not stop every unwanted call, it significantly reduces caller ID spoofing and makes impersonation much more difficult.
In this article, we explain what STIR/SHAKEN is, how it works, and why it has become an important part of modern VoIP phone systems and telecom networks.
What Is STIR/SHAKEN?
STIR/SHAKEN stands for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN). While the name is complex, the purpose is simple: it is a call authentication technology that helps verify that the caller ID displayed on a phone is legitimate.
Think of it like a digital signature for phone calls. When a call is placed, the originating carrier digitally signs the caller ID. The receiving carrier then checks that signature before delivering the call.
In simple terms, STIR/SHAKEN works much like a digitally signed email. Just as an email signature helps verify the sender’s identity, STIR/SHAKEN helps verify that a phone number has not been spoofed.
The framework was developed by the ATIS (Alliance for Telecommunications Industry Solutions) and SIPFORUM to help combat robocalls and caller ID spoofing. Today, it plays a key role in improving trust and security across modern telecom and VoIP phone systems.
How STIR/SHAKEN Works: A Step-by-Step Breakdown
Understanding how STIR/SHAKEN works is easiest when you follow a call from start to finish. The entire process happens in milliseconds in the background, so users never notice it.
Step 1: The Call Is Placed
A call originates from a phone, VoIP system, or call center platform. The originating carrier receives the call along with the caller ID being asserted.
Step 2: The Originating Carrier Signs the Call
The originating carrier checks whether the caller is authorized to use the number and assigns an attestation level:
- Full Attestation (A): The carrier has verified the customer and confirms they are authorized to use the number.
- Partial Attestation (B): The carrier has verified the origin of the call but cannot fully confirm the number being used.
- Gateway Attestation (C): The call is received from an international gateway or an unverified source.
The carrier then generates a PASSporT (Personal Assertion Token), a JSON Web Token (JWT), and signs it using a private cryptographic key. This token is added to the SIP INVITE header.
Step 3: The Terminating Carrier Verifies
When the call reaches the destination carrier, it retrieves the originating carrier’s public certificate from the Secure Telephone Identity (STI) certificate authority. The public key is used to verify the digital signature.
If the signature matches, the call is considered valid. If not, it may be flagged or marked as suspicious.
Step 4: The Call Is Labeled or Delivered
Based on the verification result and attestation level, the call is either:
- Delivered normally
- Marked as “Verified”
- Labeled as “Spam Likely” or flagged for further screening
Most modern carriers and smartphones now display these indicators directly on incoming calls, helping users identify trusted and suspicious calls in real time.
Is Your VoIP System STIR/SHAKEN Ready?
Find out how iCallify handles call authentication out of the box.
Why STIR/SHAKEN Matters for Businesses
For most consumers, STIR/SHAKEN is just the reason their phone now shows “Spam Likely” instead of a mystery number. For businesses, the stakes are higher.
Your Outbound Calls Need to Be Trusted
If your company uses a VoIP system or a cloud call center to reach customers, your calls pass through this same framework. A call that fails attestation or gets flagged as potential spam will either go unanswered or actively erode the customer’s trust in your brand.
According to a study, 86% of consumers do not answer calls from unknown or unverified numbers. That number alone should make caller ID verification for VoIP a business priority, not just a compliance checkbox.
Regulatory Compliance
The FCC’s TRACED Act requires all US voice service providers to implement STIR/SHAKEN. Non-compliant providers risk FCC enforcement action. If your business relies on a carrier or VoIP provider that has not properly implemented the framework, your calls may be flagged even when they are entirely legitimate.
Customer Answer Rates and Revenue
Sales teams, appointment reminder systems, and customer service departments all depend on customers picking up. Unanswered calls mean missed revenue and poor customer experience. Proper call authentication technology protects your answer rates by ensuring your calls reach customers as verified rather than suspicious.
STIR/SHAKEN and VoIP: What Changes for Your Phone System
For businesses using a VoIP platform, caller ID verification for VoIP works through SIP signaling. The PASSporT token is included in the SIP INVITE header, making STIR/SHAKEN a natural fit for modern VoIP infrastructure.
What changes for VoIP users?
- Number Registration: Business phone numbers should be properly registered with your carrier to improve the chances of receiving Full Attestation (A-level).
- Carrier Compliance: Your VoIP provider should support STIR/SHAKEN and be authorized to sign and verify calls.
- Call Analytics Integration: Many VoIP and CCaaS platforms now include STIR/SHAKEN data in reporting and analytics, helping businesses monitor outbound call verification status.
- International Calls: STIR/SHAKEN primarily applies to domestic U.S. calls. International calls often receive Gateway Attestation (C-level), which may affect how they are displayed to recipients.
For businesses that rely on outbound calling, proper STIR/SHAKEN implementation can improve caller trust, reduce the risk of spam labeling, and increase answer rates.
Also Read: How Can Outbound Call Center Solutions Transform Your Sales Strategy?
Limitations You Should Know
While STIR/SHAKEN is an important step toward reducing caller ID spoofing, it is not a complete solution.
Key limitations of STIR/SHAKEN
- It primarily applies to U.S. domestic calls: International calls often pass through gateways that can reduce or remove attestation information, limiting verification.
- It does not block calls: STIR/SHAKEN verifies and labels calls, but the decision to block or filter calls is made by carriers and analytics providers.
- Legitimate calls can still be flagged: Businesses with high outbound call volumes or numbers that have a poor reputation may still encounter spam warnings.
- Verified numbers can still be misused: STIR/SHAKEN confirms that a caller is authorized to use a number, but it does not determine the caller’s intent. Fraudsters using legitimately acquired numbers may still receive valid attestation.
For this reason, STIR/SHAKEN works best when combined with call analytics, spam detection systems, and carrier-level fraud prevention measures.
What Businesses Should Do Right Now
| Action | Why It Matters |
| Confirm your VoIP provider is STIR/SHAKEN compliant | Ensures your calls can be properly signed and verified. |
| Register your phone numbers with your carrier | Improves the chances of receiving Full Attestation (A-level). |
| Test how your calls appear on recipient phones | Helps verify whether your calls are displayed as trusted or flagged. |
| Monitor call analytics regularly | Identifies potential spam labeling or caller reputation issues. |
| Consider branded caller ID solutions | Displays your company name alongside verified calls, improving trust and answer rates. |
| Avoid sharing numbers across multiple applications | Reduces the risk of spam flags caused by unusually high call volumes from a single number. |
Want to see how iCallify manages STIR/SHAKEN compliance for your outbound calls?
The Bottom Line
STIR/SHAKEN is the telecom industry’s primary framework for combating caller ID spoofing and reducing spam calls. While it is not a perfect solution, it has significantly improved how carriers verify and authenticate calls.
For businesses, call authentication technology is both an opportunity and a necessity. Proper implementation can improve caller trust, increase answer rates, and strengthen the reputation of your outbound communications. Ignoring it, however, can increase the likelihood of legitimate calls being flagged or treated as suspicious.
If you use a cloud call center or business VoIP system, understanding STIR/SHAKEN and ensuring your provider supports it is no longer optional. It has become a standard part of secure and professional business communications.
