Skip to content
DialPhone
Start free trial

Glossary · STIR/SHAKEN

What is STIR/SHAKEN?

STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) is a framework of technical standards and protocols for authenticating caller ID information on phone calls. Required by the FCC for US voice carriers under the TRACED Act, STIR/SHAKEN verifies that the calling number is legitimately associated with the originating carrier — reducing caller ID spoofing, robocalls, and fraud. Legitimate business calls get cryptographically signed; calls from unknown or untrusted origins get flagged as “Spam Risk” or rejected.

Why STIR/SHAKEN exists

Traditional phone signaling (SS7) was designed in an era when carriers trusted each other implicitly. Caller ID was whatever the originating carrier put in the signaling header. Fraudsters learned to spoof caller ID, displaying numbers they don’t own — sometimes numbers of local neighbors, law enforcement, or banks — to trick recipients.

By 2019, Americans received an estimated 50 billion robocalls per year. STIR/SHAKEN is the industry’s cryptographic response.

How STIR/SHAKEN works

When a call originates:

  1. Originating carrier authenticates the caller’s right to use the calling number
  2. Carrier assigns an attestation level:
    • A (Full Attestation): carrier confirms the caller owns the number
    • B (Partial Attestation): carrier knows the caller but cannot verify the number assignment
    • C (Gateway Attestation): carrier received the call from another network and cannot verify
  3. Carrier digitally signs the SIP INVITE with a certificate (STIR protocol)
  4. Transit carriers pass the signed call through without modification
  5. Terminating carrier verifies the signature (SHAKEN protocol)
  6. Terminating carrier passes the verified call (or labels it “Spam Risk”) to the called phone

Consumer-visible result: calls display “Verified” or similar trust indicators when properly signed. Unsigned or invalid calls may be labeled as spam risk or blocked entirely.

STIR vs SHAKEN

  • STIR (Secure Telephone Identity Revisited): the IETF technical standards for cryptographic signing (RFC 8224-8226 and related)
  • SHAKEN (Signature-based Handling of Asserted information using toKENs): the carrier-network operational framework that uses STIR for authentication between carriers

They’re complementary. STIR is the protocol; SHAKEN is the implementation.

STIR/SHAKEN and business calls

For legitimate business callers, STIR/SHAKEN matters because:

  • Calls get signed at Attestation Level A when the carrier can verify number ownership
  • Signed calls have higher delivery rates — less likely to be labeled spam
  • Call recipients see trust indicators — more likely to answer
  • Bad actors get filtered out — competitive advantage for legitimate senders

DialPhone signs all outbound calls from verified DialPhone-assigned numbers at Attestation Level A when possible. Ported numbers verify through DialPhone’s Letter of Authorization process and receive A or B attestation depending on verification depth.

STIR/SHAKEN and call blocking

The FCC permits carriers to block certain traffic:

  • Unsigned calls from verified illegal sources
  • Calls signed at low attestation from networks with history of abuse
  • Calls failing signature verification

This matters for outbound campaigns: a call that appears legitimate to the sender can still be blocked by the recipient’s carrier if it fails STIR/SHAKEN validation at the network level.

STIR/SHAKEN and robocalls

STIR/SHAKEN isn’t a silver bullet against robocalls:

  • It reduces spoofing — bad actors can’t impersonate banks or law enforcement easily anymore
  • It doesn’t stop all spam — calls from signed numbers can still be spam if the caller is a registered scammer
  • Scammers have adapted — using VoIP services that offer full attestation
  • Carrier analytics layer on top — filtering based on patterns even for signed calls

The overall impact since 2020 has been meaningful (measurable robocall reduction) but far from eliminated.

STIR/SHAKEN timeline

  • 2019: TRACED Act signed into law
  • June 30, 2021: STIR/SHAKEN implementation deadline for large voice providers
  • June 30, 2022: Extended deadlines for small and non-IP voice providers
  • 2023: Small carriers phased compliance
  • Ongoing: Carriers that can’t verify caller identity face delisting and call-blocking pressure

Most US voice traffic is now STIR/SHAKEN-signed.

International caller ID authentication

STIR/SHAKEN is US-centric. Similar frameworks exist or are emerging in:

  • Canada: STIR/SHAKEN adopted by CRTC
  • UK: Ofcom requiring authentication solutions
  • France: ARCEP implementing caller ID authentication
  • Australia: ACMA developing framework

International calls crossing between regions without authentication typically carry less trust. Business callers with international reach should prefer local numbers in each region where possible.

STIR/SHAKEN and outbound dialing compliance

STIR/SHAKEN complements, doesn’t replace, TCPA and DNC compliance. Outbound dialers must:

  • Use STIR/SHAKEN-compliant infrastructure
  • Honor TCPA consent requirements
  • Scrub against National DNC Registry
  • Comply with 10DLC for SMS
  • Respect state-level rules

DialPhone’s outbound dialer handles all four.

What businesses need to do

For most businesses, nothing active. The carrier (DialPhone) handles STIR/SHAKEN. Things to verify:

  • Your voice provider is STIR/SHAKEN-compliant
  • Outbound calls from ported numbers sign at Level A or B
  • Monitor call delivery rates by campaign and investigate drops
  • Keep DNC scrubbing and TCPA consent current
  • If you use SIP trunking to a customer-operated PBX, verify your SBC signs properly

STIR/SHAKEN on DialPhone

  • All outbound calls signed per STIR/SHAKEN
  • Attestation Level A for DialPhone-assigned numbers
  • Attestation Level A or B for ported numbers (depending on verification depth)
  • Monitoring and alerts for attestation failures
  • Support for signed calls via Operator Connect for Microsoft Teams deployments

See the DialPhone trust center → · See outbound dialing compliance →

Example

A healthcare imaging center moved from a regional VoIP provider to DialPhone. Under the old provider, outbound appointment reminder calls were getting labeled “Spam Likely” on Verizon — patients weren’t answering. After switching to DialPhone with proper STIR/SHAKEN signing at Attestation Level A, answer rates on reminder calls rose from 41% to 74% in the first quarter. No change in the content of the calls — just proper caller ID authentication at the carrier level.

Related content

Learn more about DialPhone

AI-powered business phone, SMS, meetings, fax, and contact center from $24/user/mo.

Start free trial Browse glossary
Call sales Start free trial