STIR/SHAKEN and Why It Matters

Call attestation is the telecom world’s version of a security checkpoint, except instead of making you take off your shoes, it scrutinizes your phone number’s identity before letting your call through. Part of the STIR/SHAKEN framework (a delightfully odd name that has nothing to do with James Bond’s drinking preferences), call attestation helps combat the plague of robocalls and spoofed caller IDs that have made everyone afraid to answer their phones.

Developed as a way to restore trust in voice communications, STIR/SHAKEN stands for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using TOKENs (SHAKEN). Clearly, someone in the telecommunications industry worked overtime to make those acronyms fit. The system allows the originating service provider to “attest” or digitally sign calls with varying levels of confidence about who’s actually calling.

Why should anyone care? Because with nearly 48 billion robocalls made to Americans in 2023 alone, spoofed numbers have become so common that answer rates have plummeted from 73% a decade ago to just 27% today, with a particularly sharp decline in the past five years. For businesses that actually need to reach their customers by phone, this presents a rather significant problem.

The Three Attestation Levels: A Tale of Trust Issues

The STIR/SHAKEN framework uses three levels of attestation that essentially translate to “Yes, I know this caller” (A), “Well, I sort of know this caller” (B), and “Who’s asking? Never heard of them” (C). Let’s break these down with all the seriousness this critical telecommunications infrastructure deserves:

Level A (Full Attestation): The VIP Pass

When a call gets an A-level attestation, the provider is essentially saying, “I know this caller, they are authorized to use this number, and I’ll vouch for them.” It’s the telecommunications equivalent of being personally walked into an exclusive club by the owner. Calls with A-level attestation get the royal treatment – they’re more likely to be delivered without being labeled as spam, and customers might actually answer them. Imagine that!

For businesses, your calls sail through the networks with a “Verified” badge, customers see your actual business name, and your outreach doesn’t get tossed into the digital trash heap of suspected scams.

Level B (Partial Attestation): The “I’m With the Band” Pass

Level B is for when the provider knows who you are but can’t fully verify you’re authorized to use the number you’re calling from. It’s like telling the bouncer “I’m friends with the DJ” – they might let you in, but they’re keeping an eye on you.

The provider is saying, “I know this customer, but I can’t confirm they have the right to use this specific number.” Maybe it’s a ported number or a forwarded call from another service. Either way, these calls face a medium trust level and have some risk of being flagged by mobile carriers or spam filters. Not ideal for businesses trying to reach customers.

Level C (Gateway Attestation): The Suspicious Character

Level C attestation is basically the provider throwing up their hands saying, “This call entered from somewhere, but I have no idea who these people are.” It’s the telecom version of someone trying to get into the club wearing a trench coat with three kids stacked inside.

Calls with C-level attestation have the highest chance of being labeled “Scam Likely” or blocked entirely. If your business calls are getting this level, you might as well be shouting into the void – your connection rates are going to be abysmal.

Regulatory Background: The Government Steps In (Finally)

After years of consumers being bombarded with spoofed calls claiming to be from the IRS, their bank, or a prince who needs help transferring millions of dollars, the government finally decided to do something. Because nothing says “swift action” like waiting until a problem affects literally everyone before addressing it.

The TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act) directed the FCC to establish caller ID authentication requirements. In response, the FCC created rules requiring voice service providers to implement STIR/SHAKEN in their IP networks by June 30, 2021. Larger carriers had to comply immediately, while smaller providers received extensions.

More recently, the FCC’s “Call Authentication Trust Anchor” rules, effective September 18, 2025, have tightened things further. These rules mandate that providers must:

• Use their own certificates for signing calls, even if third parties handle the technical signing

• Register and obtain a Service Provider Code (SPC token)

• Maintain records and submit to audits for third-party signing arrangements

• Take responsibility for determining attestation levels (not passing the buck to wholesale carriers)

Intermediate carriers are also required to authenticate calls entering their networks without prior attestation, closing a loophole that allowed many spoofed calls to slip through. Note that Techmode handles all this complex authentication automatically for clients, so they never have to worry about their calls getting flagged.

Why Businesses Should Care (Unless They Enjoy Being Ignored)

Businesses making outbound calls face a stark reality: if your calls lack proper attestation, they’re increasingly likely to be blocked or labeled as spam. This isn’t just annoying—it’s potentially catastrophic for companies that rely on phone communication.

Consider these scenarios:

• Your sales team makes 100 calls, but 75 are marked as “Scam Likely” because of poor attestation. That’s 75 potential customers who will never speak to you.

• Your appointment reminder calls get blocked, leading to no-shows and lost revenue.

• Your customer service callbacks go unanswered because customers don’t trust the number.

The impact goes beyond just missed connections. According to data, calls with A-level attestation can see 15-30% higher answer rates compared to those with lower attestation levels. In the business world, that difference can mean thousands in revenue lost or gained.

There’s also the matter of regulatory penalties. The FCC has made it clear that “improper attestation” is a violation. If a provider mis-labels spoofed or unverified calls with A-level attestation when they don’t qualify, they risk removal from the Robocall Mitigation Database. The result? All their calls could be blocked nationwide. It’s like having your business number sent to telecom prison.

Technical Implementation: It’s Complicated (Surprise!)

Getting call attestation right involves technical processes that would make a network engineer weep. For most businesses, however, it’s about as exciting as watching paint dry – albeit with higher stakes.

Implementing STIR/SHAKEN properly requires:

• Obtaining digital certificates from authorized Certificate Authorities

• Configuring SIP headers with identity tokens

• Managing cryptographic signatures for every call

• Ensuring proper number ownership records

For hosted providers or businesses using third-party systems, this becomes even more complex. Under the new FCC rules, the responsibility for attestation decisions can’t be delegated to wholesale carriers anymore. This means providers need to determine the attestation level for each call and maintain records showing how these decisions are made. Nothing says “fun Friday afternoon” like auditing your attestation decision process!

The greatest challenge? Getting that coveted A-level attestation. To qualify, providers must verify both the customer’s identity and their authorization to use specific phone numbers. This often requires extensive documentation, including:

• Proof of number ownership

• Letters of Authorization for ported numbers

• Verified business identity records

It’s enough paperwork to make anyone consider communicating exclusively via carrier pigeon instead.

How Techmode Handles All This Nonsense (So You Don’t Have To)

While other providers are scrambling to comply with these regulations or passing the complexity on to their customers, Techmode has built call attestation directly into its core infrastructure.

TechmodeGO is powered by a private AWS instance architecture that gives complete control over SIP signaling and identity management. This means calls originating from Techmode can be digitally signed at the carrier level, ensuring the highest possible attestation rating where eligible.

Unlike multi-tenant public cloud providers (looking at you, RingCentral. Five9’s and 8×8), Techmode’s private instance approach means your call identity isn’t diluted or mixed with hundreds of unknown users. This translates to better attestation levels and improved call delivery.

Techmode’s U.S.-based support team doesn’t just pass tickets around – they actually help verify number ownership to move clients up to Level A attestation. With an NPS of 85 (compared to the industry average of 36), it’s clear Techmode’s approach to handling the complexities of telecommunications regulations works for their customers.

FAQ: Everything You Were Afraid to Ask About STIR/SHAKEN

Q: Does STIR/SHAKEN eliminate all robocalls?

A: No, it just makes caller ID spoofing harder. Legitimate robocalls are still allowed, unfortunately. So those “your bank account has been hacked, can you please give me your account number?” calls might still come through, but at least you’ll know who to blame.

Q: Will my calls be blocked if my business doesn’t implement STIR/SHAKEN?

A: Not automatically, but without proper attestation, your calls are increasingly likely to be labeled as spam or blocked by downstream carriers.

Q: How do I know what attestation level my calls are receiving?

A: Your telecommunications provider should be able to tell you. If they respond with “what’s attestation?” it might be time to find a new provider.

Q: Is implementing STIR/SHAKEN expensive?

A: It can be if you’re doing it yourself. Using a provider like Techmode that handles this as part of their service is typically more cost-effective than trying to build the infrastructure yourself.

Q: How does this affect international calls?

A: International calls often enter as C-level attestation since they originate outside U.S. networks. The FCC continues to work on rules for gateway providers to better handle these calls, but for now, they remain the telecommunications equivalent of a mystery novel.

Remember, in a world where trust in phone calls has eroded faster than a sandcastle at high tide, proper call attestation isn’t just a technical requirement—it’s essential to maintaining your business communication channels. And unlike your last diet plan, this is one commitment you can’t afford to abandon.