Insights & Resources5 min read

SHAKEN/ STIR, what do you need to know?

Let’s take a look at what new rules and regulations surrounding SHAKEN/ STIR and robocalling mean for you.

Fiona McDonnell
Find out all you need to know about SHAKEN/ STIR

What is robocalling?

Let’s cover the basics- a robocall is a phone call that uses a computerized autodialer to deliver a pre-recorded message. While often associated with fraudulent schemes or scams, robocalls can also be used for good- such as spreading information quickly and widely, like public service announcements or emergency warnings.
Sometimes robocalls sound just like robots but with advancements in technology, it is becoming more and more difficult to distinguish robocalls from phone calls with real humans. However advancements of this type mean they are increasingly being used to commit fraud and scam unknowing people on the other end of the line.
This phenomenon has resulted in people being more reluctant to pick up the phone than ever before for fear they’ll end up the victim of a robocall scam. Phone call pickup rates in 2019 were at an all time low, with only 52% of all calls received by Americans are answered. And when the call comes from an unidentified number, the unanswered rate goes up to 3 of 4. For businesses that depend on phone calling as the main method of contact with customers, this is a huge issue- and it’s only getting worse.
According to Hiya, a staggering 58.5 billion robocalls were made to American mobiles in 2019, an increase of 22% on the 2018 figure.


To help stem the issue with robocalling, the Federal Communications Commission (FCC) announced new rules to combat fraudulent robocalling. The framework is called SHAKEN/STIR, an acronym for Secure Handling of Asserted Information using toKENs (SHAKEN) / Secure Telephony Identity Revisited (STIR). So what does it really mean, who is involved and how will it work?

Understanding SHAKEN/ STIR

To start understanding the framework, we’ll break it down step-by-step:
The basic SHAKEN/STIR framework
  1. The calling party initiates a phone call through the originating service provider, which then contacts an internal authentication service to verify the caller ID number. The authentication service assigns an attestation level to the call and generates a signed token.
  2. The token is included as a header in the SIP INVITE and passed along to the terminating service provider, which contacts an internal verification service for analysis.
  3. The verification service reaches out to a certificate repository to validate the signature on the token.
  4. The call is completed to the recipient, and the terminating service provider can either pass along the verification results to the called party or take additional action, such as blocking the call.
  5. Originating service providers assign an attestation level to calls made on their network and assign a signed token.
On December 30, 2019 the TRACED Act was signed into law which directs voice service providers to implement SHAKEN/STIR by June 30th, 2021.

Attestation, explained

That’s all great, but what is an attestation I hear you ask? SHAKEN/STIR has a three-level system to categorize the essential information about the caller into levels of “attestation” for the call. The different levels describe the level of trust or proof a provider has in the caller’s right to use that particular number. The levels are:
Full Attestation (A): The provider knows the customer, knows they have a right to use the originating number, and knows that the call originated on their network. For numbers purchased in the Telnyx portal you should expect to recieve an 'A Attestation'.
Partial Attestation (B): The provider knows the customer but the customer may be using another provider's phone number. The call is legitimate but the provider can’t fully attest because of missing information.
Gateway Attestation (C): The provider can’t verify the customer or the phone number and has no way of knowing whether the call is legitimate. The originating provider will still attest to the call in order to mark that the call originated on their network.
Telnyx is well-aware of gaps in attestation levels for unique enterprise use cases legitimately spoofing numbers. Telnyx is working with industry groups and participants to identify opportunities to bridge this gap. Currently, Telnyx is looking at industry specifications on Delegate Certificates which would allow enterprises to provide originating service providers proof of having access to certain numbers. Similarly, Telnyx is investigating using two-factor-authentication methods as proof of TN ownership.

Who is involved?

There are different teams involved in the SHAKEN/STIR network (and they all have particularly long names). It’s a little easier to understand if we draw it out:

How is Telnyx implementing SHAKEN/STIR?

Telnyx has worked diligently to meet the SHAKEN/STIR implementation deadline of June 30th, 2021, and we are now fully SHAKEN/STIR compliant*.
Today, Telnyx is authenticating every outbound call with a valid U.S. Caller ID that originates on the Telnyx platform and is abiding by the attestation levels listed above. For inbound calls that have been signed by the originating provider, Telnyx is passing the identity header along the PSTN to the recipient.
Various industry developments around unique enterprise use cases continue to be addressed by industry bodies, and Telnyx will continue to update customers on what to expect in terms of SHAKEN/STIR capabilities.

*Telnyx will sign and attest to any outbound call that is not signed by our customer. Customers, however, should be aware of any applicable regulatory requirements to directly participate in the SHAKEN/STIR ecosystem and to sign their own calls as mandated by the Federal Communications Commission. Telnyx will pass SHAKEN signatures along that we receive in any outbound calls.
Share on Social

Get Started for Free!

Sign Up Today and Your First $10 is on Us.