STIR/SHAKEN Explained for Outbound Call Centers

What STIR/SHAKEN Actually Is

STIR stands for Secure Telephone Identity Revisited. SHAKEN stands for Signature-based Handling of Asserted Information Using toKENs. The combination is a cryptographic signing protocol layered on top of SIP signaling.

When you place an outbound call, your originating carrier generates a digital certificate called a PASSporT (Personal Assertion Token). That token attests to three things: the originating carrier's identity, the caller ID being presented, and the carrier's confidence level that the caller is entitled to use that number. The PASSporT travels with the call through the SIP network. The terminating carrier — Verizon, T-Mobile, AT&T, or any other carrier — validates the signature and uses the result to decide how to display the call.

The Robocall Mitigation Database, maintained by the FCC, requires all US voice service providers to certify their STIR/SHAKEN implementation and document their robocall mitigation program. Carriers that cannot verify their traffic sources can be blocked at the network level.

Why Attestation Level Changes What Happens at the Handset

STIR/SHAKEN uses three attestation levels, each with a specific meaning.

Full attestation (A-level) means the originating carrier has authenticated the caller, verified the caller is authorized to use the presented number, and certified both. When a call arrives with A-level attestation, carriers typically display the call normally or apply a verified badge on supported handsets.

Partial attestation (B-level) means the carrier authenticated the call's origination but cannot verify that the presenting party is authorized to use the specific number. This is the common case when a call center or business uses a SIP trunk and presents numbers from a pool the trunk provider does not directly control.

Gateway attestation (C-level) means the carrier received the call from a gateway interconnect where authentication was not possible — often international traffic or legacy TDM hand-offs. C-level calls are treated with the most suspicion by downstream analytics engines.

Getting to A-level requires that your SIP trunking provider directly manages or can vouch for the DIDs you present. UnlimCall issues caller IDs on demand across all 33 live markets specifically so the numbers you present are owned and managed within our network — a prerequisite for full attestation.

How the Major Carriers Use Attestation Data

T-Mobile, AT&T, and Verizon all operate proprietary call analytics systems on top of raw attestation data. They combine STIR/SHAKEN scores with call behavior signals: call duration, call frequency per number, complaint rates, and historical connect patterns. A single short call from a freshly issued number with C-level attestation will not trigger a spam label on its own. A thousand short calls from the same number over six hours will.

The interaction between attestation level and call behavior analytics is important for outbound teams to understand. STIR/SHAKEN signing supports better answer rates; it does not guarantee them and it does not override spam analytics. A-level attestation on a number that has been flagged by consumer complaints is still a flagged number. This is not legal advice, and no carrier's labeling behavior is contractually fixed.

What Changes for International Traffic

STIR/SHAKEN is a US and Canadian protocol. The EU, UK, and other markets have separate frameworks or none at all. When you dial into European, LATAM, or Asia-Pacific markets available on UnlimCall, the attestation framework does not apply in the same way.

For those markets, answer rate performance is driven by local carrier relationships, number type (national vs. mobile vs. toll-free), and time-of-day matching between your caller ID's apparent geography and the destination. UnlimCall's 33-country footprint exists specifically to let outbound teams present local numbers in market — the mechanism that replaces attestation for non-US/CA traffic.

The Robocall Mitigation Database Requirement

Any originating voice provider that cannot fully implement STIR/SHAKEN — typically because they operate older TDM equipment — must file a robocall mitigation program with the FCC's Robocall Mitigation Database. Downstream carriers are required to block traffic from providers not listed in the database.

If your current SIP trunk provider is not listed or has a mitigation-only filing rather than a full STIR/SHAKEN implementation, your C-level traffic is at elevated risk of being blocked outright, not just labeled. Checking your provider's filing status is a five-minute task on the FCC's public database.