UnlimCall
STIR/SHAKEN for SIP carriers

STIR/SHAKEN attestation A explained. Why it matters for your SIP carrier.

STIR/SHAKEN signs every US/CA outbound call so carriers downstream can verify the caller ID isn't spoofed. The attestation level on that signature determines whether your call gets through clean or gets flagged “Spam Likely” before the prospect even sees the ring. Three levels — A, B, C — and only one is actually safe.

See coverage Talk to us

FCC-regulated · attestation A · RMD listed · CRTC-aligned (Canada)

The three levels

A vs. B vs. C — what carriers actually trust.

Every signed outbound call carries an attestation token. Downstream carriers — Verizon, T-Mobile, AT&T, Bell, Rogers — read the token and use it as one input into their spam-scoring algorithms. The level matters more than most outbound teams realise.

AFull attestation

What it means: The originating carrier (1) knows the customer placing the call AND (2) confirms the customer has authorization to use the calling number. Both conditions must be true.

Effect on your calls: Calls almost always pass downstream carrier filters. Higher answer rates. Numbers stay clean longer.

UnlimCall: Every US/CA outbound call we route is signed at A.

BPartial attestation

What it means: The originating carrier knows the customer placing the call, but cannot confirm authorization to use the specific calling number.

Effect on your calls: Calls often route, but carriers downstream may flag with reduced trust. Some "Spam Likely" labels appear over time.

UnlimCall: We do not issue B attestation on outbound. If we cannot confirm a number is yours, we do not sign at all.

CGateway attestation

What it means: The carrier signing the call did not originate it — they are passing it through from another network and cannot verify customer or number.

Effect on your calls: Calls are commonly flagged as "Spam Likely" or blocked outright. Downstream carrier filters trust C-level signatures the least.

UnlimCall: We do not gateway third-party traffic. All signed traffic originates on our network.

Under the hood

How a signed call actually moves.

  1. Step 1 — Origination

    Your dialer hands the call to UnlimCall

    ViciDial (or any SIP dialer) sends an INVITE to our edge. We confirm two things before signing: (1) the customer is authenticated to our network, and (2) the calling number is in the customer's authorized CLI pool. Both checks pass for every UnlimCall outbound call by construction.

  2. Step 2 — Cryptographic signing

    We sign the call with attestation A

    Our signing service generates a JWT (RFC 8225 PASSporT) containing the calling number, called number, timestamp, and attestation level. We sign it with our private key issued under STI-PA (the policy administrator). The signature lands in the SIP Identity header on the outgoing INVITE.

  3. Step 3 — Downstream verification

    Verizon / T-Mobile / AT&T verify and route

    The terminating carrier (the prospect's phone provider) fetches our public certificate from STI-CR (the cryptographic repository), verifies the JWT signature, and reads the attestation token. They factor the result into their spam-scoring engine alongside other signals (call pattern, recipient's reporting history, etc.). A signed A-level call clears the “identity verified” bar and reaches the handset clean.

Common myths

What STIR/SHAKEN doesn't do.

  • It guarantees your call gets answered
    Reality: It guarantees the recipient carrier can verify your identity. Whether the recipient picks up depends on a dozen other factors (dialing pattern, reputation history, CLI rotation policy, time of day).
  • It permanently kills "Spam Likely" labels
    Reality: Carrier-side spam scoring uses STIR/SHAKEN as one input among many. A high call-attempt rate or low ACD will still flag your number even with A attestation. Pair it with managed CLI rotation and reasonable pacing.
  • It works internationally
    Reality: STIR/SHAKEN is North American (US + Canada). The EU, UK, and Australia have their own (younger) frameworks under local regulators. UnlimCall complies with local rules in each market — same goal, different mechanism.
  • You sign your own calls
    Reality: Your carrier signs. As an outbound customer, you choose a carrier that signs at attestation A and trust their signing infrastructure. UnlimCall is a registered STI-SP (signing service provider).
FAQ

Common questions.

Is STIR/SHAKEN required for outbound calling in the US?+

For voice service providers in the US: yes. The TRACED Act mandated STIR/SHAKEN implementation by FCC-regulated carriers. As an outbound caller (the customer), you are not the one signing — your carrier is. But your answer rates depend heavily on whether your carrier signs at attestation A.

What's the difference between STIR and SHAKEN?+

STIR is the signing standard (RFC 8224). SHAKEN is the framework that defines how carriers in North America implement STIR (ATIS-1000074). In practice they are referred to together — "STIR/SHAKEN" — and you only care about the outcome: did your call get signed, and at what attestation level.

Does Canada also use STIR/SHAKEN?+

Yes. The CRTC mandated STIR/SHAKEN for Canadian voice carriers. Same attestation system, same framework — UnlimCall signs Canadian outbound at attestation A end-to-end.

What does "attestation A" mean for my answer rate?+

Verizon, T-Mobile, AT&T, Bell, Rogers, and the major carriers downstream all use the attestation level as one input into their spam-scoring algorithms. Calls signed at A are statistically less likely to be tagged "Spam Likely" or blocked. The exact uplift varies by destination carrier, time of day, and call volume — but in every benchmark we have seen, A outperforms B and dramatically outperforms C.

Can my outbound traffic still be flagged "Spam Likely" even with attestation A?+

Yes — STIR/SHAKEN proves identity, not legitimacy. If your dialing pattern looks abusive (very high call-attempt rate, very short ACD, low ASR), carriers will still flag the number. Attestation A is a necessary but not sufficient condition. Pair it with managed CLI rotation, time-of-day rules, and reasonable dial-pacing.

How do I know if my current carrier signs at A?+

Place a test call to a number that displays raw SIP headers (or use a STIR/SHAKEN test service like Numeracle, TransNexus, or iconectiv's checker). Look for the Identity header in the INVITE — it contains an attestation token. Decode the JWT payload — the "attest" field is "A", "B", or "C". UnlimCall provides a self-serve test endpoint in your portal.

Is STIR/SHAKEN expensive to implement?+

Not for you, if you pick a carrier that signs at A. UnlimCall absorbs the cryptographic infrastructure cost (cert authority, signing service, RMD listing) into the seat fee — no add-on charges. Other carriers may charge separately for STIR/SHAKEN; ask before you sign anything.

What happens to international outbound (non-US/CA)?+

STIR/SHAKEN is North American. EU, UK, AU, and other regions use different frameworks (some have their own caller-ID verification under local regulator rules; others have nothing yet). UnlimCall complies with the local rules in each market — STIR/SHAKEN signs US/CA, regulator-specific frameworks elsewhere where they exist.

UnlimCall + STIR/SHAKEN

Attestation A on every call. No exceptions.

  • Registered STI-SP (signing service provider) — we sign at our edge, not via a third party
  • RMD listed at the FCC (Robocall Mitigation Database) — required for full attestation
  • CRTC-compliant for Canadian outbound — same attestation A signing
  • Test endpoint in your portal so you can verify your own outbound is signed correctly
  • No add-on charges — STIR/SHAKEN is included in the seat fee
  • CLI pool authorized per customer — signing always passes the "is this number yours" check
Full compliance posture
Ready when you are

Pick a country.Pay in two minutes.

Pick a countrySee pricing calculator
  • Magic-link signup
  • Cancel before commit ends
  • Lines live in ~2 min