Part one of our ongoing Call Delivery FAQ series focuses on the questions we get asked every day on all things STIR/SHAKEN and call attestation levels. If you’re looking for a deeper dive, tune in to the podcast episode!
Wasn't STIR/SHAKEN supposed to stop bad robocalls and enable good calls to go through? If I'm a legitimate business, why might I still see my calls labeled as 'Scam' and 'Spam' today?
When STIR/SHAKEN rolled out, many enterprises believed ‘Scam’ and ‘Spam’ labels would simply go away, but that isn’t what happened. Through STIR/SHAKEN, call originators are required to attest calls from legal callers so that at termination calls should be accepted and successfully delivered because of the SHAKEN certificate that was delivered with the call. But it’s more complicated than that.
The originating provider needs to have a direct relationship with whoever is originating the call in order to sign the certificate with an A-level attestation flag. If not, the call will be sent with a B or C-level attestation. Despite the attestation level assigned at origination, and therefore the trustworthiness associated with the call, the STIR/SHAKEN infrastructure itself is vulnerable to gaps in TDM switches where the certification info can be lost altogether.
So when an originally A-attested call reaches a destination, it’s possible for the certification to get dropped along the way and receive a C-level attestation. When it gets to the terminating provider it doesn’t have the right level of authentication so carriers running analytics will continue to attach ‘Spam’ or ‘Scam Likely’ labels because their algorithms understand it as an unauthenticated call which is why this is still a problem today.
R E S O U R C E S
When calls are blocked, is an entity going to get notified that its calls are blocked?
This is still considered a bit of a mystery… When the call reaches its destination, the service provider has to decide if the call is an authenticated call or not. Analytics engines analyze aspects of the call for patterns like call volume, time of day, consumer-installed apps on devices that perform call blocking, originating IP, etc., to determine if the call is fraudulent, meaning you could get blocked due to other factors that may be at play..
Call blocking issues typically arise when businesses are originating calls and it’s hard to determine where exactly those calls are coming from. Attestation information gets lost in the call path and terminating carrier analytics could potentially block the call. When this happens, there isn’t a response sent to the originating provider notifying them that the call got blocked but there is an active discussion about introducing an error code transmission in the future.
R E S O U R C E S
Who is signing my calls with attestation levels? Who can give me a STIR/SHAKEN token or certificate?
The originating service provider placing calls and enabling the SIP invite into the network are the ones signing calls with attestation levels via a STIR/SHAKEN token or certificate.
In most cases where the call originator or enterprise has a direct relationship with a carrier, like AT&T or Verizon for example, they’re originating and signing those particular calls. In cases where enterprises also have relationships with their reseller, the upstream originating service provider for that reseller is the one signing the call even though the enterprise is calling through a downstream provider/reseller.
What if my provider tells me that they're attesting my calls with A-level but my calls are still being labeled as 'Spam'?
Labels are assigned at call termination so even if the originating provider signs the call with A-level attestation, it’s possible that the terminating provider is labeling the call as ‘Spam.’ This could happen if the number itself is deemed as a number that is spamming consumers repeatedly, especially with short-duration calls, or if it has been previously designated as a spammer before you were using that number.
Your attested calls could also be labeled as ‘Spam’ if the call got routed to a node in vulnerable TDM switch holes during the call path that dropped the SHAKEN certificate. By the time the call reaches its destination, the associated attestation level is no longer present and terminating analytics engines will do their best to figure out what kind of number it is. If the caller is unrecognized, or if it has already been flagged as a ‘Spam’ number in the past, it could still receive a negative label.
R E S O U R C E S
Is it possible to guarantee A-level Attestation calls on your numbers, no matter what?
If the originating service provider knows the customer and all calls are generated on the network, then yes, they could sign calls with A-attestation all day long. But for that to happen, the originating service provider has to have a direct relationship with the client and issue that clients’ numbers.
In situations where a reseller is involved and a BPO or contact center is making the calls on behalf of a brand or company, then attesting level A would be much more difficult. This is because whoever is originating the call wouldn’t know who the actual party responsible for the content of the call is, and would likely attest it with B-level attestation.