What is STIR/SHAKEN?

STIR/SHAKEN is a telecom framework that cryptographically verifies the identity of a caller — letting receiving carriers tell whether the caller ID on an incoming call is actually authorized by the caller, or spoofed by someone impersonating a different number. It's the core tool U.S. carriers use to fight illegal robocalls, and it's required under the TRACED Act (2019) and FCC regulations (effective 2021 onward).

For a business making legitimate outbound calls, STIR/SHAKEN is the difference between your calls being trusted and passed through, or being flagged as "Spam Likely" and ignored.

What the acronym means

•STIR — Secure Telephony Identity Revisited. The technical standard developed by the IETF that defines how to cryptographically sign calls.

•SHAKEN — Signature-based Handling of Asserted information using toKENs. The ATIS/SIP Forum framework that defines how STIR is implemented in practice across U.S. carriers.

In common usage, "STIR/SHAKEN" refers to the complete framework.

How STIR/SHAKEN works

•When your originating carrier receives your outbound call, it looks at the caller ID number you're presenting

•It decides how confident it is that you're actually authorized to use that number, assigning an attestation level:

◦A (Full attestation) — the carrier knows you and knows the number is yours

◦B (Partial attestation) — the carrier knows you but isn't sure about the specific number

◦C (Gateway attestation) — the carrier doesn't know the originator; the call entered from another network

•The carrier cryptographically signs the call with its private key, along with the attestation level

•The receiving carrier verifies the signature using a public certificate and can display the result to the recipient

What STIR/SHAKEN attestation means for business calling

•A attestation — your calls are far more likely to connect without spam labels. Mobile carriers increasingly display "Verified" or similar checkmarks for A-attested calls.

•B attestation — mixed results. Some carriers treat B as nearly as trusted as A; others are more skeptical.

•C attestation — your calls are likely to be labeled as spam or blocked outright.

Getting A attestation requires your carrier to have verified that you're authorized to use every number you're calling from. This is why business-grade voice AI platforms register each of your outbound numbers with the carrier and verify the "right to use" before any calls are placed.

What STIR/SHAKEN does not do

•It doesn't stop spam calls — it only helps identify authentic callers

•It doesn't guarantee your call will be answered — the recipient's phone or apps may still choose to block or silence

•It doesn't verify that the content of the call is legitimate — only that the calling identity is authentic

•It doesn't apply uniformly everywhere — some international and older-network calls fall outside the system

What you should do as a business caller

•Register every outbound number with your carrier or voice AI platform

•Ensure you have A-level attestation before high-volume outbound campaigns

•Monitor your call labeling — carriers and third-party analytics engines can still flag high-volume calling as spam even with A attestation

•Combine STIR/SHAKEN with correct CNAM, warmed-up calling patterns, and a good reputation with carrier analytics engines

Related concepts

•CNAM (Caller ID Name) — the name displayed alongside your verified number

•"Spam Likely" labels — what happens when STIR/SHAKEN or other signals fail

•The TCPA — the broader U.S. law STIR/SHAKEN supports

•Call deliverability & reputation help collection

See it in action

Outbound calls from the Receptionist Agent at 365agents are signed at A attestation by default. If you operate your own calling beyond our platform, we also provide guidance on getting STIR/SHAKEN A attestation with your carrier — see the deliverability articles in this help center.