FCC LICENSED CARRIER ·499 FILER ·STIR/SHAKEN CERTIFIED
SIPNEX
← BACK TO BLOG
STIR-SHAKENATTESTATIONCARRIER

Why Reseller VoIP Can't Give A-Level Attestation

SIPNEX ·

Your VoIP provider told you they support STIR/SHAKEN. They do. What they did not tell you is that “supporting STIR/SHAKEN” and “providing A-level attestation” are not the same thing. Most VoIP providers are resellers — they purchase trunk capacity from an upstream carrier like Bandwidth and resell it to you with a markup. When your call reaches the upstream carrier for STIR/SHAKEN signing, the upstream carrier signs at B-level because it has no direct relationship with you. It knows its customer (the reseller). It does not know you.

This is not a configuration problem. It is not a feature your reseller forgot to enable. It is a structural limitation of the reseller model that cannot be fixed without changing who holds the signing certificate. This article explains why, and what you can do about it.

How STIR/SHAKEN signing works

When a call is placed, the originating carrier signs it with a cryptographic attestation using its own SP-KI certificate. The attestation has three levels, as detailed in our A vs B attestation guide and STIR/SHAKEN technical deep dive:

A-level: The carrier verifies both the caller’s identity AND the caller’s authority over the phone number.

B-level: The carrier verifies the caller’s identity but NOT the caller’s authority over the specific number.

C-level: The carrier can only identify where the call entered its network.

The attestation level depends on what the signing carrier can independently verify. This is where the reseller model breaks down.

Why B-level is structural for resellers

Your reseller provisions DIDs to your account. Your reseller knows you. Your reseller has verified your identity and your authority over the numbers they assigned you. If your reseller held its own STIR/SHAKEN certificate, it could sign at A-level.

But most resellers do not hold their own SP-KI certificate. Obtaining a certificate requires FCC carrier authorization, RMD registration, and acceptance by the STI-PA (Policy Administrator). Most resellers do not have this infrastructure because they are sales and service companies, not carriers.

Instead, your call flows through the reseller’s system to the upstream carrier. The upstream carrier holds the SP-KI certificate and performs the signing. The upstream carrier asks: do I have a direct customer relationship with the entity that placed this call? Answer: yes — with the reseller, not with you. Can I verify the caller’s authority over the phone number? Answer: the reseller says the end customer is authorized, but I did not verify this independently.

The upstream carrier has two choices: sign at A-level based on the reseller’s assertion (accepting liability for an attestation claim it cannot independently verify) or sign at B-level (accurately reflecting that it verified the customer relationship but not the number authority). Most upstream carriers choose B-level because the liability risk of false A-level attestation falls on their certificate.

This is the structural gap. The entity that knows you (the reseller) does not hold the signing certificate. The entity that holds the certificate (the upstream carrier) does not know you. No amount of configuration, integration, or negotiation can bridge this gap within the reseller model — it is inherent to the architecture.

What B-level costs you

The practical impact of B-level attestation on your operation, as covered in our attestation comparison:

10 to 20 percent lower answer rates compared to A-level on the same leads. Carrier spam filters and analytics companies (Hiya, TNS, First Orion) use attestation level as an input to their scoring. B-level provides no protective benefit. A-level provides active positive signaling.

No “Verified Caller” badge. On T-Mobile and AT&T handsets that display verification indicators, only A-level calls qualify for the positive badge. B-level calls display without verification, which is functionally indistinguishable from unsigned calls on many handsets.

Faster reputation degradation. B-level calls start from a lower trust baseline. When combined with even moderate call volume or a few consumer complaints, the reputation math tips toward flagging faster than it would for A-level calls with identical calling patterns.

Revenue impact. On a campaign placing 100,000 calls per month, a 5 percentage point answer rate difference represents 5,000 additional live conversations. At a conservative 5 percent conversion rate and $100 average value, that is $25,000 per month. The per-minute cost difference between a reseller and a direct carrier is pennies. The revenue difference from attestation is thousands.

How to fix it

Option 1: Ask your reseller to upgrade. Some resellers have established technical integrations with their upstream carriers that enable A-level pass-through for verified numbers. This is rare but possible. Ask directly: “Will my calls receive A-level STIR/SHAKEN attestation? Can you provide documentation showing the attestation level on a test call?” If they cannot confirm A-level, the arrangement does not exist regardless of what they claim.

Option 2: Move to a direct carrier. On a direct carrier like SIPNEX, the entity that provisions your DIDs is the entity that signs your calls. There is no trust gap. We assigned the number to your account → we verified your authority → we sign at A-level. No intermediary. No data hand-off. No ambiguity.

The trunk migration takes a day of configuration work (change SIP proxy credentials in your PBX). Number porting takes 7 to 14 business days. You can run both carriers simultaneously during the transition. The cost of staying on B-level is measured in lost answer rate every day you continue dialing.

How to verify your current attestation level

Do not take your provider’s word for it. Verify independently:

  1. Ask for a signed SIP trace. Request a packet capture of an outbound call showing the Identity header. Decode the JWT and check the “attest” field. If it says “B”, you have your answer.

  2. Call a T-Mobile phone from your outbound DID. If a “Verified” badge appears, you are likely A-level. No badge does not definitively prove B-level (not all phones display the badge), but a badge confirms A-level.

  3. Check with your carrier directly. “Do you hold your own STIR/SHAKEN SP-KI certificate?” If yes, ask how they verify number authority for your account. If no, they are a reseller and your calls are B-level.

Frequently asked questions

Can any reseller provide A-level attestation?

In theory, a reseller can arrange A-level attestation if their upstream carrier agrees to trust the reseller’s number authorization data. In practice, this is uncommon. Most upstream carriers are unwilling to sign at A-level based solely on a reseller’s assertion because the liability for false attestation falls on the signing carrier’s certificate. A small number of resellers have obtained their own SP-KI certificates (effectively becoming carriers for signing purposes), but this is the exception. The reliable path to A-level is a direct carrier that provisions your DIDs and signs with its own certificate.

How do I know if my VoIP provider is a reseller?

Ask two questions: “Do you hold your own FCC carrier authorization?” and “Do you hold your own STIR/SHAKEN Service Provider certificate?” If the answer to either is no, they are a reseller. You can verify independently: FCC licenses are searchable on the FCC’s Universal Licensing System. STIR/SHAKEN certificates are tracked by the STI-GA. If the provider is not in these databases, they are reselling another carrier’s infrastructure and your calls are being signed at B-level by the upstream carrier.

Is B-level attestation always bad?

B-level is not “bad” in the sense that it causes calls to be blocked. B-level calls complete normally. But B-level provides no protective benefit from carrier spam filters and analytics scoring. A-level actively helps — it signals to terminating carriers that a licensed carrier verified the caller’s authority. B-level signals that the carrier knows its customer but cannot verify number authority. In the increasingly aggressive spam-filtering environment of 2026, “no protective benefit” effectively means “disadvantage” because your calls are competing against other calls that do have A-level. The answer rate difference is real and measurable.

SIPNEX is a direct carrier that signs your calls with its own SP-KI certificate. Every DID we provision gets A-level attestation — no reseller middleman, no B-level compromise. Switch to A-level or see our rates.

RELATED ARTICLES

Keep Reading

STIR-SHAKEN
A-Level vs B-Level STIR/SHAKEN Attestation
COMPARISON
Bandwidth vs Telnyx vs SIPNEX Compared
PREDICTIVE-DIALER
How to Choose a VoIP Carrier for Dialers

SIPNEX

FCC-licensed carrier with its own STIR/SHAKEN SP certificate. Operator-owned. SIP trunks built for operators who dial at volume.

Talk to an Operator See Pricing →