FCC LICENSED CARRIER ·499 FILER ·STIR/SHAKEN CERTIFIED
SIPNEX
COMPLIANCE · STIR/SHAKEN

STIR/SHAKEN: the operator's guide —
from a carrier that signs its own calls.

Most STIR/SHAKEN content online is written by consultants, resellers, or CPaaS platforms that don't hold their own certificate. SIPNEX is the actual licensed carrier signing your calls with its own SP-KI keys. Every section below is implementation, not theory.

Talk to an Operator → Attestation deep-dive
01 · THE STANDARD

What STIR/SHAKEN actually is.

STIR — Secure Telephony Identity Revisited — is the IETF framework for cryptographically signing caller ID information, specified in RFC 8224, RFC 8225, and RFC 8226.

SHAKEN — Signature-based Handling of Asserted information using toKENs — is the ATIS/SIP Forum implementation that actually delivers STIR over SIP trunks. When people say "STIR/SHAKEN" they usually mean the SHAKEN profile running on production carrier networks, which is what the FCC has mandated for US carriers since June 2021.

The goal is narrow: verify that the phone number shown on an outbound call belongs to a caller who has the right to use it. The originating carrier signs the call with a private key tied to its FCC-issued Service Provider certificate. The terminating carrier validates the signature and reads the attestation level the originator claimed. The phone then displays — or blocks — accordingly.

What STIR/SHAKEN is not: it's not a consent mechanism, not a do-not-call replacement, not TCPA compliance, not a magic box that makes answer rates go up regardless of who you're calling. It's one layer of a multi-layer trust system. Treating it as anything more is a mistake.

02 · ATTESTATION

A, B, C: the three levels nobody explains clearly.

Every signed call carries an attestation level. Your answer rate depends on it. Here's what each level actually means — and which one SIPNEX delivers.

A

Full attestation

WHAT SIPNEX DELIVERS
WHEN IT'S GIVEN

Originating carrier has direct customer relationship AND verified the caller has authority to use the phone number.

WHAT HAPPENS ON THE PHONE

Terminating carriers display 'Verified Caller' with a checkmark. Highest answer rates.

B

Partial attestation

WHEN IT'S GIVEN

Originating carrier has direct customer relationship but cannot verify phone number authority.

WHAT HAPPENS ON THE PHONE

Neutral or unverified display. Measurable answer-rate drop vs A.

C

Gateway attestation

WHEN IT'S GIVEN

Originating carrier received the call from another network. Cannot attest to origin at all.

WHAT HAPPENS ON THE PHONE

Frequently displayed as 'Scam Likely' or 'Potential Spam.' Significant answer-rate penalty.

03 · WHY MOST PROVIDERS CAN'T GIVE YOU A

The reseller ceiling is B-level, and nobody tells you.

Most "VoIP providers" you can buy a SIP trunk from are not carriers. They're resellers or CPaaS platforms sitting on top of an actual carrier. The call path looks like this:

Your dialer → Reseller platformUpstream carrier (signs here) → PSTN

The problem is that the upstream carrier signing the call has a relationship with the reseller — not with you. It doesn't know your business, doesn't know which numbers you're authorized to use, can't verify number authority on your behalf. So it signs at B-level — "I know my reseller customer, but I can't attest to their customer's phone number authority."

B-level is the ceiling for calls originated through a reseller. You can have perfect TCPA compliance, clean DNC scrubbing, legitimate consent — it doesn't matter. The signature will still say B because the carrier holding the pen doesn't have the information needed to sign A.

This is why most dialer operators report a mysterious answer-rate drift as their volume scales. It's not mysterious. It's the attestation ceiling catching up with their call patterns.

04 · SIPNEX IMPLEMENTATION

We hold the certificate. We sign your calls ourselves.

SIPNEX is the licensed carrier in the call path. Not a reseller wrapper. Not a CPaaS abstraction over someone else's trunk. Our name is on the FCC filing. Our private key is on the signature.

That means three things your current provider probably can't offer:

  • Direct A-level attestation — Because the direct customer relationship is with you (not with a middleman), we can attest to your authority over the phone numbers you dial from.
  • Direct RMD filing — We're in the Robocall Mitigation Database as a primary filer, not under an umbrella.
  • Signature reputation we own — Our SP-KI reputation is ours to protect. We actively manage it. Bad actors don't last on our network because the reputational cost is on our company, not some distant upstream.
YOUR CALL PATH ON SIPNEX
STEP 1
Your VICIdial instance places outbound call
STEP 2 · SIGNED HERE
SIPNEX signs with our SP-KI certificate at A-level
STEP 3
PSTN validates signature · recipient phone displays "Verified Caller"
05 · ROBOCALL MITIGATION

FCC Robocall Mitigation Database.

Every US carrier is required to be listed in the FCC's Robocall Mitigation Database with a filed robocall mitigation plan. SIPNEX is a direct filer. Our plan covers number authority verification, suspicious traffic detection, customer vetting, and incident response.

Read our mitigation approach →
06 · TCPA INTERACTION

STIR/SHAKEN is not TCPA.

A-level attestation doesn't make your campaign TCPA-compliant, and TCPA compliance doesn't give you A-level attestation. They operate at different layers. You need both: the right carrier signing your calls, and your own policy for consent, DNC, and calling hours.

TCPA compliance guide →
FREQUENTLY ASKED

About STIR/SHAKEN implementation.

What is STIR/SHAKEN?
STIR/SHAKEN is a pair of industry standards that use cryptographic signing to verify caller ID authenticity on outbound phone calls. STIR (Secure Telephony Identity Revisited) is the underlying IETF framework defined in RFCs 8224, 8225, and 8226. SHAKEN (Signature-based Handling of Asserted information using toKENs) is the ATIS/SIP Forum implementation that delivers STIR over SIP trunks. Together they let originating carriers attest that the caller is authorized to use the number they're calling from, and let terminating carriers validate that attestation before the call rings.
What does 'attestation level' mean?
Attestation is the originating carrier's statement about how confident it is that the caller is using a phone number they have the right to use. There are three levels: A (full), B (partial), and C (gateway). The level is baked into the cryptographic signature and travels with the call. Terminating carriers and handsets read the attestation to decide whether to display 'Verified Caller,' show a neutral label, or flag the call as potentially spoofed.
What's the difference between A, B, and C level attestation?
A-level means the originating carrier has a direct customer relationship with the caller AND has verified the caller has authority to use the phone number on the call. B-level means the carrier has the customer relationship but can't verify the number authority. C-level means the call came in through a gateway from another network — the carrier is just passing it along and can't attest to origin. A-level calls get 'Verified Caller' display treatment on major carriers; B and C don't.
Why does attestation level matter for my answer rate?
Terminating carriers increasingly use attestation level to decide whether to display caller ID honestly, show a spam warning, or silently block. An A-level call can show up as 'Verified Caller' with a green checkmark. A B-level call often shows neutral. C-level calls frequently get 'Scam Likely' or 'Potential Spam' overlays. The difference in answer rate between A and C can be 30% or more on identical dialing patterns.
Does SIPNEX provide A-level attestation?
Yes, directly. SIPNEX holds its own STIR/SHAKEN Service Provider certificate (SP-KI), is a direct filer in the FCC Robocall Mitigation Database, and signs every outbound call we originate using our own keys. There is no upstream carrier in the signing path.
Do I need to file anything with the FCC as a SIPNEX customer?
As a customer purchasing SIP trunk service from SIPNEX, you don't personally file with the FCC — SIPNEX, as the licensed carrier, handles the 499 contribution and the Robocall Mitigation Database filing. If you are yourself operating as a carrier or reseller, your FCC obligations depend on your specific status; we can walk through that on a call.
How does STIR/SHAKEN interact with TCPA compliance?
STIR/SHAKEN is a carrier-layer cryptographic attestation. TCPA is a federal consumer protection law covering consent, do-not-call lists, calling hours, and caller ID accuracy obligations. They overlap but don't substitute: A-level attestation doesn't mean your campaign is TCPA compliant. You need both — STIR/SHAKEN from a carrier that signs directly, and your own TCPA policy at the campaign level.
What happens if I try to spoof caller ID on your network?
If you present a phone number on outbound that you haven't verified authority to use with us, we'll sign the call at B-level instead of A. Worse, if the pattern looks like illegal spoofing, we'll flag it and can suspend service. Our incentive as a carrier is to keep our SP-KI reputation clean.

Stop accepting B-level as the ceiling.

If your current answer rate feels capped and you can't figure out why, the answer is usually in the attestation your carrier can give you. Move to a carrier that holds its own certificate. Move to SIPNEX.

Talk to an Operator → Review SIP Trunk Service