Spam robocalls and SHAKEN attestation
We’ve analyzed the relationship between spam robocalls and SHAKEN attestation during the first three weeks after the SHAKEN mandate. Here’s what we found.
Data collected and analyzed
We gathered summarized data for calls terminated by voice service providers using our ClearIP software. The data share the following attributes:
- Call data is grouped by the following attributes:
- SHAKEN attestation level (A – Full, B – Partial, C – Gateway, Unsigned)
- Service Provider Code (SPC) that originated signed calls
- For each attestation level, including unsigned, we calculated the following:
- Signed calls as a percentage of all calls
- Percentage of calls that were identified as robocalls by call analytics
The following chart shows some surprising results.
In this chart, the orange bars show the percentage of all calls that fell into the different SHAKEN attestation levels or were unsigned. The left vertical axis provides the corresponding percentages for these bars.
The blue line shows the robocalls as a percentage of all calls that fell into the different SHAKEN attestation levels or were unsigned. The right vertical axis provides the corresponding percentages for points on this line.
There are some interesting results here:
- About 15% of calls were signed and 85% were unsigned. SHAKEN participation continues to grow.
- Most SHAKEN calls were signed with Full A attestation.
- 3.16% of unsigned calls were robocalls.
- 0.84% of calls signed with Full A attestation were robocalls.
This is a striking result, for a few reasons:
- As expected, robocalls are much more prevalent among unsigned calls than among calls with Full A attestation.
- However, some calls signed with Full A attestation are still robocalls.
“But wait—signed calls aren’t robocalls, right?” Not exactly. Full attestation just means the originating service provider (OSP) vouched that the calling number isn’t spoofed. It could still be a robocall.
“If the OSP does SHAKEN, then they don’t have to do robocall mitigation, right?” Not quite. While the FCC requires OSPs to certify that they are either doing SHAKEN or robocall mitigation for calls they originate, the Fourth Report and Order on Unlawful Robocalls also requires them to “implement effective measures to prevent new and renewing customers from originating illegal calls.”
We expect pressure will mount on service providers to do robocall mitigation on calls they sign, especially with full attestation. It wouldn’t look good for subscribers to receive spam robocalls that have the [V] in caller display name and/or a check mark. It wouldn’t look good to be the OSP responding to robocall traceback that signed the robocalls.
You may have noticed a large spike in the blue line, % robocalls, for calls with Partial B attestation. In fact, 7.33% of such calls were robocalls. What’s going on there?
This is an interesting result. We looked closely at robocalls by OSP and found that many of them were signed with Partial B attestation by “downstream signers,” a term we coined in our blog post on SHAKEN attestation statistics for early July 2021. These are voice service providers that sign calls for their upstream service provider customers. They sign most of such calls with Partial B attestation. There were some spam robocalls in there.
This raises questions. Who is responsible for such calls? The downstream provider that signed them? The upstream provider that originated them?
The FCC SHAKEN orders say that entities that originate voice service calls are required to use SHAKEN, albeit with some extensions allowed, else use robocall mitigation.
However, many of these providers have outsourced SHAKEN signing to downstream providers that sign calls for them with Partial B attestation. Some of these upstream providers have filed certifications in the Robocall Mitigation Database asserting that they’ve implemented Complete SHAKEN. Now we see data that show spam robocalls are being originated and signed in such scenarios.
This isn’t working as intended. We expect that actions will be taken to sort this out.
In addition, we help service providers with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing their certification with the FCC.
Contact us today to learn more.
This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.
Our STIR/SHAKEN products:
- Most affordable commercial solutions
- Work with your existing network
- Include support with deployment