Robocall trends in the new SHAKEN era

Robocalls in the U.S. were up 3.3% in October, according to the YouMail Robocall index. Are SHAKEN and robocall mitigation working? What does the future hold? Let’s have a look.

The numbers

Robocalls in the U.S. were up in October

Figure 1: Robocalls Were Up in October

Here are the monthly robocall numbers for the past six months:

MonthRobocallsChange
May 20213,991,129,400-9.9%
Jun 20214,441,444,30011.3%
Jul 20214,426,771,600-0.3%
Aug 20214,059,014,700-8.3%
Sep 20213,963,471,100-2.4%
Oct 20214,093,788,2003.3%

Is SHAKEN making a difference?

SHAKEN Verification Status Since April

Figure 2. SHAKEN Verification Status Since April

We’ve seen SHAKEN call signing starting to level off at around 25% of calls signed. Unfortunately, SHAKEN won’t be much help with only 25% of calls signed.

Calls and Robocalls by SHAKEN Verification Status – July–September 2021

Figure 3. Calls and Robocalls by SHAKEN Verification Status – July–September 2021

We’ve also seen a consistent pattern of robocalls being signed with partial (B) and gateway (C) attestation. These calls are more likely to be robocalls than unsigned calls!

What’s going on here?

Some service providers have filed their certification in the Robocall Mitigation Database (RMD) claiming a complete SHAKEN implementation.

These providers haven’t implemented anything. They aren’t on the list of SHAKEN approved service providers maintained by the STI Policy Administrator.

As of this writing, there are 2,761 filings in the RMD (U.S. only, no intermediates) that claim a SHAKEN implementation. There are 390 SHAKEN authorized providers listed on the STI-PA website.

Some of the difference is because the STI-PA list is consolidated, while many providers filed separate certifications in the RMD. But this doesn’t begin to account for all the difference. There are many SHAKEN certifications that cannot be matched with any SHAKEN authorized provider.

How can they do SHAKEN if they aren’t approved? They aren’t doing SHAKEN. They’re getting a downstream provider to sign their calls for them. The downstream provider uses its own SHAKEN credentials, not the SHAKEN credentials of the originating service provider (who doesn’t have SHAKEN credentials).

This is not how the SHAKEN framework was designed. But it is how illegal robocalls are surviving in the early days of SHAKEN.

ascending graph

Is robocall mitigation working?

Voice service providers that aren’t doing SHAKEN are required to do robocall mitigation. How’s that going? Judging by the October numbers, not so well.

Why not?

The FCC Enforcement Bureau recently sent cease-and-desist orders to three voice service providers for originating and transiting illegal robocalls. This story explains how robocall mitigation can fall short.

These three service providers represented each of the three types of SHAKEN implementation types that can be claimed in a robocall mitigation certification filing: no SHAKEN, partial SHAKEN, and complete SHAKEN. With either no SHAKEN or partial SHAKEN, a filer is required to provide a robocall mitigation plan.

The plans provided by these providers were very weak. Robocall mitigation didn’t work because, well, they really weren’t doing much of that.

Remedies

Here are a few things we believe should happen for SHAKEN and robocall mitigation to fulfill its promise:

  1. The downstream signing provider loophole must be closed. A voice service provider cannot claim a SHAKEN implementation if they are not approved to do SHAKEN.
  2. SHAKEN participation must be extended. 25% is too low.
    • The FCC should begin to phase out the non-IP SHAKEN extension, now that we have SHAKEN for TDM standardized methods available.
  3. Robocall mitigation should be done with SHAKEN. It should be both, not either/or.
    • Robocall mitigation doesn’t work as well when the calling number is spoofed. You need SHAKEN too.
    • SHAKEN is intended for caller ID authentication, not robocall mitigation. You need robocall mitigation too.
    • You need both, working together, to identify and stop illegal robocalls.

TransNexus solutions

We offer STIR/SHAKEN and robocall mitigation solutions in our ClearIP and NexOSS software platforms. We can make your STIR/SHAKEN deployment a smooth process.

In addition, we can help with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing your certification with the FCC.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.