Recent STIR/SHAKEN statistics
We’ve looked at call statistics from our ClearIP customers for the last 45 days to see whether they’re getting many calls that were signed using STIR/SHAKEN. Here’s what we found.
Verification statuses
What proportion of terminated calls were signed? Of the signed calls, were there any verification errors?
| Verification status | Proportion of all calls received by ClearIP customers |
|---|---|
| No PASSporT | 97.149131% |
| Successful | 2.829892% |
| Certificate chain error | 0.013079% |
| Calling number mismatch | 0.003335% |
| Invalid info parameter in Identity header | 0.003049% |
| Called number mismatch | 0.001151% |
| Certificate repository error | 0.000280% |
| Invalid iat in PASSporT | 0.000052% |
| Invalid orig in PASSporT | 0.000033% |
| 100.000000% |
Of the calls received by ClearIP customers, fewer than 3% had a PASSporT.
Most of the PASSporTs with a verification status of Certificate chain error were signed with a self-signed certificate.
Most of the PASSporTs with a verification status of Calling number mismatch had a valid number in the orig claim of the PASSporT but had anonymous in the From and/or P-Asserted-Identity header.
Most of the PASSporTs with a verification status of Invalid info parameter in Identity header had an info paramater that contained an HTTP URL instead of an HTTPS URL.
Attestation levels
What attestation levels are originating service providers using?
| Attestation level | Attestation proportions |
|---|---|
| A | 98.919207% |
| B | 0.731490% |
| C | 0.349303% |
| 100.000000% |
Of the successfully verified calls received by ClearIP customers, more than 98% had an attestation level of A.
SHAKEN call proportions by originating service provider
Which originating service providers are sending signed calls? Of all successfully verified calls received by ClearIP customers, which OSPs originated the most signed calls?
| Originating Service Provider Code | LERG company name | Certificate repository domain | Proportion of all successfully verified calls |
|---|---|---|---|
| 6529 | T-MOBILE USA, INC. | cert.stir.t-mobile.com | 89.066747% |
| 7610 | COMCAST PHONE OF CALIFORNIA, LLC - CA | sticr.stir.comcast.com | 7.846095% |
| 5807 | CELLCO PARTNERSHIP DBA VERIZON WIRELESS - NE | sti.verizon.com | 0.995249% |
| 551G | BRIGHTLINK COMMUNICATIONS, LLC | certificates.transnexus.com | 0.800476% |
| 1642 | ALLIANCE COMMUNICATIONS COOPERATIVE, INC. (BALTIC) | certificates.clearip.com | 0.275487% |
| 1640 | ARMOUR INDEPENDENT TEL CO DBA GOLDEN WEST TELCOMM | certificates.clearip.com | 0.245363% |
| 583j | BROADBAND DYNAMICS, LLC | cr.sansay.com | 0.161429% |
| 502J | PIRATEL LLC | certificates.piratel.com | 0.157290% |
| 7661 | COX CALIFORNIA TELCOM, LLC - CA | cr.ccid.neustar.biz | 0.083934% |
| 224C | ONVOY, LLC | cr-partner.ccid.neustar.biz | 0.078415% |
| 073H | TELNYX LLC | certificates.transnexus.com | 0.069677% |
| 1669 | TRIOTEL COMMUNICATIONS, INC. | certificates.clearip.com | 0.060708% |
| 324E | YMAX COMMUNICATIONS CORP. - NV | sns.magicjack.com | 0.037023% |
| 506J | TWILIO INTERNATIONAL INC | cr.ccid.neustar.biz | 0.032884% |
| 1680 | VENTURE COMMUNICATIONS COOPERATIVE | certificates.clearip.com | 0.028055% |
| 548J | QUALITY VOICE & DATA INC | certificates.clearip.com | 0.020006% |
| 5113 | CONSOLIDATED COMM OF NO. NEW ENGLAND-NH | cr.sansay.com | 0.017017% |
| 672B | CLEAR RATE COMMUNICATIONS - ULEC - MI | certificates.clearip.com | 0.010578% |
| 469A | T3 COMMUNICATIONS, INC. - FL | certificates.clearip.com | 0.005059% |
| 599J | TECHNOLOGY INNOVATION LAB LLC | certificates.clearip.com | 0.002070% |
| 8091 | SASKATCHEWAN TELEPHONE COMPANY | certificates.clearip.com | 0.002070% |
| 7459 | HANCOCK COMMUNICATIONS, INC. - IN | certificates.clearip.com | 0.001840% |
| 363A | IDT AMERICA CORPORATION | cr.sansay.com | 0.001380% |
| 610J | MULTITEL LLC | certificates.clearip.com | 0.000460% |
| 0127 | WINN TELEPHONE COMPANY DBA WINN TELECOM - MI | certificates.clearip.com | 0.000460% |
| 0546 | SANDHILL TELEPHONE COOPERATIVE, INC. | certificates.clearip.com | 0.000230% |
| 100.000000% |
Note that the above data reflect both call volume and SHAKEN activity. The data show the proportion of successfully verified calls received by ClearIP customers for each originating service provider as a percentage of all successfully verified calls. If a small number of calls were received from an originating service provider, then percentage of successfully verified calls received by ClearIP customers would be low, even if the originating service provider signed a high percentage of their outbound calls.
The above data include only originating service providers that had at least one successfuly verified call received by a ClearIP customer.
Certificate repositories
What are typical certificate latencies, i.e., time-to-fetch, and why?
| Certificate repository domain | Cache hit percentage | Average latency including cache hits (milliseconds) | Average latency excluding cache hits (milliseconds) | Cache-Control header time (seconds) |
|---|---|---|---|---|
| sti.verizon.com | 99.838225% | 0.028426 | 17.571428 | 604800 |
| cert.stir.t-mobile.com | 99.986831% | 0.047260 | 358.862740 | 86400 |
| certificates.transnexus.com | 99.735729% | 0.072674 | 27.500000 | 31536000 |
| certificates.clearip.com | 97.252554% | 1.753787 | 63.833333 | 31536000 |
| sticr.stir.comcast.com | 97.074515% | 7.350003 | 251.240480 | none |
| sns.magicjack.com | 40.372671% | 34.875776 | 58.489583 | none |
| certificates.piratel.com | 61.403509% | 46.271930 | 119.886363 | none |
| cr-partner.ccid.neustar.biz | 57.771261% | 69.715543 | 165.090277 | none |
| cr.sansay.com | 65.089514% | 91.938619 | 263.355311 | none |
| cr.ccid.neustar.biz | 43.503937% | 95.675197 | 169.348432 | none |
Retrieving a certificate from a certificate repository takes time, or latency, which increases Post-Dial Delay (PDD). If a certificate is cached by the STI-VS, then it does not need to be retrieved.
A certificate repository can be configured to provide a Cache-Control HTTP header, which tells the STI-VS how long to cache the certificate after retrieving it. If a certificate repository does not provide the Cache-Control header, the STI-VS does not cache the certificate or caches the certificate for only a short time.
Note that the ClearIP STI-VS caches certificates for 60 minutes if the Cache-Control header is not set by the certificate repository or if the Cache-Control header contains a value of less than 60 minutes.
Summary
- Fewer than 3% of calls were signed.
- Fewer than 0.75% of signed calls had verification errors.
- More than 98% of successfully verified calls had an attestation level of A.
- Successfully verified calls were received from 26 originating service providers.
- 60% of certificate repositories did not include the Cache-Control header.
TransNexus solutions
We offer STIR/SHAKEN and robocall mitigation solutions in our ClearIP and NexOSS software platforms. We can make your STIR/SHAKEN deployment a smooth process.
In addition, we help service providers with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing their certification with the FCC.
Contact us today to learn more.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy