May 2021 STIR/SHAKEN statistics
With the June 30 SHAKEN deadline rapidly approaching, we’ve looked at call statistics from our ClearIP customers to see whether they’re getting many calls that were signed using STIR/SHAKEN. We looked at similar statistics in March and April. Let’s have a look at what we found and what’s changed.
There are quite a few voice service providers using ClearIP to verify SHAKEN calls. This provides a good barometer of SHAKEN activity across the industry.
Verification statuses
What proportion of terminated calls were signed? Of the signed calls, were there any verification errors?
| Verification status | Mar–Apr | May | Difference |
|---|---|---|---|
| No PASSporT | 97.149131% | 93.624665% | -3.524466% |
| Successful | 2.829892% | 6.195567% | 3.365675% |
| Certificate chain error | 0.013079% | 0.100030% | 0.086951% |
| Called number mismatch | 0.001151% | 0.064497% | 0.063346% |
| Calling number mismatch | 0.003335% | 0.012633% | 0.009298% |
| Invalid info parameter in Identity header | 0.003049% | 0.001455% | -0.001594% |
| Certificate repository error | 0.000280% | 0.000918% | 0.000638% |
| Invalid iat in PASSporT | 0.000052% | 0.000173% | 0.000121% |
| Invalid orig in PASSporT | 0.000033% | 0.000060% | 0.000027% |
| 100.000000% | 100.000000% |
Highlights:
- Of the calls received by ClearIP customers, more than 6% had a PASSporT. This is a significant improvement over March/April, where fewer than 3% had a PASSporT.
- In March–April, 0.02% of signed calls generated verification errors. In May, 0.18% of signed calls generated verification errors. The error rates were small, but increased by a factor of 9.
- Most of the PASSporTs with a verification status of Certificate chain error were signed with a self-signed certificate.
- Most of the PASSporTs with a verification status of Called number mismatch had an invalid number in the dest claim of the PASSporT.
- Most of the PASSporTs with a verification status of Calling number mismatch had a valid number in the orig claim of the PASSporT but had anonymous in the From and/or P-Asserted-Identity header.
Attestation levels
What attestation levels are originating service providers using?
| Attestation level | Mar–Apr | May | Difference |
|---|---|---|---|
| A | 98.919207% | 98.656891% | -0.262316% |
| B | 0.731490% | 0.982837% | 0.251347% |
| C | 0.349303% | 0.360271% | 0.010968% |
| 100.000000% | 100.000000% |
Of the successfully verified calls received by ClearIP customers, more than 98% had an attestation level of A. This is nearly identical to what was seen in March/April.
SHAKEN participation by originating service provider
Which originating service providers are sending signed calls? Of all successfully verified calls received by ClearIP customers, which OSPs originated the most signed calls? (Note that these figures are the proportion of all successfully verified calls, not all calls.)
| Originating Service Provider Code | LERG company name | Certificate repository domain | Mar–Apr | May |
|---|---|---|---|---|
| 5807 | CELLCO PARTNERSHIP DBA VERIZON WIRELESS - NE | sti.verizon.com | 0.995249% | 46.335284% |
| 6529 | T-MOBILE USA, INC. | cert.stir.t-mobile.com | 89.066747% | 46.221353% |
| 7610 | COMCAST PHONE OF CALIFORNIA, LLC - CA | sticr.stir.comcast.com | 7.846095% | 2.757739% |
| 1640 | ARMOUR INDEPENDENT TEL CO DBA GOLDEN WEST TELCOMM | certificates.clearip.com | 0.245363% | 1.037564% |
| 1642 | ALLIANCE COMMUNICATIONS COOPERATIVE, INC. (BALTIC) | certificates.clearip.com | 0.275487% | 0.617668% |
| 1669 | TRIOTEL COMMUNICATIONS, INC. | certificates.clearip.com | 0.060708% | 0.433753% |
| 1680 | VENTURE COMMUNICATIONS COOPERATIVE | certificates.clearip.com | 0.028055% | 0.410939% |
| 5606 | CHARTER FIBERLINK CCO, LLC | shaken.spectrum.com | 0.310023% | |
| 551G | BRIGHTLINK COMMUNICATIONS, LLC | certificates.transnexus.com | 0.800476% | 0.297846% |
| 583j | BROADBAND DYNAMICS, LLC | cr.sansay.com | 0.161429% | 0.201830% |
| 599J | TECHNOLOGY INNOVATION LAB LLC | certificates.clearip.com | 0.002070% | 0.184754% |
| 224C | ONVOY, LLC | cr-partner.ccid.neustar.biz | 0.078415% | 0.182235% |
| 1676 | SANTEL COMMUNICATIONS COOPERATIVE, INC.-SD | certificates.clearip.com | 0.181115% | |
| 674J | certificates.clearip.com | 0.136606% | ||
| 8826 | LEVEL 3 COMMUNICATIONS, LLC - CA | cr.ccid.neustar.biz | 0.126529% | |
| 506J | TWILIO INTERNATIONAL INC | cr.ccid.neustar.biz | 0.032884% | 0.095876% |
| 502J | PIRATEL LLC | certificates.piratel.com | 0.157290% | 0.071522% |
| 1674 | RC TECHNOLOGIES | certificates.clearip.com | 0.064384% | |
| 073H | TELNYX LLC | certificates.transnexus.com | 0.069677% | 0.056126% |
| 7661 | COX CALIFORNIA TELCOM, LLC - CA | cr.ccid.neustar.biz | 0.083934% | 0.035131% |
| 996H | AIRESPRING INC | cr.sansay.com | 0.034711% | |
| 7804 | TDS METROCOM INC. - WI | sti-cr.cgah.tnsi.com | 0.029953% | |
| 696J | cr.sansay.com | 0.029813% | ||
| 1649 | BERESFORD MUNICIPAL TELEPHONE CO. | certificates.clearip.com | 0.027713% | |
| 363A | IDT AMERICA CORPORATION | cr.sansay.com | 0.001380% | 0.020715% |
| 0546 | SANDHILL TELEPHONE COOPERATIVE, INC. | certificates.clearip.com | 0.000230% | 0.019175% |
| 324E | YMAX COMMUNICATIONS CORP. - NV | sns.magicjack.com | 0.037023% | 0.018196% |
| 6349 | UNITED STATES CELLULAR CORP. - OREGON | crs.sti.uscellular.com | 0.017076% | |
| 745B | CROCKER TELECOMMUNICATIONS, LLC - MA | certificates.clearip.com | 0.011617% | |
| 5113 | CONSOLIDATED COMM OF NO. NEW ENGLAND-NH | cr.sansay.com | 0.017017% | 0.005739% |
| 0127 | WINN TELEPHONE COMPANY DBA WINN TELECOM - MI | certificates.clearip.com | 0.000460% | 0.004479% |
| 1653 | CITY OF FAITH MUNICIPAL TELEPHONE CO. | certificates.clearip.com | 0.004339% | |
| 548J | QUALITY VOICE & DATA INC | certificates.clearip.com | 0.020006% | 0.002379% |
| 469A | T3 COMMUNICATIONS, INC. - FL | certificates.clearip.com | 0.005059% | 0.002379% |
| 7785 | GCI COMMUNICATION CORP. DBA GENERAL COMMUNICATION | sti-cr.cgah.tnsi.com | 0.002239% | |
| 997E | BANDWIDTH.COM CLEC, LLC - NY | bw-shaken-cert-pub.s3.amazonaws.com | 0.001540% | |
| 727J | certificates.clearip.com | 0.001540% | ||
| 7615 | RCN TELECOM SERVICE OF PENNSYLVANIA, INC. | sti-cr.cgah.tnsi.com | 0.001120% | |
| 610J | MULTITEL LLC | certificates.clearip.com | 0.000460% | 0.001120% |
| 7459 | HANCOCK COMMUNICATIONS, INC. - IN | certificates.clearip.com | 0.001840% | 0.000980% |
| 8812 | SOUTH DAKOTA NETWORK, LLC | certificates.clearip.com | 0.000980% | |
| 1088 | WABASH TELEPHONE COOPERATIVE, INC. | certificates.clearip.com | 0.000840% | |
| 672B | CLEAR RATE COMMUNICATIONS - ULEC - MI | certificates.clearip.com | 0.010578% | 0.000840% |
| 691A | DAYSTARR, LLC DBA DAYSTARR COMMUNICATIONS - MI | certificates.clearip.com | 0.000700% | |
| 9107 | DIGITAL AGENT, LLC - GA | certificates.clearip.com | 0.000700% | |
| 2116 | MUENSTER TELEPHONE CORP. OF TEXAS DBA NORTEX COMM | certificates.clearip.com | 0.000280% | |
| 700H | METRO FIBERNET, LLC | certificates.clearip.com | 0.000140% | |
| 366G | USA DIGITAL COMMUNICATIONS, INC. | certificates.clearip.com | 0.000140% | |
| 495J | STRATUS NETWORKS | certificates.clearip.com | 0.000140% | |
| 1442 | NEW ULM TELECOM, INC. | cr-partner.ccid.neustar.biz | 0.000140% | |
| 100.000000% | 100.000000% |
We went from 26 originating service providers that sent signed traffic in March/April to 50 in May. New participants do not have a number in the March column. It’s s a big jump, but we expected more so close to the June 30 deadline.
Because access to numbers is no longer a requirement to receive and Service Provider Code token, some Service Provider Codes are not in the LERG. We left the LERG company name blank for those providers in this table.
Note that the above data reflects both call volume and SHAKEN activity. The data shows the proportion of successfully verified calls received by ClearIP customers for each originating service provider as a percentage of all successfully verified calls.
If a small number of calls were received from an originating service provider, then percentage of successfully verified calls received by ClearIP customers would be low, even if the originating service provider signed a high percentage of their outbound calls.
The above data includes only originating service providers that had at least one successfuly verified call received by a ClearIP customer.
Certificate repositories
What are typical certificate latencies, i.e., time-to-fetch, and why? This was one of the most surprising results in the March/April statistics, and it continues to this day. Several Certificate Repositories are adding significant latency and post dial delay to calls because they are not set up to use cache control.
| Certificate repository domain | Cache hit percentage | Average latency including cache hits (milliseconds) | Average latency excluding cache hits (milliseconds) | Cache-Control header time (seconds) |
|---|---|---|---|---|
| sti.verizon.com | 99.994865% | 0.001111 | 21.647058 | 604800 |
| certificates.transnexus.com | 99.762752% | 0.062870 | 26.500000 | 31536000 |
| cert.stir.t-mobile.com | 99.980014% | 0.065423 | 327.348484 | 86400 |
| certificates.clearip.com | 99.319577% | 0.492217 | 72.339869 | 31536000 |
| shaken.spectrum.com | 95.756208% | 6.064108 | 142.893617 | none |
| sticr.stir.comcast.com | 96.827894% | 7.916763 | 249.574400 | none |
| cr.sansay.com | 96.175908% | 10.263384 | 268.387500 | 86400 |
| cr-partner.ccid.neustar.biz | 85.571757% | 27.346124 | 189.531914 | none |
| bw-shaken-cert-pub.s3.amazonaws.com | 18.181818% | 28.181818 | 34.444444 | none |
| certificates.piratel.com | 67.710372% | 28.315068 | 87.690909 | none |
| sns.magicjack.com | 52.307692% | 31.661538 | 66.387096 | 3600 |
| crs.sti.uscellular.com | 67.213115% | 47.418032 | 144.625000 | none |
| cr.ccid.neustar.biz | 70.054348% | 50.494021 | 168.618874 | none |
| sti-cr.cgah.tnsi.com | 55.882353% | 78.235294 | 177.333333 | none |
Retrieving a certificate from a certificate repository takes time, or latency, which increases Post-Dial Delay (PDD). If a certificate is cached by the STI-VS, then it does not need to be retrieved.
A certificate repository can be configured to provide a Cache-Control HTTP header, which tells the STI-VS how long to cache the certificate after retrieving it. If a certificate repository does not provide the Cache-Control header, the STI-VS does not cache the certificate or caches the certificate for only a short time.
Note that the ClearIP STI-VS caches certificates for 60 minutes if the Cache-Control header is not set by the certificate repository or if the Cache-Control header contains a value of less than 60 minutes.
Summary
- More than 6% of calls were signed. This is a significant improvement over March/April, where fewer than 3% had a PASSporT.
- Fewer than 3% of signed calls had verification errors. This is significantly higher than March/April. The vast majority of the signed calls with verification errors were due to self-signed certificates.
- More than 98% of successfully verified calls had an attestation level of A. This is nearly identical to what was seen in March/April.
- Successfully verified calls were received from 50 originating service providers. This is almost double the number of unique Service Provider Codes seen during March/April.
- More than 55% of certificate repositories did not include the Cache-Control header. This is slightly lower than March/April.
TransNexus solutions
We offer STIR/SHAKEN and robocall mitigation solutions in our ClearIP and NexOSS software platforms. We can make your STIR/SHAKEN deployment a smooth process.
In addition, we help service providers with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing their certification with the FCC.
Contact us today to learn more.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy