Webinar recording — STIR/SHAKEN deployment made easy

Small voice service providers and gateway providers must implement STIR/SHAKEN by June 30, 2023. This webinar will show you what’s involved in a smooth deployment. The session will include typical deployment examples with a variety of network equipment.

Here are the slides used in the webinar presentation.

We’ve summarized and consolidated questions we received during the webinar and provided answers here. Contact us if you have further questions.

If SHAKEN itself doesn’t identify robocalls, does the TRACED Act require service providers to institute just SHAKEN or robocall analytics as well?
Currently, the TRACED Act and FCC order require voice service providers either to use STIR/SHAKEN in their IP networks or, if they qualify for an extension, implement a robocall mitigation plan.

The FCC strengthened the robocall mitigation requirement in December 2020 with “affirmative obligations” to mitigate robocalls and again in May 2022 with obligations for gateway providers to do both STIR/SHAKEN and robocall mitigation.

In May 2022, the Commission asked for comments on whether they should extend the STIR/SHAKEN and robocall mitigation to all domestic providers. There was strong support for this in the comments. However, the FCC hasn’t updated the rules yet.
Does TransNexus have a step-by-step procedure on how to set up SHAKEN?
Yes, we have instructions for the process. However, the details can vary based on the type of network equipment you have and how you use it. Contact us to arrange a call to discuss your specific situation and learn more.
Since a C-level attestation can still be a legitimate call, what is the threat of robocall analytics stopping or mislabeling that call even though it’s legitimate? SHAKEN alone doesn’t stop a call, correct?
A call signed with a C-level attestation can have a spoofed calling ID, so it doesn’t reduce the chance of the call being labeled a potential scam or even blocked. We’ve seen a much higher percentage of robocalls signed with C-level attestation than unsigned calls. The CATA Working Group suggested that providers will begin to assign a reputation score to signing providers. Some providers sign lots of robocalls with C-level attestation, and this will begin to harm their reputation.
I have a Metaswitch, and lots of TDM trunks. If we end up required to do OOB SHAKEN. I am not enamored with the “Terminating Server” method of doing Verification on INBOUND calls, which is what Meta claims they do for their Call Guardian. They have their own “fix” for this using Perimeta to redirect that call back to SAS, but this is only a fix for EAS services. This means no other Terminating services can be used because you need to put ClearIP as Terminating Server for EVERYONE to Verify calls. Is there a better implementation from TransNexus for this?
No, this is the only way to implement it. However, ClearIP can direct the Perimeta to route the call to anything, so you can use any additional terminating application server, not just EAS.
My outbound routing is in the Metaswitch CFS; after I get the 302 back to the CFS to find its routing rather than the Perimeta routing it back out?
ClearIP integrates with the Metaswitch CFS using a SIP INVITE redirect transaction. SIP messages between the CFS and ClearIP will pass through the Metaswitch Perimeta SBC. The Perimeta will connect to ClearIP over the internet using either a TCP or TLS connection. See Metaswitch outbound configuration for ClearIP for more details.
How is the SHAKEN Passport tied to a call when out-of-band at the terminating provider?
When a terminating provider using Out-of-Band receives a call from a non-IP trunk, its Verification Service will make a retrieve request to a Call Placement Service asking for PASSporTs for the calling number and called number associated with that call. The CPS will return the PASSporT(s), and then the Verification Service will use the PASSporT(s) to do the typical STIR/SHAKEN verification.
We are still dealing with rural call completion issues. Will or could SHAKEN be used to help us identify who is not routing incoming calls correctly?
We would need more specifics about the call completion issues you are seeing to say whether STIR/SHAKEN would help identify who is not routing incoming calls correctly. However, if you receive a signed call that was not routed correctly, the signature would point to the signing provider. This might (or might not) identify a routing issue.

On a related topic, the NTCA has identified a reverse rural call completion issue. Many signed calls to/from rural subscribers cross a non-IP call segment somewhere in the middle of the call path where STIR/SHAKEN information is lost. This increases the probability that their calls will be mislabeled or blocked. Out-of-Band would eliminate this problem and level the playing field.
How do we add new trusted numbers/corresponding provider names in the STI-CPS?
With Out-of-Band, an upstream provider who is about to route a call over a non-IP segment will publish the call’s SHAKEN PASSporT to an STI-CPS. This happens in real-time during call processing.

The downstream provider on the other side of the non-IP segment will retrieve the PASSporT and either put it in the SIP signaling (if they are sending the call along using SIP) or terminate the call and verify the PASSporT.

There is no database of trusted numbers and providers in the STI-CPS. It holds PASSporTs for about 5–15 seconds then deletes them.
Will ClearIP work for a TDM network?
The communication between ClearIP and your network uses SIP. Many service providers using ClearIP also have TDM in their networks. In many cases, their network gear supports both SIP and TDM. If not, they use a SIP/TDM gateway to translate the signaling to and from ClearIP. Contact us to arrange a call to discuss your specific situation and learn more.
We are talking about origination, but let’s say some U.S. mobile device is roaming in Mexico and it takes a mobile supplier like AT&T as roaming, He/she dials a USA number and AT&T does not apply the authentication and send the call to the intermediate gateway and the intermediate gateway send the call to the termination supplier. In this case, how does the authentication apply?
From June 30, 2023, gateway providers must start signing foreign-originated calls with U.S. calling numbers that they bring into the U.S. network. Since they usually won’t have a direct authenticated relationship with the caller and a verified association with the calling number, the gateway provider will likely sign such calls with a C-level gateway attestation.
Our model is that we provide and manage the PBX for the customer and the customer signs up directly with a SIP trunk provider to get SIP trunks to make/receive calls. In this case, is it mandatory for us to implement SHAKEN or is the SIP trunk provider responsible?
If you provide voice service to end users and have control over the network, in this case, the PBXs, then yes, you are required to authenticate calls originated and verify signed calls received.
We provide phone service via the internet through Vitelity. Not all our phone lines/DIDs are over our network though. Do we need to enforce SHAKEN or is that on Vitelity’s side?
If you provide voice service to end users and have control over the network, then yes, you are required to authenticate calls originated and verify signed calls received.
When you are sending Rich Call Data with the PASSporT (Caller Name, you mentioned logos as well) does the caller name info show up on mobile phones now? Or do you know a time when the major U.S. cell phone providers are going to adopt that Rich Call Data? Will this be adopted internationally?
It depends on how the terminating provider implemented STIR/SHAKEN verification and call validation treatment. In TransNexus STIR/SHAKEN solutions, we provide the option to present the Rich Call Data CNAM as the caller name. This does not require any special support in the handset, so it works today. Logo display requires handset support. Some smartphone add-on applications enable this feature today, but it is not yet supported as a standard feature in handsets. We don’t know when handset makers will support this as a standard feature—we hope it happens soon.
How does STI-VS know the attestation level, whether is A, B, or C? I couldn’t see it in the PAI header.
The attestation level is a claim in the PASSporT payload, for example: "attest":"A".
What is the return code if the number is not known by the STI-AS or STI-CPS?
In that case, the STI-CPS would return an HTTP response: HTTP/1.1 404 Not Found.
Does anyone know what’s the deadline for Canadian Providers?
The STIR/SHAKEN implementation deadline for telephone service providers in Canada was 30 November 2021; see details in CRTC 2021-123.
Man at computer


  • Review of STIR/SHAKEN regulations
  • The latest on STIR/SHAKEN for TDM
  • Registration and deployment processes
  • Typical deployment examples
  • Questions and answers


Jim Dalton

Jim Dalton
Chief Executive Officer

Marc St-Onge

Marc St-Onge
Customer Success Executive

About TransNexus

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificates. For more information, visit transnexus.com.

Contact us today to learn how we can help you prepare for the FCC SHAKEN deadline.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.