ITG traceback observations in 2025

Industry Traceback Group representatives met recently with FCC staff to present key observations from ITG tracebacks in 2025. It’s an interesting report with trends and patterns among suspected illegal calls and call authentication. Let’s have a look.

The report begins by explaining the context for the patterns and trends observed in 2025.

  • Tracebacks focus on suspected unlawful calls.
  • Lawful calling traffic patterns are not traced and are not part of the observed sample.
  • Tracebacks rely on third-party sources and sampling and may not reflect the total illegal call volume.

Highlights

  • The percentage of apparently foreign-originated calls is dropping.
    • In 2020, about 50% of tracebacks ended with a foreign origin.
    • In 2025, fewer than 10% of tracebacks ended with foreign origination.
    • The origin country is based on providers’ self-identification, including their Robocall Mitigation Database (RMD) certification filing.
  • The data show patterns of new provider churn.
    • On average, 30 or more new providers were identified in tracebacks each month.
    • Most had RMD filings that indicated they were in the U.S.
  • There were some RMD filings with impersonation/stolen identity of providers and companies.
  • The originating provider was identified as having authenticated the call with STIR/SHAKEN in 65% of tracebacks.
  • About 75 tracebacks involved a spoofed number authenticated with A-level attestation.
  • About 1,000 tracebacks had either an A- or B-level attestation that was authenticated by a downstream provider.
  • In some cases, the authentication provider did not even appear in the call path.
  • A small number of providers signed calls with a revoked certificate.
  • About 45 tracebacks involved spoofed calls with A-level attestation coming from a compromised (hacked) calling platform.

Takeaways

The observations in this report remind us of the intended purpose of STIR/SHAKEN as outlined in the ATIS-1000074 standards document:

  • To identify the authorized originator of a call into the VoIP network with non-repudiation.
  • Use the attestation indicator to represent the signer’s ability to vouch for the accuracy of the source origin of the call.
  • Form a view of the reputation of the authentication provider over time to determine a level of trust for the calling party information.

Many of these tracebacks involved suspected illegal calls with STIR/SHAKEN authentication that should not be trusted. This is why the STIR/SHAKEN information, including the identity of the authentication provider, can be such a valuable input into call analytics used to protect subscribers from illegal calls.

More information

Game pieces on a board as a network concept

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks worldwide. The company has over 25 years of experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, CDR and call analytics, advanced call routing, billing support, STIR/SHAKEN, and branded calling.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.