Call Authentication Fundamentals
Call authentication, primarily implemented through STIR/SHAKEN, provides cryptographic verification of caller identity. When properly implemented, it allows terminating carriers and analytics providers to trust that the caller ID information is accurate, leading to better call treatment and higher answer rates.
The key elements of call authentication include:
- Digital signatures — Originating carriers sign calls with certificates
- Attestation levels — Indicate the carrier's confidence in caller identity
- Certificate chain — Allows verification back to trusted authorities
- PASSporT tokens — Carry authentication information through the network
Why Authentication Matters for Enterprises
For enterprise callers, proper authentication directly impacts business outcomes:
- Higher answer rates — Authenticated calls are more likely to be answered
- Reduced spam flagging — Lower risk of "Scam Likely" labels
- Better caller ID display — Proper branding on recipient devices
- Regulatory compliance — Meeting FCC call authentication requirements
- Reputation protection — Maintaining positive calling number reputation
Number Verification and Documentation
The Foundation of Full Attestation
To achieve Full Attestation (Level A), your carrier must be able to verify that you're authorized to use the calling numbers. This requires proper documentation and verification processes.
Letters of Authorization (LOAs)
For ported numbers, LOAs document your right to use the number:
- Complete information — Include all DIDs being authorized
- Proper signatures — Authorized signer with title
- Current dates — Keep LOAs updated
- Clear language — Explicitly authorize use for calling
Number Assignment Records
Maintain clear records linking numbers to your organization:
- Carrier assignment letters — Document numbers allocated by carriers
- Number range inventory — Track all DIDs in use
- Usage documentation — Show which numbers are used for what purpose
- Change tracking — Document additions and removals
Business Verification
Carriers may require business verification documentation:
- Business registration documents
- Tax identification numbers
- Articles of incorporation
- DBA certificates if applicable
Verify your number data. Use our LRN and carrier lookup to confirm your number assignments match carrier records.
LRN Lookup APICarrier Configuration Best Practices
Working with Your Originating Carrier
Proper configuration with your voice carrier is essential:
- Verify STIR/SHAKEN capability
- Confirm carrier has valid certificate
- Verify they can sign calls with Full Attestation
- Check their RMD filing status
- Complete number verification
- Submit all required documentation
- Confirm verification is complete for each number
- Set up process for adding new numbers
- Configure proper caller ID presentation
- Ensure SIP headers are populated correctly
- Use only verified numbers as caller ID
- Avoid dynamic caller ID manipulation
Multi-Carrier Environments
Organizations using multiple carriers face additional complexity:
- Consistent documentation — Each carrier needs verification
- Routing awareness — Know which carrier handles which calls
- Failover considerations — Backup carriers also need verification
- Unified monitoring — Track attestation across all paths
SIP Configuration
Technical configuration impacts authentication:
# Ensure proper SIP header configuration
# From header should match verified calling number
From: "Company Name" <sip:+12025551234@carrier.com>;tag=abc123
# P-Asserted-Identity for carrier trust
P-Asserted-Identity: <sip:+12025551234@carrier.com>
# Avoid manipulation that could break attestation
# Don't override caller ID in ways that conflict with verificationEnterprise PBX and UCaaS Integration
Enterprise PBX Considerations
If you operate your own PBX or use a hosted solution:
- Extension caller ID — Map extensions to verified DDIs
- Trunk configuration — Configure SIP trunks to pass proper caller ID
- Outbound rules — Ensure only verified numbers can be presented
- Gateway integration — Properly connect to carrier for authentication
UCaaS Platform Integration
For cloud communications platforms:
- Verify the platform supports STIR/SHAKEN
- Complete number verification within the platform
- Configure user-to-number assignments properly
- Monitor attestation through platform tools
Contact Center Platforms
Contact centers have unique requirements:
- Outbound caller ID — Verify all numbers used for outbound calling
- Campaign management — Assign verified numbers to campaigns
- Agent caller ID — Control what agents can present
- Dialer configuration — Ensure dialers use verified numbers
Monitoring and Analytics
Attestation Monitoring
Regularly monitor your call attestation levels:
- Sample testing — Periodically check attestation on outbound calls
- Carrier reporting — Request attestation reports from carriers
- Third-party tools — Use independent verification services
- Trend analysis — Watch for changes over time
Key Metrics to Track
| Metric | Target | Action if Below Target |
|---|---|---|
| Full Attestation Rate | >95% | Review number verification |
| Answer Rate | Industry benchmark | Investigate attestation issues |
| Spam Label Rate | <1% | Check analytics reputation |
| Blocked Call Rate | <0.5% | Verify carrier compliance |
Answer Rate Correlation
Track the relationship between attestation and business outcomes:
# Monitor call performance by attestation level
def analyze_attestation_impact():
results = call_database.query(
group_by='attestation_level',
metrics=['answer_rate', 'spam_flag_rate', 'block_rate']
)
for level in results:
print(f"Attestation {level.attestation}:")
print(f" Answer Rate: {level.answer_rate}%")
print(f" Spam Flags: {level.spam_flag_rate}%")
print(f" Blocked: {level.block_rate}%")Call Branding and Rich Call Data
Branded Calling
Beyond basic authentication, branded calling displays business information:
- Business name — Company name appears on caller ID
- Logo display — Company logo shown on supported devices
- Call reason — Purpose of the call (e.g., "Delivery Update")
- Verified badge — Indicates authentication status
STIR/SHAKEN Rich Call Data (RCD)
Rich Call Data extends STIR/SHAKEN with additional information:
- Currently in development and early deployment
- Will allow transmission of business identity information
- Requires proper verification and registration
- Carrier and device support continues to expand
Third-Party Branding Services
Analytics providers offer branding services:
- First Orion — INFORM branding solution
- Hiya — Hiya Connect branded calling
- Transaction Network Services — Enterprise branded calling
These services typically require:
- Business verification
- Number registration
- Ongoing compliance monitoring
- Content approval
Reputation Management
Understanding Call Reputation
Your calling numbers have a reputation score that affects treatment:
- Consumer feedback — Reports of spam or unwanted calls
- Call patterns — Volume, duration, answer rates
- Attestation history — Consistent authentication
- Complaint databases — FTC, carrier complaints
Protecting Your Reputation
- Consistent authentication — Maintain Full Attestation
- Reasonable call patterns — Avoid aggressive dialing
- Honor opt-outs — Process DNC requests immediately
- Monitor complaints — Track and address issues
- Register with analytics providers — Proactive reputation management
Remediating Reputation Issues
If your numbers are flagged as spam:
- Identify which numbers are affected
- Review calling practices for those numbers
- Submit appeals to analytics providers
- Verify authentication is working properly
- Consider number replacement for severely damaged numbers
Call Center Implementation
Outbound Campaign Setup
For call centers running outbound campaigns:
- Dedicate numbers by campaign — Track performance by number
- Verify all campaign numbers — Ensure Full Attestation
- Set appropriate pacing — Avoid aggressive dialing patterns
- Monitor in real-time — Watch for answer rate drops
Dialer Configuration
# Configure dialer for authenticated calling
dialer_config = {
'caller_id': {
'source': 'verified_number_pool',
'rotation': 'by_campaign',
'fallback': 'main_verified_number'
},
'pacing': {
'calls_per_number_per_hour': 50, # Conservative pacing
'rest_period_between_campaigns': 300 # seconds
},
'authentication': {
'require_attestation': True,
'minimum_attestation': 'A',
'log_attestation_failures': True
}
}Agent Training
Train agents on authentication-related issues:
- Understanding why some calls may be labeled or blocked
- Proper handling of consumer questions about caller ID
- Reporting patterns that suggest authentication issues
- Using correct caller ID procedures
Troubleshooting Authentication Issues
Common Problems
| Symptom | Possible Cause | Solution |
|---|---|---|
| Calls receiving C attestation | Number not verified with carrier | Submit verification documentation |
| Inconsistent attestation levels | Multiple carriers with different verification | Verify with all carriers |
| No attestation on calls | Carrier not signing calls | Confirm carrier STIR/SHAKEN capability |
| Calls flagged as spam despite Full Attestation | Reputation issues | Review calling practices, contact analytics providers |
| Attestation fails for some extensions | Extension-to-DID mapping issues | Audit PBX configuration |
Diagnostic Steps
- Test calls — Make test calls and check attestation
- Carrier inquiry — Ask carrier for attestation reports
- SIP trace — Check SIP headers for Identity information
- Number lookup — Verify number is properly assigned
- Traceback — Use traceback search to see call path
Compliance Integration
RMD and Authentication
Ensure your authentication implementation aligns with RMD requirements:
- Update RMD filing when implementation changes
- Document STIR/SHAKEN deployment status accurately
- Maintain traceback contact information
TCPA Considerations
Authentication doesn't replace TCPA compliance:
- Consent is still required regardless of attestation
- DNC scrubbing remains mandatory
- Authentication helps demonstrate legitimate business purpose
Implementation Checklist
Initial Setup
- Verify carrier has STIR/SHAKEN capability
- Confirm carrier RMD filing is current
- Submit number verification documentation
- Configure SIP/PBX for proper caller ID presentation
- Test attestation on sample calls
Ongoing Operations
- Monitor attestation levels regularly
- Track answer rates and spam flagging
- Update documentation when numbers change
- Maintain carrier relationships
- Register with analytics providers
Issue Response
- Investigate attestation drops promptly
- Address spam labeling issues
- Document troubleshooting steps
- Escalate to carriers when needed
Frequently Asked Questions
How long does it take to get Full Attestation set up?
The timeline depends on your carrier and documentation readiness. If your carrier already has STIR/SHAKEN implemented and you have all your number authorization documentation ready, it can be as quick as a few days. More complex environments with multiple carriers or large number inventories may take several weeks to fully verify all numbers.
Can I get Full Attestation if I use a SIP trunking provider?
Yes, many SIP trunking providers can provide Full Attestation if they can verify your authorization to use the calling numbers. You'll need to provide them with documentation proving you own or have the right to use the numbers. Some providers have more robust verification processes than others, so ask about their STIR/SHAKEN capabilities before selecting a provider.
Why are my calls still flagged as spam with Full Attestation?
Attestation is one factor in spam labeling, not the only factor. Analytics providers also consider call volume, consumer feedback, answer rates, and historical patterns. Even with Full Attestation, aggressive calling patterns or consumer complaints can result in spam labels. Review your calling practices and consider registering with analytics providers to proactively manage your reputation.
How do I authenticate calls from remote workers?
Remote workers should route calls through your authenticated voice infrastructure rather than making calls from personal phones. Use a UCaaS platform or VPN-connected softphones that route through your verified trunk. Ensure the system presents verified business numbers rather than the worker's personal number. The key is centralizing call origination through authenticated channels.
What happens if my carrier doesn't support STIR/SHAKEN?
If your carrier doesn't support STIR/SHAKEN, your calls won't receive proper attestation, putting them at a significant disadvantage. Unsigned calls are treated with suspicion and are more likely to be blocked or labeled as spam. Additionally, carriers without STIR/SHAKEN who haven't filed in the RMD may face traffic blocking. Consider switching to a carrier that supports authentication.