Robocalls and spoofed caller IDs have become a massive issue. To fight back, the FCC introduced the STIR/SHAKEN framework — a system that lets carriers verify that a call really comes from who it says it does. What do you need to do to ensure your traffic is being signed correctly? If you are an enterprise customer, meaning a customer who is using their service just for their own business communications, you may choose to do nothing, as Sinch will sign calls on your behalf.
However, if you are a service provider, meaning you provide telecom services to other companies, then you are required by the FCC and the TRACED act to sign your own calls.
Enterprise Customer Responsibilities
Enterprises can choose to sign their own calls. When doing so, Sinch will ensure the signing and attestation remains intact as it transits our network. When Enterprises send unsigned calls from Sinch provided numbers (or numbers you have ported to Sinch), Sinch will sign them with an “A” attestation, the highest level of trust possible. Enterprises sending unsigned calls from non-Sinch numbers, will be signed with a “B”. This indicates that while we know who the Enterprise is, we have no knowledge about the calling party number.
Service Providers - You’re Required to Sign Your Own Calls
The FCC requires all voice service providers — including gateway providers and intermediate providers — to sign all outbound IP-based calls using your own STIR/SHAKEN certificate. You should have your own SPC token (from the STI-PA), certificate, and ability to sign calls. Like the enterprises above, any calls that have been signed prior to reaching Sinch will remain as they transit through the Sinch network.
By the same FCC rules, Sinch, as an intermediate provider, is legally required to sign any unsigned calls we receive. Unsigned calls from service providers on EST will be signed with a “C” attestation , meaning we don’t know or can’t vouch for the caller ID, which may increase the likelihood of calls being labeled as “Likley SPAM”.
Have Questions?
We recommend discussing your STIR/SHAKEN strategy with a telecom regulatory advisor or one of the approved certification authorities — but if you have questions about how Sinch handles unsigned calls or would like to talk about Sinch Hosting your certificate on our infrastructure, we’re happy to help.
