Robocalls have become a persistent headache for organisations running outbound campaigns, and the stakes keep rising. In the U.S. alone, consumers received an estimated 52.8 billion robocalls in 2024, according to one index.
When those calls involve caller ID spoofing, the result is not just annoyance; it’s eroded trust, wasted resources, and potential regulatory consequences. That’s why technologies such as STIR/SHAKEN (also sometimes written as “Stir and Shaken”) and protocols like Session Initiation Protocol (SIP) play an increasingly central role in outbound calling compliance.
Whether you’re using an IP PBX system, understanding caller ID authentication and the compliance requirements of your voice service providers is no longer optional; it’s essential.
In this post, we’ll define the problem, walk through the key concepts, and then dig into best-practice strategies you can adopt to meet STIR/SHAKEN compliance and keep your outbound operations effective.
What are Robocalls?
At their simplest, robocalls are phone calls made using automated dialling equipment or software, often delivering a prerecorded message rather than a live human speaker.
Robocalls can be legitimate- for example, appointment reminders or alerts- but increasingly they’re used for unsolicited marketing, scams, or fraud.
Why does that matter? When recipients see a call from a random or spoofed number, many simply do not answer. For outbound operations, that means lower answer rates, wasted time, and poor ROI. For carriers and regulators, it means rising volumes of unwanted calls and reputational risk. For instance, one report states that consumers receive about 4 billion robocalls per month in the U.S.
In short: if you’re running outbound calls, you’re operating in a world where trust matters. If your call looks like spam (either due to behaviour or caller ID), you’re already on the back foot.
Why Outbound Calling Compliance Matters & The Role of STIR/SHAKEN
When you use an IP PBX system to dial large volumes, you’re relying on infrastructure – both your own (auto-dialling software, VoIP business phone system) and external (voice service providers).
Compliance and caller-ID authentication aren’t just technical checkboxes – they’re strategic enablers of reach, brand value, and trust.
Caller ID Spoofing: The Root of The Problem
Caller ID spoofing happens when the number displayed to the recipient is falsified, appearing to be a trusted or local number, but might not be. This erodes trust, hurts engagement, and triggers filtering or blocking by carriers. In response, regulators like the Federal Communications Commission (FCC) have pushed for identity verification mechanisms.
Introduction to STIR/SHAKEN
- STIR stands for Secure Telephone Identity Revisited.
- SHAKEN stands for Signature-based Handling of Asserted information using toKENs.
Together, the STIR/SHAKEN framework enables caller ID authentication in IP-based telephony systems, often carried over SIP signalling, to validate that the number presented really originates from the party claiming it.
- STIR/SHAKEN essentially creates a trusted, traceable identity for every outbound call. When a call is placed from your IP PBX your voice service provider (VSP) digitally signs the caller ID and embeds an encrypted identity into the SIP headers.
As the call travels through the network, the terminating provider validates this signature against an approved certificate. If everything checks out, especially when the call carries Level A attestation, the recipient’s device can display a “Verified Caller” badge, signalling that the number is legitimate and hasn’t been spoofed.
For outbound operations, the implications are clear:
- If your voicing path is not signed or attested, your call may be filtered or flagged.
- If your number pool is poorly maintained or your behaviour resembles spam, attestation will not save you.
- If you use an IP PBX system without bridging your provider’s signing, you’re missing critical compliance steps.
In short, caller ID authentication via STIR/SHAKEN is now a cornerstone of outbound call compliance and effectiveness.
Key Concepts You Should Know
Before diving into best practices, let’s make sure you’re clear on some core terms – especially as they apply when you’re working with outbound call systems and telecom infrastructure.
Session Initiation Protocol (SIP)
SIP is the signalling protocol widely used to set up, conduct, and terminate voice and video calls over IP networks. When your IP PBX system places a call, SIP headers carry metadata about the call.
For STIR/SHAKEN, the digital signature and attestation information are typically carried in these SIP headers so the downstream network can verify the caller ID.
Caller ID authentication / Caller ID spoofing
- Caller ID authentication refers to the process of verifying that the number displayed to the recipient is legitimate and authorised by the originating party.
- Caller ID spoofing is the practice of falsifying the displayed number to trick the recipient.
These are central to the STIR/SHAKEN ecosystem. If your calls are originating from your IP PBX system but being signed (or not) incorrectly, the displayed number may not align with authentication and will be treated as lower trust.
Attestation levels (A, B, C)
Under STIR/SHAKEN, each call is assigned an attestation level by the originating provider:
- Level A: Full attestation – provider knows the caller, authorised number, and entity.
- Level B: Partial attestation – provider knows the caller, but maybe not the number.
- Level C: Gateway or no attestation – least trusted.
Calls with higher attestation are more likely to be delivered, less likely to be flagged as spam.
Robocall mitigation programmes & compliance filings
In the U.S., many carriers and voice service providers must either adopt STIR/SHAKEN or submit a robocall mitigation plan to the FCC. The regulatory environment is evolving quickly.
IP PBX System
This is the operational tool if you are making outbound calls at scale:
- An IP PBX system is your private branch exchange hosted over IP, enabling you to manage inbound/outbound calls within your organisation.
When you’re using this for outbound calling, you must align your infrastructure and processes with caller ID authentication (STIR/SHAKEN) and number-reputation practices.
Best Practices for Outbound Call Compliance Under STIR/SHAKEN
Now to the heart of things: how you can solve robocall challenges by adopting these best practices. Each of these applies particularly if you’re managing outbound campaigns, using an IP PBX system and working with a voice service provider that carries your traffic.
1. Ensure your voice-service provider (VSP) or carrier supports STIR/SHAKEN
If you rely on a VSP or carrier to carry your outbound calls, step one is verifying they:
- Have implemented STIR/SHAKEN (or have an approved robocall-mitigation plan) and are registered with the FCC where required.
- Are capable of signing outgoing calls from your numbers with digital certificates.
- Provide transparency or reports on attestation levels and compliance.
Why this matters: If your provider isn’t compliant, your calls may be blocked or labelled by downstream carriers, reducing answer rates and undermining trust.
2. Aim for Attestation Level A on your outbound calls
Work with your provider and internal workflows so that your outbound calls carry Level A attestation whenever feasible. That means:
- The originating provider knows your identity and phone numbers.
- The numbers are legitimately authorised for you.
Why this matters: Calls with Level A attestation carry higher trust, and many smartphone UIs display “Verified Caller” badges or similar when Level A is present. Lower levels (B or C) raise the risk of being flagged as spam.
3. Maintain a clean and verified number inventory
If you’re using auto-dialling software, you’re probably rotating numbers, using many caller IDs for campaigns. Make sure each number is:
- Registered/authorised with your VSP.
- Owned/assigned legitimately to your campaign/entity.
- Monitored for reputation metrics such as answer rate, hang-up rates, and complaints.
Why this matters: The STIR/SHAKEN framework assumes numbers are properly assigned and authorised. A chaotic number pool can lead to degraded attestation and increased risk of labelling or blocking.
4. Use compliant outbound-dialling practices
Even with STIR/SHAKEN in place, your campaign behaviour matters. Consider:
- Honour Do-Not-Call lists and consumer opt-outs (telemarketing rules still apply).
- Maintain reasonable call frequency, avoid blasting massive volumes without control.
- Ensure your message is clear about who’s calling and why (especially if using auto-dialling software).
- Monitor answer-rates, abandonment rates, and hang-up behaviour.
Why this matters: STIR/SHAKEN authenticates identity, but carriers and devices still look at behaviour – inbound complaints, hang-ups, abandoned calls, to decide whether to label or filter. Poor campaign hygiene can nullify even authenticated calls.
5. Monitor and manage your caller-ID reputation
Once outbound calls are live, you should actively monitor metrics:
- How many calls are answered vs. labelled “Spam Likely” or “Scam”?
- How your numbers appear in reputation databases.
- Whether certain numbers are flagged or blacklisted by carriers.
Why this matters: Even with proper attestation, if your numbers have a bad history (lots of hang-ups, short-duration calls, user complaints), carriers will reduce deliverability or label your calls. Continuous monitoring is a must.
6. Align your IP PBX system with STIR/SHAKEN signalling
Since you’re using an IP PBX system, ensure:
- Your infrastructure supports SIP signalling that carries identity headers and certificates.
- The call path from your system through the voice service provider preserves the signature (no stripping).
- Your provider works with your system so that calls you place are signed properly before leaving the network.
Why this matters: The technical path matters. If your IP PBX is misconfigured and SIP headers don’t carry the signature, your calls may end up without attestation, even if the provider is nominally compliant.
7. Prepare for international or non-IP networks and compliance expansions
If your outbound campaigns reach across borders or involve providers in other countries, or transit older telecom networks, understand that:
- STIR/SHAKEN was originally developed for U.S. IP networks; non-IP or legacy networks may not fully support the signature path.
- Other countries are adopting similar authentication frameworks; staying ahead means planning for multi-jurisdiction flows.
Why this matters: If your calls traverse legacy networks or foreign carriers, the trust chain may break. Compliance and deliverability can be impacted even if your originating part is perfect.
8. Communicate transparently with your team about compliance and behaviour
Your outbound call operations involve people – agents, campaign managers, IT, telecom vendors. Make sure your team knows:
- What STIR/SHAKEN is and why it matters in simple terms.
- The importance of proper number usage, call behaviour, and opt-outs.
- How is your IP PBX configured to support compliance
Why this matters: Compliance isn’t purely technical; it’s also organisational. If your team rotates numbers ad hoc, ignores opt-outs, or uses high-volume “spray” campaigns, you’ll suffer reputation issues.
9. Work with analytics and caller-ID trust indicators
Beyond avoiding problems, you can gain a competitive advantage by using technologies and practices that highlight authenticity:
- Some networks/browsers show “Verified Caller” badges or similar if attestation is strong.
- Use analytics to test various caller IDs, numbers, and campaigns to see which achieve better answer-rates or fewer spam-flags
Why this matters: The goal isn’t merely compliance; it’s effectiveness. If your calls are answered more often, your ROI improves, and you strengthen brand trust in the calling channel.
10. Document, audit, and stay ahead of regulatory change
Finally, keep your house in order. Make sure you:
- Maintain documentation for number ownership, campaign consent, and opt-out records.
- Audit call flows, number usage, and your provider’s attestation status annually (or more).
- Stay abreast of regulatory changes: the FCC updates rules, expands blocking requirements, or changes filing obligations.
Why this matters: Non-compliance isn’t just theoretical; it can lead to blocks, reputational damage, and even regulatory fines for outbound operations or providers.
Putting It All Together - A Practical Checklist
Here’s a quick checklist you can adopt if you’re managing or advising outbound call operations under an IP PBX setup:
- Confirm your voice service provider is STIR/SHAKEN-enabled and has a valid mitigation plan.
- Verify that your outbound numbers are authorised and aligned with your entity.
- Ensure your IP PBX system is configured to pass SIP headers and enable call signing.
- Set a goal to achieve Attestation Level A on as many outbound calls as feasible.
- Monitor number-reputation: answer rates, spam labels, hang-up ratios.
- Ensure your campaign practices align with telemarketing and auto-dialling software rules: opt-outs, frequency, and transparency.
- Explore branded-calling or verified-caller indicators to boost trust/answer rates.
- Train your staff on compliance, caller ID authenticity, and how their behaviour impacts deliverability.
- Audit your number pool frequently; retire or repurpose numbers with poor history.
- Stay informed about regulatory changes (FCC, other jurisdictions) and maintain internal documentation for audits or filings.
Benefits of Getting This Right
When you succeed in aligning your outbound operations with STIR/SHAKEN compliance and best practices, you’ll see several benefits:
- Higher answered-call rates: When recipients recognise a legitimate caller number and don’t get the “Spam Likely” tag, they’re more likely to pick up.
- Reduced risk of being flagged or blocked: Carriers increasingly rely on attestation and caller-ID reputation to decide whether to deliver or filter a call.
- Improved brand trust and caller-ID authenticity: Your organisation appears professional and trustworthy rather than “another random number calling me”.
- Regulatory peace of mind: By aligning with frameworks like STIR/SHAKEN, submitting proper mitigation plans, and using compliant outbound dialling practices, you reduce the risk of enforcement action.
- Better operational efficiency: With fewer blocked calls, fewer wasted calls, and fewer complaints, your outbound call centre software or auto-dialling software investment delivers better ROI.
Common Pitfalls and How to Avoid Them
Even when you’re aware of the frameworks and best practices above, many organisations still hit avoidable obstacles. Here are common mistakes and how to avoid them:
- Using numbers not properly authorised or unregistered: If a number isn’t verified with your provider, you may end up with Level C attestation (or none) and degraded deliverability.
- Relying solely on your provider without monitoring: Even if your VSP is compliant, you must actively monitor number-reputation, call-metrics, and campaign behaviour.
- Ignoring behavioural signals: STIR/SHAKEN validates identity, but if your calls show spam-like behaviour (short calls, high hang-up rates, many abandoned calls), you’ll still get penalised.
- Over-using auto-dialling software without opt-in/opt-out discipline: Telemarketing rules still apply. You cannot rely solely on authentication to circumvent legal requirements.
- Failing to account for non-IP or international call paths: If your outbound traffic transits legacy networks or international gateways, caller-ID authentication might break down, reducing trust/tracking.
Also Read: Why Your Calls Are Marked Spam – And How to Fix It with STIR/SHAKEN
Conclusion
Robocalls and the threat of caller ID spoofing are no longer peripheral concerns; they’re central to the success of any organisation running outbound campaigns using an IP PBX system.
By embracing the caller-ID authentication framework enabled by STIR/SHAKEN, aligning your infrastructure (SIP signalling, number inventories, outbound call centre software) and working closely with your voice service providers, you can turn compliance from check-box to strategic advantage.
For companies looking to stay ahead in outbound calling, modern platforms such as those offered by HoduSoft can help simplify the technical and operational alignment needed for effective STIR/SHAKEN compliance, so you can focus on reaching your audience, building trust, and driving results rather than scrambling to avoid blocks and spam labels.
Stop robocalls before they reach your customers.
FAQs
No, while STIR/SHAKEN enhances caller ID authentication, it does not evaluate the contents of the call nor guarantee that the originator is legitimate beyond the number. Essentially, it confirms “this provider claims this number” but doesn’t guarantee ethical behaviour. Many calls still get through despite the framework.
Yes, especially if your outbound calls go to U.S. numbers or traverse networks that terminate in the U.S. Many voice service providers route traffic through U.S. gateways or interconnects subject to STIR/SHAKEN. Moreover, several other jurisdictions are adopting similar caller-ID authentication frameworks, so it’s wise to stay ahead.
Ultimately, your voice service provider (VSP) or carrier is responsible for implementing STIR/SHAKEN attestation and signing. However, your business (via your IP PBX system) must ensure the infrastructure supports the process, the numbers are authorised, and campaign behaviour is compliant. Both sides must coordinate.
In short, STIR is the protocol (Secure Telephone Identity Revisited) that defines how caller identity signatures are created and passed, whereas SHAKEN is the implementation framework (Signature-based Handling of Asserted information using toKENs) that defines how the industry uses those signatures in practice. Together, they enable caller-ID authentication in IP telephony systems.
STIR/SHAKEN primarily governs outbound caller ID authentication. However, inbound systems benefit indirectly. When receiving authenticated calls, your IP PBX can display a “verified” status, helping agents identify trusted calls and reducing exposure to spam or spoofed numbers.
