STIR/SHAKEN explained: caller ID authentication for VoIP calls

Who this guide is for

Audience: Business phone system administrators and compliance managers.

Understand how VoIP calling works — SIP, PBX, codecs, trunking, DID numbers, STIR/SHAKEN, and the protocols behind business phone systems.

Use this guide when you want the setup to be correct the first time and easy for another admin, manager, or supervisor to verify later.

What this workflow helps you accomplish

STIR/SHAKEN is a framework of protocols that authenticate caller ID information for calls carried over IP networks. STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) work together to verify that the caller ID displayed on inbound calls has not been spoofed.

This workflow matters because numbers, routing, access, and reporting in CallOrbit are connected. Skipping one setup detail usually creates avoidable support work later.

• Step 1: Understand why STIR/SHAKEN exists: caller ID spoofing allows bad actors to falsify the displayed phone number on outbound calls, which drives illegal robocalling, vishing scams, and identity fraud. STIR/SHAKEN makes it possible for carriers to verify that the caller ID belongs to the caller.
• Step 2: Learn the attestation levels: Full Attestation (A) means the carrier knows the customer and has verified they have the right to use the caller ID. Partial Attestation (B) means the carrier knows the customer but cannot verify caller ID ownership. Gateway Attestation (C) means the carrier only routed the call from outside its network.
• Step 3: Know how SHAKEN signatures work: the originating carrier signs the call with a SIP Identity header containing a JSON Web Token (JWT) that includes the caller ID, originating number, attestation level, and a digital certificate from a certificate authority. The terminating carrier verifies the signature before delivering the call.
• Step 4: Check your compliance obligations: if your organisation makes outbound calls from a US-originating number, your VoIP provider must apply STIR/SHAKEN attestation to those calls. Calls without proper attestation may be blocked, labelled as spam, or stripped of caller ID by terminating carriers.
• Step 5: Monitor call analytics for STIR/SHAKEN impacts: calls with B or C attestation are more likely to be flagged or blocked by carriers than calls with A attestation. If your outbound call answer rates drop unexpectedly, verify that your provider is sending the correct attestation level for your caller ID.

Setup checklist

• Understand why STIR/SHAKEN exists: caller ID spoofing allows bad actors to falsify the displayed phone number on outbound calls, which drives illegal robocalling, vishing scams, and identity fraud. STIR/SHAKEN makes it possible for carriers to verify that the caller ID belongs to the caller.
• Learn the attestation levels: Full Attestation (A) means the carrier knows the customer and has verified they have the right to use the caller ID. Partial Attestation (B) means the carrier knows the customer but cannot verify caller ID ownership. Gateway Attestation (C) means the carrier only routed the call from outside its network.
• Know how SHAKEN signatures work: the originating carrier signs the call with a SIP Identity header containing a JSON Web Token (JWT) that includes the caller ID, originating number, attestation level, and a digital certificate from a certificate authority. The terminating carrier verifies the signature before delivering the call.
• Check your compliance obligations: if your organisation makes outbound calls from a US-originating number, your VoIP provider must apply STIR/SHAKEN attestation to those calls. Calls without proper attestation may be blocked, labelled as spam, or stripped of caller ID by terminating carriers.
• Monitor call analytics for STIR/SHAKEN impacts: calls with B or C attestation are more likely to be flagged or blocked by carriers than calls with A attestation. If your outbound call answer rates drop unexpectedly, verify that your provider is sending the correct attestation level for your caller ID.

Operational follow-up

After you complete this flow, confirm the live experience from both the agent and customer side so ownership, routing, permissions, and reporting all match what the workspace expects.

If your team is rolling this out across multiple users, queues, or phone numbers, pair this article with the broader knowledge base and the relevant routing or numbers guides to keep deployment consistent.

• What is the CallOrbit Knowledge Base for? — It is the public help hub for how CallOrbit works, covering numbers, webphone setup, SIP, extensions, routing, users, roles, and billing basics.
• Can customers read this without signing in? — Yes. The Knowledge Base now lives on a public route so customers can read setup guidance before or after they enter the portal.
• Does the portal still have its own Knowledge Base page? — No. The signed-in portal navigation no longer carries a separate Knowledge Base page, and the old portal path now redirects to this public version.
• What is VoIP and how does it work? — VoIP (Voice over Internet Protocol) converts analogue voice signals into digital packets and transmits them over IP networks. Unlike traditional PSTN phone lines that require dedicated copper wiring per line, VoIP calls use your existing internet connection, which makes them cheaper, more flexible, and easier to scale.
• What is SIP trunking? — SIP trunking is a virtual connection that replaces traditional analogue phone lines or PRI circuits. A SIP trunk carries multiple concurrent voice channels over a single IP connection to your PBX or phone system, eliminating per-line hardware costs and monthly line rental fees.
• What is the difference between hosted PBX and cloud PBX? — Hosted PBX runs on dedicated virtual infrastructure managed by a provider, while cloud PBX uses shared multi-tenant cloud infrastructure. Hosted PBX suits organisations needing custom configuration and predictable pricing. Cloud PBX is better for instant scalability and per-user monthly billing.
• What is a DID number? — A DID (Direct Inward Dialling) number is a virtual phone number that routes directly to a specific extension, IVR menu, queue, or user within a phone system without an operator. DIDs decouple the phone number from the physical phone line, so you can have hundreds of numbers routed through a single SIP trunk.
• What are G.711, Opus, and G.729 codecs used for? — These are VoIP codecs that convert voice into digital data. G.711 uses 64 Kbps for toll-grade quality and is the PSTN standard. Opus uses 6-510 Kbps and adjusts to network conditions. G.729 uses 8 Kbps for bandwidth-constrained links. The right codec depends on your available bandwidth and call quality requirements.

Related CallOrbit guides