Category Archives: debugging

How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND calls from disreputable (NON-‘A’ attestation) service providers/carriers/sources.

I’m looking for something vaguely like https://www.internetbadguys.com/ , https://dnsleak.com , OpenDNS/Cisco Umbrella list … 1-800-MY-ANI-IS (which, sadly, no longer works and is now a sleazy marketer), …

I’m getting a ton of harassing, spoofed phone calls, and the bulk of them appear to be criminal enterprises discussed in this FCC filing. My phone #s are all already on do not call lists, such as https://www.donotcall.gov/. I’m already using a HiYa-based anti spam call app.

Relevant/research so far:

• On SE: Why can’t spoofed caller ID’s be identified?

• https://www.home.neustar/blog/att-and-neustar-execs-share-thoughts-on-stir-shaken-success. Excerpts :

• I know https://consumercomplaints.fcc.gov is there

• https://www.nolo.com/legal-encyclopedia/the-tcpa-protection-against-robo-calls-prerecorded-calls.html is good.

• TCPA small claims suits are effective; may be time for another one:

• Screwing telemarketers for fun and profit (MIT.edu)

“Overseeing STIR/SHAKEN implementation is the Secure Telephone
Identity Governance Authority (STI-GA), a governing body comprising
service providers representing every segment of the industry, as well
as an administrator, and a technical committee. This board sets up the
Policy Administrators (PAs) that authorize service providers’ ability
to get a token and approve certificates to make sure calls can be
authenticated and exchanged with other carriers.

To date, fifty-five service providers have registered with the STI-PA
to be able to sign their calls with STIR/SHAKEN authentication.

Approximately 15 [major] carriers publicly announced they’re deploying STIR/SHAKEN in parts of their network [=] 70% of all active phone numbers in the U.S.

Neustar [provides] the ATIS Robocalling Testbed.

ATIS serves as the industry interoperability test facility to validate the effectiveness of caller authentication standards developed by the Internet Engineering Task Force (IETF) and ATIS.

…

“STIR/SHAKEN will only confirm that a call is not spoofed,” said Linda

(I think this is false/misleading.)

Specifically, the working group recommended monitoring subscriber traffic patterns to identify behaviors consistent with illegal robocalling and take action when illegal robocalling campaigns are identified.

[E]nterprises can let < sic > consumers which calls to trust

provid[e] more context and identif[y] details on legitimate phone calls, along with a check mark that shows the call has been authenticated

I feel I’m getting far MORE spoofed and spam phone calls since STIR/SHAKEN has gone into effect. This year, the number of spam SMS has gone from none for months to multiple per week.

Continue reading How can I test if/how STIR/SHAKEN is working on my incoming calls? Both for detecting spoofed caller ID AND [bad sources]→