Twilio Announces Full Compliance with Anti-Robocall Protocols STIR/SHAKEN

If you’re like most people, unwanted robocalls are a daily annoyance. Beyond the calls we give permission for – doctors, pharmacies and schools are common examples – our cell phones and land lines ring all day long with spoofed numbers calling to sell us car warranties, or criminal phishing calls asking for personal information. The nation’s largest mobile carriers haven’t been as responsive in the past as they could have been, and many bad actors have easy access to technology to get around any rules and limitations. Session Initiation Protocol (SIP), a messaging protocol that contains the information needed to set up a VoIP call between two endpoints, has made it easier for criminals, hackers and spoofers to get around efforts to block them.

One of the ways federal officials are hoping to stem the tide of nuisance and criminal calls is with the Secure Telephony Identity Revisited (STIR) and the Signature-based Handling of Asserted information using toKENs (SHAKEN) series of protocols developed by the Internet Engineering Task Force (IETF), the Alliance for Telecommunications Industry Solutions (ATIS) and the SIP Forum.

STIR/SHAKEN is a suite of protocols and procedures first introduced in 2019 to combat caller ID spoofing on public telephone networks. Caller ID spoofing is used by many illegal robocallers to mask their identity or to make it appear the call is from a legitimate source, such as a local phone number (to fool you into thinking it’s a neighbor calling), a well know bank or a government agency.

Cloud communication solutions provider Twilio recently announced that it has achieved full compliance with the STIR/SHAKEN protocol, intended to ensure that the phone calls transmitted via its platform are legitimate and authenticated. All Twilio’s calls will be stamped with an approval attesting to the fact that terminating service providers and end users can trust that the call is not illegally spoofed.

In addition, Twilio announced that it has enrolled in the FCC’s Robocall Mitigation Database, which requires providers to inform the agency of their robocall mitigation efforts. Participants in the telecommunications ecosystem must indicate if they are using STIR/SHAKEN protocols on originating calls. If a service provider cannot sign all calls with the protocols, they must submit their own plan to the FCC on how they will block or mitigate illegal robocalls.