How does the STIR/SHAKEN protocol work?

STIR/SHAKEN uses digital certificates based on common public key cryptography techniques to ensure the calling number is secure and combats caller ID spoofing on public telephone networks. Through the handoff of phone calls passing through the complex web of networks, it allows for the carrier of the party receiving the call to verify that a call is in fact from the number displayed on Caller ID. In short, it verifies the authenticity of the call.


STIR is short for Secure Telephony Identity Revisited.

SHAKEN is short for Signature-based Handling of Asserted information using tokens.


Why enable STIR/SHAKEN?


Some carriers may flag incoming calls as 'Spam Risk' or 'Potential Spam' but this isn't always the case. Below are a few reasons why a carrier would flag a number as spam.

1. The number of calls per hour and/or number of calls per day that are being made by a single number. If a carrier detects high activity with a number, they will likely assign a flag to the number.

2. The rate of successful connections

3. Whether or not (and how often) recipients of calls from that number have reported the number as spam or as being used as part of a scam

4. The number was erroneously flagged as spam.

Every carrier has different thresholds for what is considered spam and monitors call behavior in different manners. The best practice to avoid being flagged is to follow ethical calling guidelines. Once STIR/SHAKEN has been enabled, it should significantly reduce the amount of outbound calls being reported as 'Spam Risk' or 'Potential Spam'

For more information on STIR/SHAKEN on FCC's website, click here.


How the receiving carrier attests the validity of a number


The originating carrier checks the call source and calling number to determine how to attest for the validity of the calling number. Attestation is a three level system that characterize a caller’s right to use a particular number.

Full Attestation (A) — The service provider has authenticated the calling party and they are authorized to use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.

Partial Attestation (B) — The service provider has authenticated the call origination, but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.

Gateway Attestation (C) — The service provider has authenticated from where it received the call, but cannot authenticate the call source. An example of this case would be a call received from an international gateway.

What information is needed to enable STIR/SHAKEN?

Send an email to support@ring.io with the following information.

Legal Business Name:
Business Address:
Business Type (Sole Proprietorship, Partnership, Corporation, co-op, LLC, non-profit):
Business Industry:
Business Registration Number:
Contact Full Name:
Contact Email:
Contact Title:
Contact Phone Number:
Business website address:
List of Ring.io phone numbers that need STIR/SHAKEN enabled:


Can we register STIR/SHAKEN for our RingLocal numbers?


STIR/SHAKEN can only be registered with Ring.io Personal and Company numbers. If you are using our RingLocal service, we are not able to register the numbers in the pool for STIR/SHAKEN.


What happens after we provide all the information your carrier requires?


Our team will create a unique profile using the business information provided. Once the profile has been created and approved, the phone numbers will be added to the STIR/SHAKEN table. This process should take no more than 5 business days. The Ring.io team will keep you updated throughout the entire process.

If you have further questions about STIR/SHAKEN, please contact our support team by email at support@ring.io or by phone at 888-727-5776.



Did this answer your question?