Skip to main content
Why Kadence Products AI Agents How It Works The Edge Results FAQ
STIR/SHAKEN caller ID authentication spam likely attestation outbound compliance number reputation insurance agency operations robocall compliance 6 min read

What Is STIR/SHAKEN Caller ID Authentication in Outbound Calling?

STIR/SHAKEN: STIR/SHAKEN is an FCC-mandated cryptographic framework that attaches a digital certificate to SIP-signaled outbound calls, verifying that the originating caller is authorized to use the displayed number and has not spoofed it. It assigns one of three attestation levels (A, B, or C) based on how fully the originating carrier can verify both the caller's identity and their authorization to use the specific outbound number.

STIR/SHAKEN caller ID authentication is an FCC-mandated cryptographic framework that attaches a digital certificate to every SIP-signaled outbound call, confirming that the caller's number has not been spoofed. Per TNS data, 85% of inter-Tier-1 carrier traffic was signed by 2024, with 93% of that signed traffic achieving the highest trust level. For insurance agencies, it is the foundation of whether your calls are answered or ignored.

What is the STIR/SHAKEN authentication framework?

STIR/SHAKEN is a cryptographic call-signing protocol mandated by the FCC to verify that a caller is authorized to use the outbound number being displayed. It works by attaching a digital certificate, called a PASSporT token, to SIP-signaled calls as they traverse carrier networks. Per the Federal Register, all voice providers with an implementation obligation must obtain their own certificates and directly authenticate their calls effective June 20, 2025.

The acronym breaks into two standards: STIR (Secure Telephone Identity Revisited) defines the cryptographic token format, while SHAKEN (Signature-based Handling of Asserted information using toKENs) defines how carriers implement and exchange those tokens across networks. As noted by NICE, the framework was designed in direct response to the robocall crisis: US consumers received approximately 60 billion robocalls in 2019 alone. By embedding a verifiable signature at call origination, receiving carriers and analytics engines can assess trust before the phone ever rings. However, as Bandwidth and Numeracle both note, STIR/SHAKEN authenticates identity, not intent. A fully signed call can still be flagged as spam by third-party analytics platforms based on dialing behavior.

Why are my insurance agency's outbound calls being flagged as 'Spam Likely'?

An outbound number is flagged as 'Spam Likely' when third-party analytics engines detect behavioral patterns that match robocall or harassment profiles, regardless of STIR/SHAKEN authentication status. According to Arbeit Software, up to 52% of outbound agents are flagged as spam when dialing leads without their knowledge. A 'Spam Likely' label can suppress answer rates by up to 90%, per industry benchmarks.

The analytics layers sitting on top of STIR/SHAKEN, operated by providers like TNS and First Orion, score calls based on volume, duration, and complaint data. SecureLogix and Aloware both note that these systems operate independently of the authentication layer: a Level A signed call can still be scored negatively if the dialing profile looks like a campaign. Per TransNexus data from March 2026, total network coverage for STIR/SHAKEN dropped 1.8% to 42.7%, which means a meaningful share of calls still traverse gaps where authentication is absent and analytics flags go unchallenged. Agencies dialing from shared VoIP pools, or running high-velocity outbound without call hygiene protocols, expose themselves most.

What do Level A, B, and C attestation ratings mean for my calls?

STIR/SHAKEN assigns three attestation levels: A, B, and C, representing the degree to which a carrier can verify both the caller's identity and their authorization to use the outbound number. Level A (Full Attestation) is the highest trust designation and is required for optimal deliverability. Per TNS, 93% of signed inter-Tier-1 traffic achieves Level A.

Attestation Level What It Means Trust Signal
A (Full) Provider verified identity AND number authorization Highest: displayed cleanly on most receiving devices
B (Partial) Provider verified identity, but NOT number authorization Medium: may trigger secondary analytics review
C (Gateway) Neither identity nor number authority verified Lowest: often assigned to calls transiting legacy SS7 or TDM networks

As AWS documentation and Verizon both note, routing call traffic through legacy TDM or SS7 networks strips the digital authentication token, automatically dropping the call to Level C. For insurance agencies operating outbound dialers, Level C is effectively a spam risk by default. Sangoma's technical guide confirms that even partial attestation (Level B) can invite additional scrutiny from carrier analytics engines at receiving end.

How can an insurance agency achieve Level A attestation?

Achieving Level A attestation requires completing full Know Your Customer (KYC) verification with your VoIP service provider, proving your business identity and your legal authorization to use each specific outbound number. This is a compliance step your carrier controls, not your dialer vendor. Without completed KYC, your provider can only assign Level B or Level C at best.

The practical steps, per the Tendril SOP guide and CallTools compliance documentation, are: register your business entity with your VoIP provider, submit documentation proving ownership or authorization for every outbound number, avoid routing calls through any PSTN gateway that falls back to TDM or SS7, and confirm your provider holds a valid SHAKEN certificate through the FCC's STIR/SHAKEN certificate authority. Agencies using Kadence's Voice AI for outbound are operating on a VoIP infrastructure where compliance-aware call routing is part of the platform design, which supports clean attestation paths. Still, KYC completion is a step each agency completes directly with their carrier.

What operational benchmarks protect an outbound caller ID reputation?

Beyond authentication, three behavioral benchmarks determine whether analytics engines flag your numbers as spam: call volume per number per day, average call duration, and complaint rate. Staying within these thresholds keeps a clean number reputation even under high-volume outbound campaigns.

Benchmark Safe Threshold Flag Trigger
Calls per number per day Under 100 Over 100 per number raises algorithm flags
Average call duration Over 30 seconds Under 15 seconds per call triggers negative scoring
Spam complaints Minimize via consent-based dialing Any pattern of confirmed complaints accelerates flag escalation

Per SalesHive and ProspectBoss documentation, rotating numbers across a pool, monitoring number reputation through services like Free Caller Registry, and suppressing DNC-listed numbers are the core hygiene practices. Kadence ties DNC suppression and consent capture directly to every outbound call, which reduces complaint exposure at the source. For agencies running multi-producer outbound at scale, building a dialing rotation that keeps each number under the 100-call daily threshold, while monitoring average durations, is the operational discipline that keeps attestation gains from being erased by analytics penalties.

What are the federal compliance requirements for STIR/SHAKEN?

The STIR/SHAKEN mandate is codified under the TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act) and enforced by the FCC, requiring all voice service providers to implement the framework or file a robocall mitigation plan. Per the Federal Register filing dated August 19, 2025, the call authentication trust anchor obligations now require direct certificate authentication from providers with an implementation obligation as of June 20, 2025.

The FCC's rules do not mandate that businesses achieve Level A attestation directly, as that is a carrier-level obligation. However, agencies bear indirect compliance exposure: if your outbound calls are consistently landing at Level C because of network routing choices, and generating spam complaints, carriers can block your traffic under their robocall mitigation obligations. Mintz's May 2025 regulatory update notes that TCPA and STIR/SHAKEN compliance intersect especially tightly for AI-assisted calling, where consent documentation and call authentication both need to be airtight. Agencies should confirm their specific compliance posture with legal counsel, particularly as FCC enforcement has continued to expand in scope.

For teams that want to close the gap between authentication, dialing hygiene, and lead response speed in one system, to see how Kadence is built for compliant outbound at insurance agency scale.

Sources

Frequently asked questions

Does completing STIR/SHAKEN compliance guarantee my calls will not be flagged as spam?

No. STIR/SHAKEN authenticates caller identity but does not assess call intent. Third-party analytics platforms from providers like TNS and First Orion score calls separately based on volume, duration, and complaint data. A fully signed Level A call can still be flagged if dialing behavior matches robocall patterns.

What happens if my VoIP provider routes calls through a legacy TDM or SS7 network?

Routing through legacy TDM or SS7 networks strips the SHAKEN digital token, dropping your attestation to Level C regardless of your KYC status. Level C is the lowest trust designation and is treated by receiving carrier analytics as an unauthenticated call, significantly increasing spam flag risk.

How often should an insurance agency audit its outbound number reputation?

Audit outbound number reputation at minimum monthly using free tools like the Free Caller Registry and carrier-specific lookup portals. Numbers accumulating spam complaints or behavioral flags need rotation and remediation before the pattern embeds in analytics databases, which can take weeks to clear.

Do STIR/SHAKEN rules apply to AI voice agents making outbound calls?

Yes. AI voice agents placing outbound calls traverse the same carrier infrastructure and are subject to the same STIR/SHAKEN attestation scoring as live-agent calls. Per Telnyx guidance, AI-originated calls also face stricter TCPA consent requirements for artificial or prerecorded voice, making both authentication and consent documentation critical.

Share

Written by

Kadence Team

Kadence is the growth system for life insurance teams: a CRM with Voice AI, an AEO website, and done-for-you content. We write about speed to lead, AI search, CRM hygiene, and the systems that help agencies win more policies.

This article was created with AI assistance.

Book a demo