STIR/SHAKEN explained

Updated 2026-05-03

STIR/SHAKEN is the FCC's framework for cryptographically verifying that a caller ID hasn't been spoofed. Carriers have been required to implement it since 2021, but plenty of robocalls still slip through. Here's why.

What it actually does

When a call originates on a STIR/SHAKEN-enabled network, the carrier signs the caller ID with a digital certificate. The receiving carrier verifies the signature and rates the call as A (fully verified), B (partially), or C (unverified). Some carriers display this as a 'verified' checkmark on your phone.

Why it doesn't catch everything

Calls from older networks, foreign carriers, and some VoIP providers can't be signed. Smaller carriers had longer compliance deadlines. And spoofed numbers from countries that don't use STIR/SHAKEN reach US recipients without verification.

How to use it as a signal

Treat verified caller ID as 'probably real, but not proof'. For anything important — bank, IRS, police — hang up and call back on a verified official number from a different phone if possible.

Frequently asked questions

Can scammers spoof my own number?

Yes — 'self-spoofing' uses your own number as the caller ID. Receiving a call from your own number means it's spoofed; you didn't call yourself.