STIR/SHAKEN explained
Updated 2026-05-03
STIR/SHAKEN is the FCC's framework for cryptographically verifying that a caller ID hasn't been spoofed. Carriers have been required to implement it since 2021, but plenty of robocalls still slip through. Here's why.
What it actually does
When a call originates on a STIR/SHAKEN-enabled network, the carrier signs the caller ID with a digital certificate. The receiving carrier verifies the signature and rates the call as A (fully verified), B (partially), or C (unverified). Some carriers display this as a 'verified' checkmark on your phone.
Why it doesn't catch everything
Calls from older networks, foreign carriers, and some VoIP providers can't be signed. Smaller carriers had longer compliance deadlines. And spoofed numbers from countries that don't use STIR/SHAKEN reach US recipients without verification.
How to use it as a signal
Treat verified caller ID as 'probably real, but not proof'. For anything important — bank, IRS, police — hang up and call back on a verified official number from a different phone if possible.
Frequently asked questions
Can scammers spoof my own number?
Yes — 'self-spoofing' uses your own number as the caller ID. Receiving a call from your own number means it's spoofed; you didn't call yourself.