Why Am I Still Getting Spam Calls Despite the STIR/SHAKEN Mandate?

Why Am I Still Getting Spam Calls Despite the STIR/SHAKEN Mandate?

Silicon Valley, Dec 17, 2025 — For years, the telephone was a “dark” network where anyone could claim to be anyone. But as we move through 2025, a massive technological invisible shield known as STIR/SHAKEN has become the standard defense against the multibillion-dollar robocall industry.

Here is an in-depth look at what this protocol is, how it functions, and why—despite its sophistication—the fight against phone fraud is far from over.

What is STIR/SHAKEN?

STIR/SHAKEN is not a single app, but a technical framework adopted by U.S. and Canadian carriers (like AT&T, Verizon, and T-Mobile) to authenticate caller identities.

• STIR (Secure Telephone Identity Revisited): The “technical” part. It creates a digital signature for every call, much like a secure certificate for a website (HTTPS).

• SHAKEN (Signature-based Handling of Asserted Information Using toKENs): The “operational” part. It defines how carriers must handle these signatures as they pass through different networks.

In essence, it acts as a Digital Passport Control. When a call reaches your phone, the system checks if the “passport” (the phone number) is genuine or a fake printed in a scammer’s basement.

How It Works: The Three Levels of Trust

When a call is initiated, the originating carrier evaluates the caller and attaches one of three Attestation Levels to the call’s digital token:

1. Level A (Full Attestation): The carrier knows exactly who the caller is and confirms they have the legal right to use that specific number. (e.g., You calling from your personal iPhone).

2. Level B (Partial Attestation): The carrier knows who the caller is but can’t verify if they own the number (common in large corporate PBX systems).

3. Level C (Gateway Attestation): The lowest trust level. The carrier only knows where the call entered their network (common for international calls or “gray” traffic).

The Result: On your smartphone screen, a “Level A” call often displays a green checkmark or the words “Caller Verified.”

Can It Eradicate Phone Fraud?

The short answer is no. While STIR/SHAKEN has made “neighbor spoofing” (where scammers mimic your local area code) much harder, it has not “cured” the problem for several reasons:

1. The “Verified Scammer” Problem

In 2025, professional scam syndicates have pivoted. Instead of spoofing numbers, they now legally purchase thousands of real phone numbers. Because they own these numbers, they receive a “Level A” rating. To your phone, the scammer looks as legitimate as your local pharmacy.

2. The Rise of AI Voice Cloning

The most dangerous trend of 2025 is the explosion of AI-generated vishing (voice phishing). Scammers no longer need a “trusted” number if they can mimic the voice of your boss, child, or bank representative. STIR/SHAKEN verifies the number, but it cannot verify the voice or the intent of the caller.

3. International Loopholes

While the U.S. FCC has cracked down on “gateway providers” (the companies that allow foreign calls into the U.S. network), international traffic remains a weak link. Many countries have not yet implemented STIR/SHAKEN, allowing unverified calls to slip through the cracks.

The Bottom Line

STIR/SHAKEN is a critical foundation for a secure network, but it is a filtering tool, not a total solution.

As of late 2025, telecom experts suggest that the “verified” checkmark should be treated like a driver’s license: it proves the caller has “ID,” but it doesn’t prove they are a good driver.

Consumers are still advised to remain vigilant, use secondary verification (like a “safe word” with family), and never share sensitive data over an unsolicited call—verified or not.