How it works
Right now, when you place an outbound call, you are only sending the 10 digits of your Caller ID to the PSTN and eventually to the person you are trying to call. Today it is up to you, the customer, to provide accurate information to Skyetel so that we can send it to the called party. STIR/SHAKEN changes that relationship and makes Skyetel verify that the Caller ID information that you are sending is indeed accurate.
This is accomplished by the Skyetel Network administratively adding a new “Identity” header in the SIP Invite that we send on your behalf to the PSTN. Don’t worry – there is no personally identifying information in these headers; the information in them only references Skyetel – not our customers directly. However, by us signing these INVITES, we are guaranteeing to the called party that we have a verified relationship with the calling party and can facilitate tracebacks in cases of fraud. (this means we can help the FCC, DOJ, FBI, etc find people if they do something shady)
In practice – this is what we are doing. Here is what an ordinary INVITE looks like:
2020/12/11 17:24:12.341981 126.96.36.199:5060 -> 172.31.45.185:5060 INVITE sip:[email protected]:5060 SIP/2.0 Via: SIP/2.0/UDP 188.8.131.52:5060;branch=z9hG4bK08Bc3d92f8ac0e935ef From: "Mr. Bigglesworth" <sip:[email protected]>;tag=gK086eed46 To: <sip:[email protected]> Call-ID: [email protected] CSeq: 456910 INVITE Max-Forwards: 70 Allow: INVITE,ACK,CANCEL,BYE,OPTIONS Accept: application/sdp Contact: "Mr. Bigglesworth" <sip:[email protected]:5060> Supported: replaces Content-Length: 283 Content-Disposition: session; handling=required Content-Type: application/sdp P-Asserted-Identity: "Mr. Bigglesworth" <sip:[email protected]:5060>
This is what an INVITE with STIR/SHAKEN support looks like:
2020/12/11 17:21:39.325532 172.31.45.185:5060 -> 184.108.40.206:5060 INVITE sip:[email protected]:5060;transport=udp SIP/2.0 Record-Route: <sip:220.127.116.11;lr=on;ftag=as268efb7c;did=d04.3742;vsf=RmlyZUhvcnNlRXZlbmluZ0JwZ2t6dUVGamlnVWpK;vst=RyZVJodndgRHVlZmRoFTEmZSowM0AANCglDXkRHAg-> Via: SIP/2.0/UDP 18.104.22.168:5060;branch=z9hG4bKed28.81ffc2e2ff34f8b11bba45596436de00.0 Via: SIP/2.0/UDP 192.168.98.184;branch=z9hG4bKsr-VmFBb7lHSyZcpNk5Se1wboxIboxHSeSO6oVGUokv10coETFIETBZS7BHSoxGboxGSydwUvcx5ZEAFI6I9w4TaoYKDi6T2qUA9bUIE0ETlIS71v1uRz1uBZUekISk** Max-Forwards: 69 From: "Jack Sparrow" <sip:[email protected]>;tag=as268efb7c To: <sip:[email protected]> Contact: <sip:192.168.98.184;line=sr-1IFG6shOUek7Uo476KxGSxk7UydwSekHSekGbolmUKrDSK4G6INhYTN7geSmbolOSydOSKkHSoBm-oVGUjSB**> Call-ID: !!:U7lwEKcsEKxwSAEs4eEF6eEQUeBdU74mUKlGEe5dUeEkSe1wboxIboxHSeSO6oVGUok* CSeq: 102 INVITE User-Agent: FPBX-12.0.68(11.20.0) Date: Fri, 11 Dec 2020 17:21:39 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer Content-Type: application/sdp Content-Length: 264 Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cDovL3NreWV0ZWwuY29tL3N0aXIvY2Vy 5wZW0ifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNjI2MzIxMTk0MiJdfSwiaWF0IjoxNjA3NzA3Mjk5LCJvcmlnIjp7InRuIjoiKzE1MDM2N 4MTAwIn0sIm9yaWdpZCI6IjI3NmFmZDY2LWIzNGUtNGM2Yy05NjY0LWNiNDM3MWFkNTFmZSJ9.NxLx0D2MNvkw4UKrE53yakHaNgct1Se7zNqmqhLZgGd8 Q7WhRaOauEJ954u0ylgPff44Oyd5UU40HR33e_7Q;info=<http://skyetel.com/stir/cert.pem>;>alg=ES256;ppt=shaken P-Asserted-Identity: "Jack Sparrow" <sip:[email protected]>
That new Identity header with all of the gibberish in there is fundamentally what differentiates STIR/SHAKEN traffic from how things are done today. Inside all of that gibberish contains two things – our signature (the gibberish itself) and a URL where the recipient can verify that the gibberish did indeed come from us.
Inbound Calls with STIR/SHAKEN support sort of work in reverse of how outbound calls work. When Skyetel receives an INVITE with the Identity header inside of it, it will contain a URL for us to lookup and validate that the party who’s mentioned in the Identity header did indeed send the call.
When Skyetel receives calls like this, we will verify these calls as part of our normal originating process and send them to your PBX just like we do now. However – we will add a new SIP Header for your PBX to process called “X-STIR-Verified:.” In cases where the calling party passed verification, the result of this will be “True” and in cases where no STIR/SHAKEN data was present, or the call did not verify, this will be “False.” Here’s an example:
2020/12/11 17:24:12.341981 22.214.171.124:5060 -> 172.31.45.185:5060 INVITE sip:[email protected]:5060 SIP/2.0 Via: SIP/2.0/UDP 126.96.36.199:5060;branch=z9hG4bK08Bc3d92f8ac0e935ef From: "Mr. Bigglesworth" <sip:[email protected]>;tag=gK086eed46 To: <sip:[email protected]> Call-ID: [email protected] CSeq: 456910 INVITE Max-Forwards: 70 Allow: INVITE,ACK,CANCEL,BYE,OPTIONS Accept: application/sdp Contact: "Mr. Bigglesworth" <sip:[email protected]:5060> Supported: replaces Content-Length: 283 Content-Disposition: session; handling=required Content-Type: application/sdp X-STIR-Verified: true P-Asserted-Identity: "Mr. Bigglesworth" <sip:[email protected]:5060>
We will also add a new field to the CDR export so you can review what inbound calls passed or failed STIR validation. In addition to these immediate changes, we have other features on the 2021 roadmap that will allow you to filter calls based on their STIR validation – but that’s a subject for a different article!
What The Future Holds
STIR/SHAKEN is a huge step forward in telecom for two reasons.
- STIR/SHAKEN will make call spoofing a thing of the past
- STIR/SHAKEN will, eventually, end robocalling. Sorta…
Most immediately, STIR/SHAKEN will put an end to call spoofing. We’re about to enter into a world where people calling your Grandma claiming to be from Microsoft will no longer be feasible. Sure – they technically could still place those calls – however they’d be easy to find and prosecute.
Additionally, once Caller ID information is verified, it’s possible to transmit additional and verified information in the call beyond just a phone number. Instead of an unsolicited (but STIR verified) call from “(800) 221-1212,” it will say “Delta Airlines calling in regards to your upcoming flight.”
That leads to the other goal of STIR/SHAKEN – ending Robocalling… sorta. When customers think of robocalling, they think of random people from overseas calling their cell phone a thousand times selling them a car warranty. By forcing these spammers to accurately identify themselves, they’ll be much easier to find and stop. In almost all cases, modern spam calling is done in violation of laws that are already written and heavily enforced. By being able to quickly find and prosecute violators of these laws, it will suddenly be a lot more expensive and risky to randomly call you and try and sell you a car warranty for a car you don’t even own.
However, not all robocalling is illegal. This is where the “sorta” comes in. There are legal reasons for you being robocalled. The most common robocall that you actually want are things like your children’s school being closed for snow days, your bank calling you about fraudulent activity, or Delta Airlines calling you about your flight. These are the robocalls that you want – and are authorized under laws like the TPCA.
There are also robocalls that are legal that you don’t want. Your insurance company calling you to try and sell you a new policy are both unsolicited and unwanted. However, they’re also probably legal – most companies will have “we can robocall you” in their terms of service. STIR/SHAKEN will not impact these kinds of calls. That being said – once the FCC has the ability to quickly find and prosecute violators of laws, they can get more and more precise with how consumers are allowed to be pestered. This is a dramatic change to the status quo – the FCC can write all kinds of laws, but if they can’t stop violators they aren’t worth the paper they are printed on.
What Skyetel is doing
Skyetel is actively working on our STIR/SHAKEN update and will be fully compliant by the middle of next year. Our goal is to have outbound calls verified by the end of February 2021 (though we’ll probably have it done sooner than that) and inbound verification soon thereafter. Once we have completed the technical updates to our network, our portal will let you verify your traffic if our magical systems are not able to do it automatically.
- Will you be automatically verifying my traffic?
Yes. All outbound calls that originate using Caller ID information of phone numbers on the Skyetel network will automatically be verified. If you use Skyetel as your only carrier, this should mean that almost all of your outbound calls will be verified immediately and without any action on your part.
- What about traffic that does not come from my Skyetel DIDs?
We will offer an additional process for customers who need to verify traffic that has Caller ID information that does not match their Skyetel DIDs. We will provide additional information about this in the new year.
- What will happen to my traffic if it is not verified by STIR/SHAKEN?
Your traffic will continue to flow normally, and in the short term, nothing should change. To our knowledge, no end user carrier will begin blocking or filtering non-verified traffic immediately. However, over time, the intention of STIR/SHAKEN is that non-verified traffic will be treated differently, and it is very likely that consumer cell phone apps will begin filtering this traffic. We do not know how quickly the market will adapt to this change, so we recommend verifying your traffic as soon as possible.
- How much will this cost?
We are still determining what our costs are going to be for this process, so we don’t quite know for sure yet. As of this writing, we plan to offer STIR/SHAKEN completely free. This might change though – so please keep an eye out for our official announcement.