T-Mobile, AT&T and Verizon have rolled out the FCC’s anti-spoofing protocol

T-Mobile, AT&T and Verizon have rolled out the FCC’s anti-spoofing protocol

To combat spam calls and robocalls in the US, the Federal Communications Commission (FCC) set a deadline for the mandatory adoption of the STIR/SHAKEN protocol in March last year. The mandate required major carriers to comply with the anti-spoofing system for IP calls by June 30, 2021, and verify all calls using cryptographic certificates. All three major carriers in the region, T-Mobile, AT&T, and Verizon, have now confirmed that they’re fully compliant with the protocol.

As per a recent report from The Verge, T-Mobile has announced that it’s now certifying that calls from its network are protected against impersonation by scam callers using the STIR/SHAKEN protocol. Verizon has also confirmed that it’s using the anti-spoofing protocol to verify that the number that shows up on the caller ID is, in fact, the number that’s calling. Similarly, an AT&T spokesperson has revealed that the carrier has also met the deadline, and it now ensures that “all LTE and 5G calls originating on [its] wireless network are STIR/SHAKEN compliant.”

For the unaware, STIR/SHAKEN stands for “Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information Using toKENs.” It’s one of the best lines of defense against robocalls, as it requires the carrier to verify and sign calls originating from its network using cryptographic certificates. The certificate is then verified again by the destination network, preventing scammers and robocallers from spoofing their phone numbers.

It’s worth noting that the June 30, 2021 deadline is only for major carriers. Smaller carriers with less than 100,000 subscribers are exempt until June 30, 2023. However, the FCC is considering shortening that deadline.

To keep track of the carrier’s robocall mitigation efforts, the FCC has also set up a Robocall Mitigation Database. The agency requires voice service providers to file certifications of their mitigation efforts in the database, including their STIR/SHAKEN implementation status. So far, over 1,500 voice service providers have filed in the database, the FCC revealed in a press release. Over 200 voice service providers have certified to full STIR/SHAKEN implementation and “hundreds more have certified to partial implementation.” The FCC further added that if a service provider’s certification doesn’t appear in the Robocall Mitigation Database after September 28, 2021, it will prohibit intermediate and other voice service providers from directly accepting the provider’s traffic.

About author

Pranob Mehrotra
Pranob Mehrotra

A Literature and Linguistics graduate with a keen interest in everything Android. When not writing about tech, Pranob spends most of his time either playing League of Legends or lurking on Reddit.