STIR/SHAKEN is a framework or a set of protocols that’s designed to prevent caller ID spoofing, which is often used in robocalling. With it, carriers can validate that your calls originate from a trusted source. STIR/SHAKEN is used in the US only.
To implement STIR/SHAKEN, Plivo sends a custom SIP header, X-Plivo-Stir-Verification, as part of the SIP response. Plivo users will also see a parameter called STIR verification on the console under Zentrunk > Logs and on the call detail record (CDR) for each call.
Attestation is the stamp of the legitimacy of a call provided by the originating service provider, authenticating that the call originated from its network and is then passed to the terminating service provider for verification.
Three levels of call attestations are provided for calls originating from the Plivo network.
For outbound calls, STIR verification may have three possible statuses:
Plivo will sign outbound calls as Verified (attestation A) for calls that use a Plivo DID as caller ID. The DID used should be rented by the same Plivo account that originates the outbound calls. All other outbound calls, assuming they’re signed at all, are signed as Not Verified (attestation B or C).
Plivo strongly recommends that users place calls using Plivo-procured DIDs to ensure that calls going out of Plivo’s network receive A-level attestation.
In the SIP response, Plivo sends a header called X-Plivo-Stir-Verification whose value is one of the aforementioned three states.
Call signing logic is subjected to evolve as the STIR/SHAKEN ecosystem evolves.
Since toll-free prefixes are the same across North America, some calls to non-US toll-free numbers may have the status “Verified” or “Not Verified,” but since STIR verification is applicable only to US calls, the actual status should be read as “Not Applicable.”
SIP/2.0 200 OK From: <sip:+1NPANXXYYYY@xx.xx.xx.xx;transport=UDP>;tag=62d3ba76 To: <sip:+1NPANXXYYYY@yy.yy.yy.yy>;tag=N3ZgBy4N16DHD Call-ID: yMFRondjahf1S3RsuMbRkQ.. CSeq: 2 INVITE Supported: timer, path, replaces Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer Content-Type: application/sdp Content-Disposition: session Content-Length: 275 Remote-Party-ID: "+1NPANXXYYYY" <sip:+1NPANXXYYYY@xx.xx.xx.xx>;party=calling;privacy=off;screen=no User-Agent: Zentrunk Accept: application/sdp Allow: INVITE,ACK,CANCEL,BYE,UPDATE Via: SIP/2.0/UDP 192.168.1.37:39948;received=192.168.1.37;branch=z9hG4bK-524287-1---e94ad5197a8a6fa9;rport=39948 X-Plivo-Stir-Verification: Verified
Any inbound call that has an identity header as part of the SIP INVITE will be verified using a verification service, and a corresponding verification status will be presented in the custom SIP header X-Plivo-Stir-Verification.
For inbound calls, STIR verification may have three possible statuses:
Zentrunk will also pass through an identity header along with the PAID header if it received one from the originating service provider following verification. If Plivo receives the origID and the attestation indicator as part of enhanced verification status, it will pass this through along with the PAID header.
You can also see STIR verification values on the Zentrunk > Logs page of the console as part of CDR.
INVITE sip:+1NPANXXYYYY@customer_URI:5060;transport=udp;timeout=60;carrierid=trunk_id SIP/2.0 Via: SIP/2.0/UDP xx.xx.xx.xx:5060;branch=z9hG4bKa6b8.0edbd44d535baed2b0be4db0758cda90.0 Max-Forwards: 66 From: <sip:1NPANXXYYYY@zt.plivo.com>;tag=jaXtc270DSg6B To: <sip:+1NPANXXYYYY@customer_URI:5060;transport=udp;timeout=60;carrierid=trunk_id> Call-ID: 2daa2eef-cfe9-4dfb-a4b0-5bdb79dcfecf CSeq: 37104264 INVITE Supported: timer, path, replaces Allow-Events: talk, hold, conference, refer Content-Type: application/sdp Content-Disposition: session Content-Length: 230 User-Agent: Zentrunk Accept: application/sdp Allow: INVITE,ACK,CANCEL,BYE,UPDATE X-Plivo-Stir-Verification: Verified X-Plivo-Region: us-east-1 Contact: <sip:email@example.com> v=0 o=FreeSWITCH 1623296409 1623296410 IN IP4 xx.xx.xx.xx s=FreeSWITCH c=IN IP4 xx.xx.xx.xx t=0 0 m=audio 10886 RTP/AVP 0 101 a=rtpmap:0 PCMU/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=sendrecv a=ptime:20
Plivo is also working on sending in the P-Attestation-Indicator, to highlight the exact attestation level, and P-Origination-ID, for a traceback for robocalling.