Skip to main content

The three major US carriers have implemented the FCC’s anti-spoofing system

The three major US carriers have implemented the FCC’s anti-spoofing system


The deadline for STIR/SHAKEN certification is today

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

A phone screen showing an incoming robocall
Photo by Chris Welch / The Verge

T-Mobile announced on Wednesday that it is fully compliant with the FCC’s new anti-spoofing protocol, telling the FCC that its now certifying that calls from its network are protected against impersonation by scam callers using the STIR/SHAKEN protocol.

Verizon also announced that it’s verifying that the number that shows up on your caller ID is actually the number that’s calling you using the same STIR/SHAKEN protocol. The two major carriers announcing their progress on the same day isn’t a coincidence — Wednesday, June 30th, is the deadline the FCC set for major carriers to implement STIR/SHAKEN. An AT&T spokesperson told The Verge that the carrier also met the deadline, as it filed on the 29th, and said that “all LTE and 5G calls originating on [its] wireless network are STIR/SHAKEN compliant.”

The protocol works to prevent scam and spam callers from spoofing their number

The protocol, with its James Bond-themed name, works to prevent scam and spam callers from spoofing their number and showing up on your caller ID as a local caller. The FCC hopes that carriers implementing it will help stem the tide of robocalls that have made many of us scared of our phones’ actual phone function. In a press release put out on Wednesday (pdf), the commission stated that over 1,500 voice providers have filed to be included in its Robocall Mitigation Database, with over 200 of those providers being fully certified.

The Wednesday deadline set by the FCC is only for major carriers — smaller carriers with fewer than 100,000 subscribers will be exempt until June 30th, 2023, though the FCC is considering shortening that timespan (pdf). The major carriers that haven’t certified themselves as compliant may face an unspecified “appropriate enforcement action” from the FCC and will run into even more trouble come September. Beginning September 28th, according to the FCC (pdf), carriers will have to stop accepting traffic from providers that aren’t in the robocall database — it’s hard to imagine customers being too happy that they’re not able to reach their friends or family who are on T-Mobile or Verizon.

While this may mean a significant drop in spam calls, it’s not bulletproof

In its press release, T-Mobile says that its STIR/SHAKEN network covers calls from 98 percent of US wireless customers, including those using carriers like AT&T, Verizon, Google Fi, and Comcast. Verizon says that its validation network covers 80 percent of the US wireless industry, and AT&T said in a recent press release that it blocks or labels over a billion robocalls a month.

The STIR/SHAKEN protocol isn’t a total solution to the robocall problem, and it won’t keep your phone from ringing when a scammer calls you unless your carrier is doing additional blocking using the data from it. Fierce Wireless also points out that carriers still have to contend with international calls, which is no small task, and legacy phone systems are exempt from the requirements. Still, the next time you get a phone call, you may be able to see whether the number that’s calling you is actually who it claims to be.

Update, June 30th, 6:30PM ET: Added more info about AT&T’s compliance.

Update, June 30th, 5:50PM ET: Updated with information about AT&T’s rollout.