On 6/30/21 11:30 AM, Sean Donelan wrote:
STIR/SHAKEN Broadly Implemented Starting Today https://www.fcc.gov/document/stirshaken-broadly-implemented-starting-today
WASHINGTON, June 30, 2021—FCC Acting Chairwoman Jessica Rosenworcel today announced that the largest voice service providers are now using STIR/SHAKEN caller ID authentication standards in their IP networks, in accordance with the deadline set by the FCC. This widespread implementation helps protect consumers against malicious spoofed robocalls and helps law enforcement track bad actors. The STIR/SHAKEN standards serve as a common digital language used by phone networks, allowing valid information to pass from provider to provider which, among other things, informs blocking tools of possible suspicious calls.
Just because you can know (fsvo "know") that a call is allowed to assert a number doesn't change anything unless other actions are taken. With DKIM which is far simpler than STIR it would require reputation systems that don't seem to have been deployed, submission auth which thankfully was deployed, policy enforcement (ie ADSP) which is not deployed, and user indicators which are sporadically deployed. Given the giant security holes caused by solving the wrong problem (ie trying to authenticate the e.164 address rather than the originating domain) it's just going to push spammers to exploit those holes. It's very much to be seen whether victory can be declared, IMO. Mike