Lately, I’ve been receiving a wave of junk calls from numbers that—when I call them back—are not in service. It’s frustrating and puzzling, especially considering the implementation of STIR/SHAKEN protocols that are supposed to help verify caller identity and reduce spoofing.
I understand that legitimate numbers might still slip through, but how are calls from completely non-existent numbers getting signed and delivered? Who’s signing these calls, and how are they bypassing basic verification?
Has anyone else in the community experienced this? I’d be interested to hear if others are seeing similar patterns and whether any solutions or insights have surfaced.
Yes I get many junk calls from disconnected or spoofed numbers. What I see a lot are junk calls having a phone number similar to mine but with the four last digit changed. This is a social tactic to make the recipient think that the call is coming from somewhere close to them.
STIR/SHAKEN is still new and cannot be fully activated yet across the planet, even some cases are not yet covered in the US such as non-IP phone services. This protocol will report, for each call, a “trust” level on the CallerID, nothing else. Then, each phone operator will have the freedom to take the action they consider the best. It is like SpamAssassin for email: it gives a score of the likelihood that the message is a spam, then each user can configure a filter to act on it (trash it, add “SPAM:” to the subject, …).
At this time, STIR/SHAKEN is only implemented in the US. So if the caller ID is mapped outside the US it will come out as “unverifiable” (No attestation) by the protocol and the receiving provider may still choose to let it through. Also, providers outside of the US are not subject to any law requiring them to implement it.
STIR/SHAKEN is promising for controlling the legitimacy of phone call, but it will take many years to implement it at an efficient extent. In 2025, spammers/scammers still, unfortunately, have a lot of ways to circumvent it.
In the past I got lots of spam calls, but this is no longer the case. Regarding your numbers that are spammed, here are some things you can do, in any combination:
use IVR to block robocalls
use IVR specifically for your own area code to block “false friend” calls
use caller ID filtering to block area codes from which you don’t expect legitimate calls
if needed use caller ID to block calls from certain countries
use caller ID filtering to block calls from toll-free numbers
use caller ID filtering to block non-NANPA numbers
route calls to voice mail (provide your own announcement) and don’t call back numbers of callers who haven’t left a message
set the spam afflicted account(s) to block incoming calls by default and use caller ID filtering to allow calls from known numbers only (“whitelisting”)
use caller ID filtering to let numbers you know go directly to your device and other numbers to IVR or voice mail (“partial whitelisting”)
make use of the information in the caller log to fine-tune your filters
set up one phone number for calls that you think you always want to answer (work, friends, family) and additional numbers for other purposes (banking, online shopping, one-time passwords, contact number shown on website and printed on business cards, etc.) - if you ever have to (or wnat to) change one of those numbers, it does not affect your other correspondents (the same approach is, by the way, also useful with email addresses)
set up a new number, wait a while to see if it gets spammed - if yes, delete it, if not, switch your correspondents over to it and then delete the old number
