Lately, I’ve been receiving a wave of junk calls from numbers that—when I call them back—are not in service. It’s frustrating and puzzling, especially considering the implementation of STIR/SHAKEN protocols that are supposed to help verify caller identity and reduce spoofing.
I understand that legitimate numbers might still slip through, but how are calls from completely non-existent numbers getting signed and delivered? Who’s signing these calls, and how are they bypassing basic verification?
Has anyone else in the community experienced this? I’d be interested to hear if others are seeing similar patterns and whether any solutions or insights have surfaced.
Yes I get many junk calls from disconnected or spoofed numbers. What I see a lot are junk calls having a phone number similar to mine but with the four last digit changed. This is a social tactic to make the recipient think that the call is coming from somewhere close to them.
STIR/SHAKEN is still new and cannot be fully activated yet across the planet, even some cases are not yet covered in the US such as non-IP phone services. This protocol will report, for each call, a “trust” level on the CallerID, nothing else. Then, each phone operator will have the freedom to take the action they consider the best. It is like SpamAssassin for email: it gives a score of the likelihood that the message is a spam, then each user can configure a filter to act on it (trash it, add “SPAM:” to the subject, …).
At this time, STIR/SHAKEN is only implemented in the US. So if the caller ID is mapped outside the US it will come out as “unverifiable” (No attestation) by the protocol and the receiving provider may still choose to let it through. Also, providers outside of the US are not subject to any law requiring them to implement it.
STIR/SHAKEN is promising for controlling the legitimacy of phone call, but it will take many years to implement it at an efficient extent. In 2025, spammers/scammers still, unfortunately, have a lot of ways to circumvent it.