Most cloud-phone vendors treat caller-ID attestation as a higher-tier feature. Carriers do not. Here is why we made it default — and what it changed for outbound answer rates.
STIR/SHAKEN is the framework US and Canadian carriers use to cryptographically vouch for the caller-ID on an outbound call. STIR is the protocol (Secure Telephone Identity Revisited). SHAKEN is the carrier-side governance layer that says which call gets which attestation level. Together they let a downstream carrier prove that the caller-ID on a call has not been spoofed in transit.
There are three attestation levels. A-level means the originating carrier authenticated both the caller and the right to use the number. B-level means the carrier authenticated the caller but cannot vouch for the number. C-level is "we know who handed us this call but nothing else." Anything below C is unsigned, and unsigned calls are increasingly treated as suspect.
The FCC mandate for STIR/SHAKEN on IP voice networks has been in effect since 2021. What changed in the last 18 months is that the major US mobile carriers — Verizon, T-Mobile, AT&T — moved from "we look at attestation" to "we score answer-rate and spam-tag likelihood largely based on attestation." That is the part that changed the economics for our customers, and that is why we stopped treating attestation as optional.
Attestation costs the carrier real money. To sign A-level, the originating carrier has to verify the customer's right to use the number, maintain a certificate from an authorised STI-CA (Secure Telephone Identity Certificate Authority), and operate signing infrastructure. The certificate fees are not trivial. The Know-Your-Customer and number-ownership audits are not trivial.
So most cloud-phone vendors do the math and conclude that attestation should be a higher-tier feature: free customers and starter plans get C or no attestation, paid plans get B, enterprise plans get A. This is rational from the vendor's P&L. It is irrational from the customer's P&L.
The customer is paying for outbound calls that connect. A B-attested call from a starter plan into a Verizon mobile number has a meaningfully lower connect rate than an A-attested call. The starter customer is not actually saving money; they are paying for traffic that does not complete, and paying for it twice — once in carrier minutes and once in the deals they never close because the call was tagged as spam.
When we shipped A-level attestation as the default for every plan, we tracked answer-seizure-ratio (ASR) for outbound calls to the three big US mobile carriers, before and after, on a customer-by-customer basis. The numbers were unambiguous.
The customers most affected were dental practices, healthcare scheduling, home services, and any other business that places calls to confirm appointments. Those are also the businesses that complain hardest about "the AI calls customers and they never pick up." It turns out a meaningful fraction of "they never pick up" was actually "the call was tagged Spam Likely before the phone rang."
A-level attestation requires that we, as the originating carrier, verify the customer has the right to use the calling number. There are three ways this happens for us.
For numbers provisioned through Ajoxi, the verification is automatic — we issued the number and we own the chain of custody. This is the vast majority of outbound traffic on the platform.
For ported-in numbers, the verification happens at port-completion. Once the LNP (Local Number Portability) confirmation arrives, we update our STI-PA (Policy Administrator) record to associate the number with the customer's account, and A-attestation activates within 15 minutes.
For BYOC (Bring Your Own Carrier) numbers, where the customer wants to use Ajoxi for outbound but keep their existing carrier for inbound, we run a one-time attestation challenge: we place a brief test call from the BYOC number and confirm that the customer can produce a unique token delivered by the test call. Until that challenge passes, the number signs at B-attestation, not A.
There are three places where the system does not behave the way you might expect, and we have learned to surface them clearly rather than silently degrade.
The first is international outbound. STIR/SHAKEN is a North American framework. Calls to most other regions either ignore the attestation or strip it at the border. We attest where applicable and we are explicit that the framework provides no benefit outbound to, say, Germany.
The second is aged-number reputation. Even with A-attestation, a brand-new number with no call history is treated more suspiciously by carrier spam analytics than a number with six months of normal usage. We warn customers when they start a high-volume campaign on a fresh number, and we recommend a 7–10 day warm-up at moderate volume.
The third is display name vs caller-ID. STIR/SHAKEN attests the calling number, not the CNAM (Caller Name) text that some carriers display alongside it. CNAM is a separate database lookup, and one with a wildly inconsistent industry track record. Some carriers cache CNAM for 30 days; some never refresh it. We update CNAM at provisioning and again on any branded-name change, but customers should expect a multi-day propagation window before downstream carriers reflect it.
A-attestation is not a free pass. It tells the destination carrier "we can prove who this is from and that they have the right to use this number." It does not tell the destination carrier "this caller is well-behaved." A customer who dials the same residential number 14 times in two days will still get spam-tagged, A-attestation or not.
The carrier spam analytics models look at attestation, call frequency, ratio of completed-to-attempted calls, calling-pattern similarity to known spam patterns, and direct user reports (the "Report Spam" button in the dialer). Attestation gets you onto the right side of the first input. The rest is up to the calling behaviour, and behaviour is something we can shape but not police.
What we can do — and what comes bundled with attestation on our platform — is automatic rate limiting against per-destination dial caps, a deduplication window that blocks repeat dials to the same number within a configurable interval, and a "do not call after N attempts" rule that applies across the account.
Because the customer of a $29/month plan dialling to confirm appointments has the same need as the customer of a $2,900/month plan dialling to confirm appointments. The marginal cost of attesting one more call once the certificate infrastructure is paid for is a rounding error. The marginal benefit to the customer is large — and concentrated on the smaller customer who would otherwise be priced out of the feature that actually keeps their business running.
The other reason is that the industry default is shifting fast. Within 24 months, unsigned outbound traffic in the US will be the exception rather than the rule. Vendors who held attestation behind a paywall in 2025 will be quietly making it default in 2027 because their customers will demand it. We would rather do it now, on our terms, than do it later because the market forced us to.
There is no clever revenue lesson here. We made a feature default because it is the right default, and we priced the rest of the product so it still works. Sometimes the right product call and the right pricing call are the same call.
AI receptionists, wholesale routes, virtual numbers — built on one platform with transparent pricing and a 24/7 NOC.