WARP guide

STIR/SHAKEN: Caller ID Authentication on WARP

What STIR/SHAKEN caller-ID authentication is, how WARP signs your outbound calls, what verstat values mean on inbound calls, and how to ensure attestation A.

STIR/SHAKEN is the U.S. caller-ID authentication framework. It lets the phone company originating a call cryptographically sign it, so every carrier downstream — including the one delivering the call to the called party — can check whether the calling number was legitimately used by the person making the call.

WARP signs your outbound calls automatically and verifies signatures on calls delivered to you.

What STIR/SHAKEN Does

When your call leaves WARP heading toward the called party, WARP attaches a small cryptographic token (a PASSporT, carried in the SIP Identity header). That token says: here is the calling number, here is the carrier asserting it, and here is a signature proving neither was tampered with in transit.

Downstream carriers and terminating providers check that signature. If it verifies, they know the calling number is legitimate. If something went wrong — or if no signature is present — they can flag or display that to the called party.

One important constraint: STIR/SHAKEN works only over IP (SIP). It does not survive a TDM (traditional phone network) interconnect. Calls that touch a legacy circuit-switched segment lose the signature along the way, which is very common on calls originating from older networks.

Attestation Levels

Every STIR/SHAKEN signature carries an attestation level. This is what the signing carrier is claiming about the call.

LevelNameWhat it means
AFull attestationThe carrier knows the customer and has verified that the customer is authorized to use the calling number. Highest trust.
BPartial attestationThe carrier knows the customer but cannot confirm they own or are authorized to use that specific calling number.
CGateway attestationThe carrier only knows where the call entered its network. It cannot vouch for who originated it. Lowest trust.

Attestation A is the gold standard. It is the level most likely to display a checkmark or "Verified" badge on the called party's phone. Levels B and C are still valid signatures — they just convey less certainty about the calling number.

What WARP Does for Your Outbound Calls

WARP signs every outbound call it routes to the PSTN. You do not need to configure anything for signing to happen.

Attestation level you receive:

  • Attest A — when you place a call from a telephone number that is assigned to your WARP account. WARP knows you are the subscriber and that the calling number is yours.
  • Attest B — when the calling number (ANI) in the call is not one of your assigned DIDs, or when the call arrives at WARP without a valid ANI. WARP knows you as a customer but cannot verify the specific number.

If your equipment consistently presents a valid assigned DID as the calling number, your outbound calls will sign attest A consistently.

Ensuring Attestation A: POI Fallback

Some PBX or softphone configurations occasionally send calls without a valid ANI — an empty, private, or unrecognized calling number. When that happens, WARP cannot confirm the number is assigned to your account and signs at attest B.

A POI (Point of Interconnect) fallback number solves this. It is one of your own assigned DIDs that WARP uses as the presented calling number when no valid ANI is supplied. Because the fallback number is verified as yours, WARP can sign those calls attest A.

Your Ringer account team sets the POI fallback number on your account. If you want one configured, contact support. You choose which of your assigned numbers to use.

What verstat Means on Inbound Calls

When a call arrives at WARP for delivery to your equipment, WARP verifies the incoming STIR/SHAKEN signature and passes the result to you in the P-Asserted-Identity SIP header as a verstat parameter. Your PBX or SBC can read this value and act on it however your policy dictates.

verstat valueMeaning
TN-Validation-PassedA signature was present and verified correctly. The calling number is authenticated.
TN-Validation-FailedA signature was present but did not pass verification. Something changed in transit or the signature was malformed.
No-TN-ValidationNo usable signature was found. The call arrived without one.

No-TN-Validation is not a spam signal on its own. It is the normal result for any call that crossed a legacy TDM segment — which covers a large share of calls originating from traditional carrier networks, older PBXes, and many enterprise phone systems. If you receive a call from a business landline on an older network, you will frequently see No-TN-Validation. That is expected behavior, not evidence of spoofing.

WARP delivers the call regardless of the verstat result. WARP verifies and tags — it does not block based on STIR/SHAKEN alone. What you do with the verstat value on your equipment is your policy to define.

Seeing Your STIR/SHAKEN Results in the Portal

Every call's signing and verification outcome is visible in the WARP portal — no need to read SIP headers or ask support. Open the Call Statistics / CDR view. You see only your own calls.

The STIR/SHAKEN column. Each call row carries a badge that summarizes its result at a glance. The badge is direction-aware:

DirectionBadgeMeaning
OutboundAttest A / Attest B / Attest CWARP signed the call at that attestation level.
OutboundUnsignedThe call was not signed (e.g. no usable calling number).
InboundVerifiedTN-Validation-Passed — the incoming signature verified.
InboundFailedTN-Validation-Failed — a signature was present but did not verify.
InboundNo TN-ValidationNo-TN-Validation — the call arrived without a usable signature (normal for legacy/TDM-origin traffic).
EitherNo STIR/SHAKEN data for that call (older records predating the feature).

The call detail panel. Click any row to open a side panel with the full per-call detail: the call identity (calling → called number, time), the Signing (outbound) fields (attestation, whether it was signed, the signed origination identifier), and the Verification (inbound) fields (verstat, the attestation the caller claimed, the origination identifier, and a reason). Fields that don't apply to that call show a dash.

Export. The CDR CSV export includes the STIR/SHAKEN columns, so you can analyze signing and verification outcomes in your own tools.

These surfaces are read-only — they report what happened on each call. Signing and verification themselves are automatic and require no configuration.

Frequently Asked Questions

Do I need to set anything up for STIR/SHAKEN? No. Outbound signing is active on your account automatically. Inbound verification and verstat tagging happen automatically on every inbound call.

Will my outbound calls always show a "Verified" badge on the called party's phone? Not necessarily — that display depends on the called party's carrier and device. What WARP guarantees is that the signature is present and correctly formed. Whether the terminating carrier promotes that to a visible badge is their decision.

I see No-TN-Validation on a lot of inbound calls. Is something wrong? Probably not. A high rate of No-TN-Validation is normal for business traffic originating on older networks. If you are seeing it on calls you expect to be signed — for example, calls from a carrier that advertises STIR/SHAKEN support — contact support and we can take a closer look at the call detail.

How do I get my outbound calls signed attest A reliably? Make sure your equipment always sends a valid calling number (ANI) that matches one of your assigned WARP DIDs. If your equipment sometimes sends no ANI, ask support to set a POI fallback number on your account.

Does STIR/SHAKEN affect toll-free calls? Toll-free numbers can be signed, but the rules differ slightly from geographic DIDs. Contact support if you have specific questions about toll-free attestation for your account.