<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.gmaildefault
{mso-style-name:gmail_default;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Ivan asks: “<span style='font-size:12.0pt'>How are you handling TFN atestations?”<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal>When the signer of a call gives A-level attestation, it means that the signer knows that the caller “is authorized to use” the calling number.<span style='font-size:12.0pt'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The signer can “know” that in any of a variety of ways. For toll-free numbers, the most sophisticated and secure is probably via Delegate Certificates. SOMOS, the North American Toll-Free Number Administrator, has commented about this in a current FCC proceeding: <a href="https://www.fcc.gov/ecfs/document/10605623514445/1">https://www.fcc.gov/ecfs/document/10605623514445/1</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>As the signer, there are other ways you could determine that the caller is authorized to use the number. For example, you could solicit some documentation from them (like an invoice from their RespOrg and/or service provider) and you could call the number and verify that your caller answers. The regulations (today) do not specify exactly how you “know” so you (as the signer) need to act in the spirit of the rules.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>This problem is not unique to toll-free numbers. I might have a geographic number that I obtain from provider A (and that’s how I get inbound calls to the number), but I make outbound calls from that number via providers B and C for redundancy and cost reasons.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Bear in mind that providers can set their own rules for what calls they will accept and what attestations they will assign, and those rules can be more restrictive than what might be dictated by regulation. For example, a provider might say “I will only assign A-level attestation to calls that use calling numbers assigned by me.” That’s their prerogative. In fact, a provider might say: “I will only accept calls that use calling numbers assigned by me. Those calls will get A-level attestation. I will reject all other calls.” There are no rules (to my knowledge) that prohibit providers from setting these kinds of rules.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> VoiceOps <voiceops-bounces@voiceops.org> <b>On Behalf Of </b>Ivan Kovacevic via VoiceOps<br><b>Sent:</b> Friday, July 7, 2023 7:27 AM<br><b>To:</b> Voice Ops <voiceops@voiceops.org><br><b>Subject:</b> Re: [VoiceOps] STIR/SHAKEN warning!<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><p class=MsoNormal><span style='font-size:12.0pt'>Hopefully on-topic. How are you handling TFN atestations? <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt'>Although a part of NANP - it's a different technology at the network level in terms of chain of authority and routing.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt'>RespOrg manages the number, but can provision and use many carriers to make outbound calls using the TFN Caller ID (and to receive inbound calls via the same TFN)... RespOrgs is not necessarily a carrier - who and how checks that RespOrg has the authority in case of delegated attestation. I may be overcomplicating it in my mind.. but it doesn't feel like the regulation maps 1-to-1 over to TFNs... Just wondering what everyone's experience is. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p></div></div><div><div><div><p class=MsoNormal><span class=gmaildefault><span style='font-size:12.0pt'>Thanks,</span></span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span class=gmaildefault><span style='font-size:12.0pt'>Ivan</span></span><o:p></o:p></p></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>