Aaron,
If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.” The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header. Sansay has a nice write-up about it here: https://support.sansay.com/t/p8hctyw/diversion-div-passport I do see mention of the DIV passport on this Twilio page: https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter. Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards. David From: Aaron C. de Bruyn via VoiceOps <[email protected]> Sent: Tuesday, January 6, 2026 3:54 PM To: Mary Lou Carey <[email protected]> Cc: Pinchas Neiman <[email protected]>; Mark R Lindsey, ECG <[email protected]>; [email protected] Subject: [VoiceOps] Re: Services that rely on Caller ID spoofing? Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them. That would require us to get permission to "spoof" numbers from tens of thousands of patients. ...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN. -A On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <[email protected] <mailto:[email protected]> > wrote: There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use. What carrier "owns" the number is highly debatable these days because there's multiple players. 1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to. 2. The carrier who manages the TN under their LRN. (In ported TN situations) 3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs. Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote: I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID. Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison. On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps <[email protected] <mailto:[email protected]> > wrote: I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes. Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote: "Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S. Of course this happens in conventional SIP trunking and wholesale interconnect all the time. It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call? And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number. As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls. In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list. Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps <[email protected] <mailto:[email protected]> > wrote: I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID. The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office". My understanding is the ability to spoof Caller ID info across the PSTN is going away. I tested, and I certainly can't do it with a Twilio SIP trunk. The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office. Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement? Thanks, -A _______________________________________________ VoiceOps mailing list -- [email protected] <mailto:[email protected]> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected] <mailto:[email protected]> _______________________________________________ VoiceOps mailing list -- [email protected] <mailto:[email protected]> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected] <mailto:[email protected]> _______________________________________________ VoiceOps mailing list -- [email protected] <mailto:[email protected]> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected] <mailto:[email protected]> -- Pinchas S. Neiman Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2 _______________________________________________ VoiceOps mailing list -- [email protected] <mailto:[email protected]> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected] <mailto:[email protected]>
_______________________________________________ VoiceOps mailing list -- [email protected] https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected]
