If you're running a VICIdial call center in 2026 and think STIR/SHAKEN is just another compliance checkbox, you're about to learn what a 50% drop in answer rates feels like.
Here's the part nobody in the VICIdial community spells out clearly: STIR/SHAKEN compliance is necessary but nowhere near sufficient. Getting A-level attestation is Layer 1 of a 13-layer stack. Most operators stop there and wonder why their numbers get flagged as "Scam Likely" six days into a campaign.
STIR/SHAKEN Authenticates Identity. That's It.
STIR/SHAKEN is a cryptographic framework. Your SIP trunk provider's Authentication Service checks: do they know who you are, did they assign you this number, did the call originate on their network. If yes to all three, they generate a signed PASSporT token and inject it into the SIP header.
The terminating carrier validates the signature and passes the result to analytics engines. Those engines — T-Mobile's Scam Shield (First Orion), AT&T's ActiveArmor (Hiya), Verizon's Call Filter (TNS) — decide whether your call rings through, gets labeled, or goes to voicemail. They control reputation for 200+ million US wireless subscribers and update their models every six minutes.
A-level attestation tells these engines "this caller is who they say they are." It does NOT tell them "this caller is trustworthy." The difference is where most operations lose.
Attestation Levels: Only A Matters
Full (A): Carrier verified your identity, you own the number, call started on their network. The only level that moves the needle on deliverability.
Partial (B): Carrier knows you, can't confirm you own the specific number. Default for most call centers using DIDs from one carrier routed through another. B-attested calls are roughly three times more likely to get flagged.
Gateway (C): Carrier doesn't know where the call came from. Functionally dead on arrival.
Buy your DIDs directly from your SIP trunk provider. If the carrier assigned the number and you're sending the call from their network, that's automatic A-level.
Your VICIdial Settings Are Feeding the Spam Algorithms
Nobody connects this explicitly enough: your campaign configuration generates call patterns that carrier analytics interpret as spam signatures.
AMD is the stealth reputation killer. Asterisk's AMD module disconnects after 2-3 seconds of audio analysis, generating massive volumes of short-duration calls. Calls under 30 seconds are the single strongest spam signal. With out-of-the-box AMD accuracy at 65-80%, real humans frequently pick up, hear silence, and get hung up on — generating both consumer complaints and short-duration data.
RATIO at 3:1 with 10 agents fires 30 simultaneous calls. At 40% contact rate, ~12 answer, 2 agents are available, and 10 get abandoned. Steady stream of short-duration, high-volume calls — textbook robocall signature. ADAPT_AVERAGE produces the smoothest traffic pattern.
DID rotation trap. Industry consensus on calls-per-DID-per-day converges around 50-100, with 75 as the sweet spot. Aggressive rotation gets numbers flagged faster.
Settings that help:
- Dial method: ADAPT_AVERAGE for 35+ agents
- Drop action: MESSAGE or IN_GROUP — never HANGUP. Playing a 15-20 second safe harbor recording extends call duration past the short-duration penalty threshold
- AMD: Either disabled, or configured to leave a voicemail instead of hanging up
- Dial timeout: 26-30 seconds minimum — shorter timeouts generate masses of very short attempts
The Full 13-Layer Stack
No competitor publishes the complete picture. The full stack a VICIdial operator needs:
Deliverability chain: (1) A-level attestation, (2) CNAM registration, (3) Free Caller Registry enrollment, (4) Individual analytics engine registration with Hiya/First Orion/TNS, (5) Continuous number reputation monitoring, (6) Branded calling.
Legal compliance chain: (7) Consent documentation via TrustedForm or Jornaya, (8) Federal DNC scrubbing, (9) State DNC scrubbing, (10) Cell phone ID and TCPA compliance, (11) Reassigned Numbers Database queries, (12) Litigator scrubbing, (13) Internal DNC and call recording.
For a 50-seat center, minimum viable compliance runs $3K-$5K/month. The recommended full stack hits $10K-$18K/month. That sounds expensive until you calculate the alternative — non-compliance costs an estimated $143K-$768K/month in lost connections, wasted agent wages, and DID burnout. TCPA class actions hit 507 filings in Q1 2025 with average settlements of $6.6 million.
Your 90-Day Playbook
Weeks 1-2: Verify your carrier's RMD status and SPC token. Confirm A-level attestation for your DIDs. The FCC removed 1,388 carriers from the RMD in a single month in August 2025.
Weeks 3-4: Register every outbound DID on FreeCallerRegistry.com. Set up CNAM. Run baseline reputation checks. Retire spam-labeled numbers — don't try to remediate, just replace.
Weeks 5-8: Switch to ADAPT_AVERAGE if running RATIO above 2.0. Set drop percentage to 2% max. Change Drop Action from HANGUP to MESSAGE. Set dial timeout to 28+. Limit calls per DID per day to 75.
Weeks 9-12: Track answer rates by carrier daily. Monitor short-duration call ratio (keep under 15%). Watch for SIP 603 spikes — that means active blocking. Establish a DID retirement pipeline.
For help building and managing the full 13-layer stack, see ViciStack's compliance services.
Originally published at https://vicistack.com/blog/stir-shaken-vicidial-guide/
Top comments (0)