GROUNDBREAKING (IN A BAD WAY): New FCC NPRM Asks Whether SHAKEN/STIR Framework Can/Should be Applied to Texts and We ALL Just Rolled Our Eyes

Well here we go again.

After living through the outlandish roll outs first of caller attestation requirements, and then of the TCR and 10DLC registration–neither of which successfully prevent legitimate traffic from being blocked or labeled–the FCC appears to be on the cusp of imposing an entirely new certification process on SMS senders, this time based on the STIR/SHAKEN protocols applicable to voice traffic.

In a new NPRM out today–which is being covered for all the wrong reasons (more on that below)–the FCC asks a series of very telling (scary?) questions:

B. Applying Caller ID Authentication Requirements to Text Messages
28. In order to facilitate blocking for certain types of illegal texts, we seek comment on whether to require providers to implement caller ID authentication for text messages.
29. Industry technologists developed caller ID authentication—specifically, the STIR/SHAKEN framework for IP networks—to combat spoofing of voice calls. We seek comment on the progress of efforts to extend authentication to text messages. A working group of the Internet Engineering Task Force (IETF) is currently considering a draft standard regarding application of some components of the STIR/SHAKEN framework to text messages. What additional work needs to be done on the draft standard currently under consideration? How long might it take to complete such work? Beyond that document, what if any additional standards work is necessary before authentication for text messages is operational?
30. Would the current STIR/SHAKEN governance system be able to accommodate authentication for text messages, or would it need to be modified or a new governance system established? Once standards work is sufficiently complete, what steps must providers take to implement authentication for text messages in their network? Can existing network upgrades to meet the June 30, 2021, STIR/SHAKEN implementation mandate for voice calls be used in whole or in part to support authentication for text messages? Or would authentication for text messages require more comprehensive technological network upgrades? If so, what is the estimated amount of time it would take to install the technology and what would be the projected costs?
31. We tentatively conclude that providers should implement caller ID authentication for text messages. We believe such a requirement would spur standards groups to complete development of standards promptly. Do commenters agree? What timeline should we establish for implementation that accounts for the time needed both to finish standards and for providers to perform any necessary network upgrades? Would two years be sufficient time to complete standards development and implement necessary technology? Should we instead require providers to implement caller ID for text messages when technically feasible, without setting a time-certain deadline? If so, how should we define “technically feasible”? Would this approach better account for uncertainty in the development process? Would it create a perverse incentive to delay development?

What do you think TCPAWorld? Fun? Smart? Thoughts?


Feels like a lot of needless pain being inflicted here because the issue with spam texts isn’t–by and large–a lack of accurate transmission of the source of the texts. It is largely an issue of consumers signing up for messages they didn’t really want to sign up for–i.e. more consumer empowerment needed–or texts being sent that are entirely legal–i.e. P2P messages for non-marketing (political?) purposes–that consumers may not want but that are, nonetheless, completely legal.

Forcing folks who are responsible members of the SMS ecosystem to jump through yet another set of wild hoops to send texts is NOT what this country needs. Bad idea. Don’t do it.

And I must say–the current state of telecom law in this nation is already abysmal. Access to the CRITICAL carrier networks–which used to be assured to all Americans–is now subject to roadblocks and speed bumps and outages imposed by ad hoc decision-making by single individuals within large carrier enterprises. Whether your traffic gets through literally depends who is manning the levers that day and what they had for breakfast. IT IS NUTS!

And obviously this proposal seems certain to make things even worse.

So it’ll probably pass.

But none of this will be discussed in the mainstream media because the idea of a completely ILLEGAL and UNCONSTITUTIONAL licensing scheme limiting free speech doesn’t bother anyone anymore. What we care about is blocking robotexts!

Of course the order is getting covered because it also compels carriers to block text messages originating from fake numbers. Not exactly groundbreaking though:

we propose to require mobile wireless providers to block texts, at the network level, that purport to be from invalid, unallocated, or unused numbers, and numbers on a Do-Not-Originate (DNO) list.

I mean, yeah sure. great. But why not just leave it there? Why try to destroy access to the entire SMS universe?

I love how this works though. DC can never just give the people something good without inflicting a greater or equal amount of pain.

Read the proposal here.



  1. Amen. Preach Czar. “messages…that are… completely legal… [but] Whether your traffic gets through literally depends who is manning the levers that day and what they had for breakfast.” Spot on, Mr. Troutman. And yet you’re also correct that the political will to fight it is small… unless of course all the politicians on both sides of the isle who are conducting fundraising via P2P texting decide they don’t want to change that.

  2. Thanks for the great article!

    I read this article from the perspective of someone opposed to the now near ubiquitous use of SMS as an identity verification mechanism, e.g. in 2FA, account creation, etc.

    We already have an informal black-list of almost any small business accessible VoIP service SMS for use as identity verification. So I wonder about the implications of new FCC rulings regarding certified origination of SMS, and any impact on SMS as an authentication mechanism.

    I work as a technology developer, and prefer to take my communications into my own hands, primarily via VoIP infrastructure. And this is black-listing me from an ever increasing list of services.

    While I agree with the detachment, and ignorance, of these issues by legislators, I also feel a lot of this is driven by large telecoms in an effort to squeeze out any small players. Much as google, MS and apple have done with email service and via their secret “reputation” indexes for allowing delivery of email.

    Could you comment on the state of SMS as an identity verification, and specifically the legal basis for requiring individuals and small businesses to have accounts with major cell phone service providers in order to access online services?

    Thank you again for the informative article!

    John A

Leave a Reply