Systems involved
| System | Role |
|---|---|
| Kayako / Zendesk | Subscriber complaint ticket. |
| Homer / SIPCapture | SIP trace storage. |
| SBC SSH | Trace the call’s origination, verify Identity header. |
| STIR/SHAKEN verification service | Validate the certificate chain. |
| FCC Robocall Mitigation Database | Lookup the upstream carrier’s RMD entry. |
| Originating carrier contact | Formal complaint email or portal. |
| FCC consumer complaint portal | Optional escalation. |
| Gmail | Subscriber and inter-carrier comms. |
| Studio Memories | Pattern notes on repeat-offender carriers. |
Walkthrough
Pull the offending calls
Copilot reads the subscriber complaint, identifies the affected DID, and pulls the last 48 hours of inbound calls to that DID from Homer. Three calls match the spoofing pattern.
Inspect the SHAKEN attestation
For each call, Copilot extracts the Identity header from the INVITE, decodes the JWT, and checks the attestation level. Two are A-attested by a known transit carrier; one is C-attested with no traceback information.
Verify the certificate chain
Through the verification service, validate that the signing certificate chains to a Certified STI-PA root and that the cert is not revoked. The A-attested calls validate; the C-attested call has a valid cert but minimal accountability.
Identify the originating carrier
Look up the OCN in the FCC Robocall Mitigation Database. The transit carrier is reputable; the originating party shows as a discount international gateway with a thin RMD filing.
Mitigate immediately
SSH to the SBC. Add a temporary rule for the subscriber’s DID: block inbound calls where the calling number matches the called number. The rule is narrow — it does not affect any other subscriber.
Notify the subscriber
Copilot drafts a Kayako reply: we traced the calls, applied a block, here’s what STIR/SHAKEN told us, here’s what we can and can’t do about the upstream source. Reviewed and sent.
File the upstream complaint
Through Gmail, draft a formal complaint to the transit carrier’s robocall mitigation contact: example call IDs, Identity header contents, attestation level, evidence of harassment pattern. The transit carrier’s response time SLA is logged.
Optional: FCC escalation
For repeat-offender originating parties (saved as memories from prior incidents), file the FCC consumer complaint as a courtesy escalation with the same evidence pack.
Where Studio earns its keep
- The Identity header decoding, the cert chain check, and the RMD lookup happen automatically — the engineer doesn’t switch between three browser tabs and a JWT decoder.
- The mitigation is narrow and surgical at the SBC, not a policy change that hurts other subscribers.
- The inter-carrier complaint references actual evidence — the cert serial, the OCN, the call IDs — so it gets taken seriously upstream.
- The repeat-offender memory builds over time, so the next call from the same source produces a stronger escalation immediately.
Related
Memories and search
Save repeat-offender OCNs and patterns for next-time correlation.
Procedures
Spoofing complaint triage with DID as the argument.