Skip to content
Stopping Illegal Robocalls Where They Start

Evaluating Robocall Mitigation Programs

The FCC’s Second Report and Order in Docket 17-97 mandates that Voice Service Providers implement a Robocall Mitigation Program (RMP) for all calls not authenticated with STIR/SHAKEN. While the Order does not prescribe exactly what the RMP must do, they say it must include “the specific reasonable steps the voice service provider has taken to avoid originating illegal robocall traffic as part of its robocall mitigation program.” Each provider has to include this information in a certification filed in the FCC’s new Robocall Mitigation Database.

The FCC has not indicated whether or how RMPs will be judged, but that has not stopped ZipDX from going through the plans and offering our assessment. We have established the following objective criteria to evaluate the adequacy of these plans.

Service Risk

  1. Low: If the nature of the provider’s service is such that customers are intrinsically limited in the number of concurrent calls they can place, and the calling telephone number is assigned by the provider, then it is unlikely that illegal robocalls would originate via this network. Mobile operators (serving exclusively mobile handsets) and rural LECs (serving residential and business customers over their own outside plant facilities) could fall into this category.
  2. High: A provider that offers IP-based (over the public internet) call origination at high volumes, and/or allows customers to provide their own caller-ID values, and/or accepts traffic from foreign sources falls into this category.
  3. Medium: Providers that are neither “low” nor “high” are deemed “medium” risk. This includes RLECs and CLECs that offer SIP trunking to enterprise customers.

Plan Elements

If a Provider’s Service Risk is low, their RMP must explain why (along the lines indicated above). Otherwise, the RMP must address EACH of the following elements, scored from 3 (best, with thoroughness and quantitative specificity) to 0 (not mentioned in a meaningful way):

  1. Know-Your-Customer: Explicit, thorough list of items examined to vet customer legitimacy (web site, references, social media, regulatory and state filings, physical address, business purpose, description of traffic, how consent is obtained when consent is required); additional scrutiny of foreign customers
  2. Call Volume: Limits on simultaneous calls and calls-per-second, established commensurate with KYC findings
  3. Caller-ID: Constrained appropriately; specific values verified and white-listed to ensure customer is using only values assigned to them or used with express permission
  4. CDR Monitoring / Call Duration: Routine monitoring of customer traffic with special scrutiny of short-duration calls (must use white-listed caller-IDs which must be periodically tested even if previously verified)
  5. Traceback / Action: Acknowledge FCC requirement to cooperate with traceback; specify what actions are taken (specific metrics) when tracebacks are reported

Other Notes

As part of our evaluation, we may capture notes about a given plan, including:

  1. Redacted: Scoring will depend on the degree of redaction. Entirely redacted results in a score of all zeroes. Minimal (e.g,, contact info for a manger) will not affect scoring. Redaction of substantive metrics affects scoring if the sufficiency is indeterminate (we will assume the worst).
  2. Foreign Language: If we are able to accurately interpret the plan, we will score it accordingly; otherwise, it will be deemed inadequate.
  3. Third Party: If the plan incorporates the services of a third party, we will score it according to information readily available regarding that party. If the information is not available, or the third party offers a variety of services and/or is configurable with various metrics, and those details are not included in the RMP, it will be scored assuming the worst.
  4. Exemplary: We will note plans that are particularly comprehensive and likely to be most effective.
  5. Flawed: Plans that include erroneous information (such as “all political calls are legal”) will be noted.

References

Several VoIP providers have entered into agreements with enforcement agencies regarding steps those providers must take to avoid originating illegal robocalls. See, for example:

The following show sample Robocall Mitigation Programs we have drafted and how they would be scored.