HubSpot
Salesforce
Zoho
HighLevel
Pipedrive
ActiveCampaign
Slack
Zapier
Table of Contents
- TL;DR
- Executive Summary of STIR/SHAKEN Compliance for Salesforce Users
- Key Findings on STIR/SHAKEN Compliance for Salesforce Users
- Defining the STIR/SHAKEN Compliance Regulatory Framework for Salesforce Users
- The Genesis of the STIR/SHAKEN Compliance Mandate for Salesforce Users
- Technical Mechanics of Call Authentication for Salesforce Users under STIR/SHAKEN Compliance
- The 2025 Regulatory Shift and STIR/SHAKEN Compliance for Salesforce Users
- Explaining Attestation Levels in STIR/SHAKEN Compliance for Salesforce Users
- A-Level Attestation and STIR/SHAKEN Compliance for Salesforce Users
- B-Level Attestation Issues for Salesforce Users within STIR/SHAKEN Compliance
- C-Level Attestation Risks for Salesforce Users under STIR/SHAKEN Compliance
- The STIR/SHAKEN Compliance Architecture Gap for Salesforce Users
- The Bridged Calling Architecture Affecting STIR/SHAKEN Compliance for Salesforce Users
- The BYOC Disconnect for Salesforce Users and STIR/SHAKEN Compliance
- Limitations of Manual Remediation for Salesforce Users Facing STIR/SHAKEN Compliance
- Carrier Analytics and Algorithmic Blocking of Salesforce Users under STIR/SHAKEN Compliance
- The Analytics Triopoly Judging STIR/SHAKEN Compliance for Salesforce Users
- Algorithmic Triggers for Spam Risk Affecting STIR/SHAKEN Compliance for Salesforce Users
- The Reasonable Analytics Standard in STIR/SHAKEN Compliance for Salesforce Users
- Economic Impact of STIR/SHAKEN Compliance Failures for Salesforce Users
- The Collapse of Connection Rates for Salesforce Users Lacking STIR/SHAKEN Compliance
- Revenue Destruction for Salesforce Users Due to STIR/SHAKEN Compliance Issues
- The Death Spiral for Salesforce Users Without STIR/SHAKEN Compliance
- Kixie’s Architecture and A-Level Attestation for Salesforce Users and STIR/SHAKEN Compliance
- Achieving A-Level Attestation for STIR/SHAKEN Compliance as Salesforce Users
- Intelligent Local Presence via ConnectionBoost for STIR/SHAKEN Compliance and Salesforce Users
- Legitimate Rotation vs Snowshoeing in STIR/SHAKEN Compliance for Salesforce Users
- Salesforce Integration and STIR/SHAKEN Compliance for Users
- Strategic Recommendations for Salesforce Users Regarding STIR/SHAKEN Compliance
- Audit Your STIR/SHAKEN Compliance Attestation Status as Salesforce Users
- Abandon Shared Pools to Ensure STIR/SHAKEN Compliance for Salesforce Users
- Implement Automated Reputation Management for STIR/SHAKEN Compliance for Salesforce Users
- Centralize STIR/SHAKEN Compliance in the Trust Center for Salesforce Users
- Final Thoughts on STIR/SHAKEN Compliance for Salesforce Users
TL;DR
STIR/SHAKEN compliance frameworks now require Salesforce users to secure A-Level (Full) Attestation to bypass “Spam Risk” labeling by the Analytics Triopoly (Hiya, TNS, First Orion), as legacy bridged architectures producing B-Level (Partial) Attestation trigger blocking algorithms when call velocity exceeds 50 calls/hour or duration drops below 30 seconds. With answer rates for unverified calls falling below 3% and the FCC Eighth Report and Order eliminating third-party signing effective June 2025, sales organizations must abandon shared number pools in favor of direct-peering telephony solutions. Kixie resolves this compliance gap by providing a verified identity layer that secures cryptographic A-Level attestation and utilizes ConnectionBoost technology to rotate 50,000+ registered numbers, automating reputation management to maintain connectivity in high-velocity sales environments.
Executive Summary of STIR/SHAKEN Compliance for Salesforce Users
The telecommunications infrastructure has undergone a fundamental architectural shift, moving from an open, trust-based network to a closed, identity-verified ecosystem governed by the STIR/SHAKEN framework. For Salesforce users relying on native dialing systems or legacy telephony integrations, this shift presents a critical operational risk. The default architecture of many CRM-based dialers inherently produces “B-Level” attestation, a signal to carrier networks that the caller’s identity cannot be fully verified. Consequently, legitimate sales outreach is increasingly intercepted by carrier analytics engines and flagged as “Spam Risk” or “Scam Likely,” precipitating a collapse in connection rates.
This report provides a comprehensive technical and regulatory analysis of the STIR/SHAKEN protocols, specifically developed for Salesforce VPs, Admins, and researchers. It examines the mechanics of call authentication, the failure points within Salesforce’s native telephony architecture, and the algorithmic behavior of the “Analytics Triopoly” (Hiya, TNS, First Orion). Finally, it presents Kixie as the requisite option, detailing how its direct-carrier peering and “ConnectionBoost” technology secure A-Level attestation, thereby restoring trust and connectivity in high-velocity sales environments.
Key Findings on STIR/SHAKEN Compliance for Salesforce Users
- The B-Level Attestation Trap: Salesforce’s native dialer and many third-party integrations utilize a bridged architecture that often fails to meet the cryptographic standards for A-Level (Full) Attestation, resulting in calls being treated as suspicious by terminating carriers.
- Algorithmic Blocking: Carrier analytics engines now block or label calls based on behavioral patterns (volume velocity, short duration) and identity verification. Without A-Level attestation, behavioral thresholds for blocking are significantly lower.
- Regulatory Tightening: The FCC’s Eighth Report and Order (effective 2025) eliminates the ability for resellers to rely on upstream providers for call signing, mandating strict adherence to identity verification that legacy systems may not support.
- The Answer: Kixie provides a verified identity layer that integrates with Salesforce, ensuring A-Level attestation through direct number registration and automated reputation management, effectively immunizing sales teams against systemic spam flagging.
Defining the STIR/SHAKEN Compliance Regulatory Framework for Salesforce Users
The Genesis of the STIR/SHAKEN Compliance Mandate for Salesforce Users
The implementation of STIR/SHAKEN represents the federal government’s primary response to the epidemic of illegal robocalls and caller ID spoofing. The framework was mandated by the TRACED Act (Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act), signed into law in 2019, which required the Federal Communications Commission (FCC) to compel voice service providers to implement caller ID authentication technology.
The protocols are defined as follows:
- STIR (Secure Telephone Identity Revisited): A set of technical standards developed by the Internet Engineering Task Force (IETF) that adds a digital signature to the Session Initiation Protocol (SIP) information used to route calls. This signature certifies the identity of the caller.
- SHAKEN (Signature-based Handling of Asserted Information Using toKENs): The framework that defines how service providers implement the STIR standards within their networks to ensure end-to-end verification of the caller ID.
Technical Mechanics of Call Authentication for Salesforce Users under STIR/SHAKEN Compliance
At a technical level, STIR/SHAKEN functions through a Public Key Infrastructure (PKI). When a call is initiated, the Originating Service Provider (OSP) creates a digital “token” known as a PASSporT (Personal Assertion Token). This token contains critical metadata:
Attestation Level: The level of trust the carrier has in the caller’s identity (A, B, or C).
Origination Identifier: The phone number initiating the call.
Destination Identifier: The number being dialed.
Timestamp: To prevent replay attacks.
This token is encrypted using the OSP’s private key and inserted into the SIP header of the call. As the call traverses the Public Switched Telephone Network (PSTN), the Terminating Service Provider (TSP) uses the OSP’s public key to decrypt the token and verify that the caller ID has not been spoofed.
The 2025 Regulatory Shift and STIR/SHAKEN Compliance for Salesforce Users
The regulatory environment continues to evolve. In November 2024, the FCC adopted the Eighth Report and Order, which introduces stringent new requirements effective June 2025. This order prohibits “third-party signing” for providers who have their own STIR/SHAKEN obligations. Previously, many resellers and smaller VoIP providers relied on upstream carriers (like Bandwidth or Twilio) to sign calls on their behalf. The new rule mandates that providers must obtain their own Service Provider Code (SPC) token and sign calls with their own certificates.
Implication for Salesforce Users: This regulatory tightening means that “Bring Your Own Carrier” (BYOC) setups and loose integrations used by many CRMs will face increased scrutiny. If the entity originating the call (the Salesforce user) cannot prove a direct, authenticated relationship with the number owner, the call will fail to achieve the necessary trust status.
Explaining Attestation Levels in STIR/SHAKEN Compliance for Salesforce Users
The efficacy of the STIR/SHAKEN framework relies on the “Attestation Level” assigned to each call. This is effectively a credit score for the call’s identity. For Salesforce users, understanding these levels is critical, as they determine whether a prospect’s phone rings or displays “Spam Risk.”
A-Level Attestation (Full)
- Definition: The service provider has authenticated the customer initiating the call and verified that the customer is authorized to use the specific calling number.
- The “Gold Standard”: This level indicates that the carrier knows exactly who is calling and that they own the number.
- Impact: Calls with A-Level attestation are the least likely to be blocked. They are eligible for “Verified” checkmarks on compatible devices and are treated favorably by analytics engines.
- Requirement: To achieve this, the software initiating the call must have a direct registration relationship with the carrier routing the call.
B-Level Attestation (Partial)
- Definition: The service provider has authenticated the customer initiating the call but cannot verify that the customer is authorized to use the specific calling number.
- The Salesforce/Twilio Problem: This is the most common scenario for CRM dialers. The carrier (e.g., Twilio) knows the Salesforce client (the customer), but the phone number being displayed might be a “local presence” number or a number ported from another carrier that Twilio does not directly administer.
- Impact: B-Level attestation is a “red flag” for analytics engines. It signals that the call could be spoofed. While not automatically blocked, these calls are subjected to aggressive behavioral monitoring. A slight uptick in call volume or a few short calls will trigger a “Spam Risk” label immediately.
C-Level Attestation (Gateway)
- Definition: The service provider can only verify the entry point of the call to the network (e.g., an international gateway) but has no knowledge of the caller’s identity or the validity of the number.
- Impact: These calls are almost universally treated as spam or blocked outright by terminating providers.
The STIR/SHAKEN Compliance Architecture Gap for Salesforce Users
Salesforce is the world’s leading CRM, but its native telephony architecture, specifically Salesforce Sales Dialer, was designed in an era prior to the strict enforcement of STIR/SHAKEN (the federal framework for caller ID authentication). This legacy architecture creates a structural compliance gap for modern sales teams.
The Bridged Calling Architecture Affecting STIR/SHAKEN Compliance for Salesforce Users
Salesforce Sales Dialer typically operates on a bridged or “masked” architecture. When a user clicks to dial in Salesforce:
1. The request is sent to a telephony partner (often Twilio or a similar CPaaS provider).
2. The provider initiates the call to the prospect.
3. The provider inserts a Caller ID chosen by the user (often a personal mobile number or a local presence number).
The Failure Point: Because the telephony provider (Twilio) may not be the registrar of the Caller ID number being displayed (especially if the user is verifying a personal mobile number or using a generic pool), the provider cannot cryptographically assert ownership of that number. Consequently, the provider must sign the call with B-Level Attestation (Partial Attestation).
The BYOC Disconnect for Salesforce Users and STIR/SHAKEN Compliance
Many Salesforce environments utilize BYOC to connect external telephony to Service Cloud Voice or High Velocity Sales. While flexible, this breaks the “Chain of Trust.”
- If the SIP signaling is decoupled from the number ownership, the signing authority defaults to partial attestation.
- Result: A Salesforce user making a legitimate business call is technically indistinguishable from a spoofer in the eyes of the network.
Limitations of Manual Remediation for Salesforce Users Facing STIR/SHAKEN Compliance
Salesforce’s documentation suggests manual remediation steps, such as registering numbers with the “Free Caller Registry” or requesting new numbers if flags appear. However, this approach is unscalable for enterprise teams:
- Latency: Registration can take days or weeks.
- Inefficiency: Manually swapping numbers disrupts sales workflows.
- Ineffectiveness: Without A-Level attestation, even registered numbers will be flagged again once call volume increases.
Carrier Analytics and Algorithmic Blocking of Salesforce Users under STIR/SHAKEN Compliance
Meeting the technical requirements of STIR/SHAKEN is only half the battle. The actual decision to label a call as “Spam Risk” is made by third-party analytics engines contracted by the major carriers. These entities form an “Analytics Triopoly.”
The Analytics Triopoly Judging STIR/SHAKEN Compliance for Salesforce Users
- Hiya: Powers spam protection for AT&T. Known for high identification rates and strict behavioral monitoring.
- Transaction Network Services (TNS): Powers Verizon. Heavily relies on network data and attestation levels.
- First Orion: Powers T-Mobile. Focuses on “Scam Likely” tagging and offers branded calling solutions.
Algorithmic Triggers for Spam Risk Affecting STIR/SHAKEN Compliance for Salesforce Users
Even with valid identity, these engines monitor behavioral patterns to detect robocalls. For Salesforce users with B-Level (partial) attestation, the threshold for these triggers is significantly lower.
- Volume Velocity: A sudden spike in calls from a single number (e.g., >50 calls/hour). If a Salesforce user starts a “Power Hour” using a B-Attested number, they will likely be flagged within minutes.
- Average Call Duration (ACD): Legitimate sales calls result in conversations. Robocalls result in immediate hang-ups. An ACD below 15-30 seconds is a primary spam indicator.
- Answer Seizure Ratio (ASR): The percentage of calls that are answered. A low ASR (common in cold calling) combined with partial attestation confirms a “spam” profile to the algorithm.
- Neighbor Spoofing Patterns: If a dialer automatically selects a number with the same area code and prefix as the prospect (e.g., calling 555-123-xxxx from 555-123-yyyy), analytics engines flag this as probable spoofing unless the number is A-Attested and registered.
The Reasonable Analytics Standard in STIR/SHAKEN Compliance for Salesforce Users
The FCC has authorized carriers to block calls based on “reasonable analytics,” even if the calls are not technically illegal. This gives carriers broad discretion to block high-volume sales traffic that fits the statistical profile of unwanted robocalls, placing the burden of proof entirely on the sales organization.
Economic Impact of STIR/SHAKEN Compliance Failures for Salesforce Users
The failure to secure A-Level (Full) attestation and manage number reputation has catastrophic economic consequences for sales organizations using Salesforce.
The Collapse of Connection Rates
- Historical Baseline: Traditional connection rates for outbound sales hovered between 15-30%.
- Current Reality: For unverified (B-Attested) calls, answer rates have plummeted to below 3%.
- Hiya Report: 80% of unidentified calls go unanswered. A “Spam Likely” label reduces the answer rate to near zero.
Revenue Destruction
- Wasted Labor: Sales representatives spend hours dialing into a “black hole.” If a rep makes 100 calls and only 3 answer, 97% of their effort is wasted.
- Lead Burn: High-value leads are alienated. If a prospect sees “Spam Risk” associated with a brand, trust is eroded before the first conversation occurs.
- Financial Loss: 15% of businesses report losing over $100k in revenue due to incorrect spam flagging.
The Death Spiral for Salesforce Users Without STIR/SHAKEN Compliance
Teams often react to low answer rates by increasing call volume. However, increasing volume on numbers with partial (B-Level) attestation simply triggers spam algorithms faster, leading to more blocking, lower answer rates, and a desperate need for even more volume. This cycle destroys domain reputation and morale.
Kixie’s Architecture and A-Level Attestation for Salesforce Users and STIR/SHAKEN Compliance
To solve the STIR/SHAKEN compliance challenges, Salesforce users must adopt a telephony layer that replaces the legacy bridged architecture with a verified, direct-peering model. Kixie is engineered specifically to provide this solution.
Achieving A-Level Attestation for STIR/SHAKEN Compliance as Salesforce Users
Unlike Salesforce’s native dialer, Kixie operates as a registered carrier partner.
- Direct Registration: Kixie manages the registration of its number pool directly with the major analytics providers (First Orion, Hiya, TNS).
- Identity Verification: Kixie verifies the business entity (Legal Business Name, EIN, Address) and links this identity directly to the numbers used in the dialer.
- The Result: When a Kixie user places a call, Kixie signs the SIP token with A-Level (Full) Attestation, certifying to Verizon, AT&T, and T-Mobile that the caller is known, verified, and authorized.
Intelligent Local Presence via ConnectionBoost for STIR/SHAKEN Compliance and Salesforce Users
Kixie’s ConnectionBoost technology addresses the behavioral triggers of spam algorithms while maintaining high connection rates.
- Dynamic Pool Rotation: Instead of hammering a single number, ConnectionBoost rotates through a pool of over 50,000 verified, A-Attested numbers. This dilutes “Volume Velocity” per number, keeping each number below the spam threshold.
- Legitimate Local Presence: Kixie matches the area code of the prospect with a real, registered number from its pool. Unlike “neighbor spoofing” (which fakes a number), Kixie uses actual numbers owned and registered by Kixie, ensuring the call passes SHAKEN verification.
- AI-Driven Reputation Management: Kixie’s system continuously monitors the health of its number pool. If a number’s Answer Seizure Ratio (ASR) drops or it receives a flag, the AI automatically quarantines and replaces it, ensuring reps always dial with “clean” numbers.
Legitimate Rotation vs Snowshoeing in STIR/SHAKEN Compliance for Salesforce Users
It is vital to distinguish Kixie’s approach from “Snowshoeing” (a spam tactic of spreading bad traffic across many numbers).
- Snowshoeing: Uses unregistered numbers to evade detection while blasting illegal robocalls.
- Kixie ConnectionBoost: Uses registered, verified identities to conduct legitimate business outreach. The rotation is designed to prevent false positives from aggressive carrier algorithms, not to evade compliance. Because Kixie provides A-Level attestation, the carriers can trace the traffic back to the legitimate business, establishing accountability.
Salesforce Integration and STIR/SHAKEN Compliance for Users
Kixie integrates bi-directionally with Salesforce, ensuring that while the telephony layer is external (to secure A-Attestation), the data remains central.
- Automatic Logging: All calls, recordings, and dispositions are synced to Salesforce objects.
- 10DLC Compliance: Kixie also manages the “10-Digit Long Code” (10DLC) registration for SMS, ensuring that text messages sent from Salesforce are also compliant with carrier standards.
Strategic Recommendations for Salesforce Users Regarding STIR/SHAKEN Compliance
For Salesforce administrators and Sales VPs, the path forward requires a strategic pivot from legacy dialing to verified identity systems.
Audit Your STIR/SHAKEN Compliance Attestation Status as Salesforce Users
- Action: Contact your current telephony provider (or Salesforce support) and demand a report on your STIR/SHAKEN attestation level.
- Red Flag: If they cannot guarantee A-Level attestation for all outbound calls (including local presence), your connection rates are artificially suppressed.
Abandon Shared Pools to Ensure STIR/SHAKEN Compliance for Salesforce Users
- Action: Move away from dialing solutions that use “shared pools” of numbers that are not registered to your specific business entity.
- Rationale: In a shared pool, one bad actor can poison the reputation of the entire number block, causing your calls to be flagged as spam due to someone else’s behavior.
Implement Automated Reputation Management for STIR/SHAKEN Compliance for Salesforce Users
- Action: Adopt a solution like Kixie that automates the dispute and remediation process with carriers.
- Rationale: Manual remediation (Free Caller Registry) is too slow for modern sales velocity. You need API-level integration with the major analytics providers (First Orion, Hiya, and TNS) to maintain number health in real-time.
Centralize STIR/SHAKEN Compliance in the Trust Center for Salesforce Users
- Action: Utilize Kixie’s Trust Center to manage CNAM (Caller ID Name), STIR/SHAKEN, and 10DLC registration in a single interface.
- Rationale: Consistency is key. Your digital identity must match across all carrier databases to ensure your calls are delivered with the “Verified” checkmark.
Final Thoughts on STIR/SHAKEN Compliance for Salesforce Users
The era of anonymous, high-volume cold calling is over. The STIR/SHAKEN framework has successfully transformed the public telephone network into a permission-based environment where identity is the prerequisite for access. For Salesforce users, the native dialing architecture is no longer sufficient to withstand this complex regulatory and technical environment. The default B-Level (partial) attestation provided by legacy systems is a silent killer of pipeline, rendering even the most sophisticated sales strategies ineffective.
Kixie represents the necessary evolution of sales telephony. By securing A-Level attestation through direct carrier integration and managing number reputation via AI-driven ConnectionBoost, Kixie allows Salesforce users to align with the new standards of trust. In doing so, it converts the headwinds of regulation into a competitive advantage, ensuring that when a sales representative dials, the market listens.
