Services that rely on Caller ID spoofing?
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID. The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office". My understanding is the ability to spoof Caller ID info across the PSTN is going away. I tested, and I certainly can't do it with a Twilio SIP trunk. The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office. Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement? Thanks, -A
It depends on the carrier. Some will flat out not allow you to set the callerID to any number while others will allow it so long as you add a diversion header. If they see the diversion header they know you are forwarding the call. Another option maybe to send a 302 which will tell the provider to re-direct the call. Since they know the CLI is valid they pass along the call as is. On Wed, Nov 19, 2025 at 11:10 AM Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
I’ve just deployed something similar to this via Telin. I’m sure others can do it too. They have an automated system that verifies your ownership/permission to use a phone number, and from then on, you can use it and get either B or A attestation. The most common interpretation of the current regs is that this is the only way you can send off-net CLID in the future. If you want to have a live conversation about this I’m open to a call. It’s something I’ve been doing since the 90s and constantly fighting the changing landscape on CLID. If you’d like to talk to someone at Telin I can make an intro. Great people, solid service. On Nov 19, 2025 at 9:07:54 AM, Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
Unfounded speculation, but I think this is a short-term hack and will ultimately go the way of the dodo. Yes, services like this will go the way of the dodo. You can't impersonate the original caller per se. There will be some other way to pass the identity of the caller, or other enriched call data that would be relevant to a database lookup. It won't be by presenting CID of a number you don't own. -- Alex
On Nov 21, 2025, at 5:02 PM, Carlos Alvarez via VoiceOps <voiceops@voiceops.org> wrote:
I’ve just deployed something similar to this via Telin. I’m sure others can do it too. They have an automated system that verifies your ownership/permission to use a phone number, and from then on, you can use it and get either B or A attestation. The most common interpretation of the current regs is that this is the only way you can send off-net CLID in the future. If you want to have a live conversation about this I’m open to a call. It’s something I’ve been doing since the 90s and constantly fighting the changing landscape on CLID.
If you’d like to talk to someone at Telin I can make an intro. Great people, solid service.
On Nov 19, 2025 at 9:07:54 AM, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800
Also, fax will be dead by 2005 at the latest. On Nov 21, 2025 at 3:10:30 PM, Alex Balashov <abalashov@evaristesys.com> wrote:
Unfounded speculation, but I think this is a short-term hack and will ultimately go the way of the dodo.
Yes, services like this will go the way of the dodo. You can't impersonate the original caller per se. There will be some other way to pass the identity of the caller, or other enriched call data that would be relevant to a database lookup. It won't be by presenting CID of a number you don't own.
-- Alex
On Nov 21, 2025, at 5:02 PM, Carlos Alvarez via VoiceOps < voiceops@voiceops.org> wrote:
I’ve just deployed something similar to this via Telin. I’m sure others can do it too. They have an automated system that verifies your ownership/permission to use a phone number, and from then on, you can use it and get either B or A attestation. The most common interpretation of the current regs is that this is the only way you can send off-net CLID in the future. If you want to have a live conversation about this I’m open to a call. It’s something I’ve been doing since the 90s and constantly fighting the changing landscape on CLID.
If you’d like to talk to someone at Telin I can make an intro. Great people, solid service.
On Nov 19, 2025 at 9:07:54 AM, Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this:
* I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office
* It's after hours and they are busy with other calls
* Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>)
* They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A
_______________________________________________
VoiceOps mailing list -- VoiceOps@voiceops.org
https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________
VoiceOps mailing list -- VoiceOps@voiceops.org
https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/
To unsubscribe send an email to voiceops-leave@voiceops.org
-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800
Ha ha. But there's no concerted industry and regulatory scheme to block fax per se.
On Nov 21, 2025, at 5:12 PM, Carlos Alvarez via VoiceOps <voiceops@voiceops.org> wrote:
Also, fax will be dead by 2005 at the latest.
On Nov 21, 2025 at 3:10:30 PM, Alex Balashov <abalashov@evaristesys.com> wrote:
Unfounded speculation, but I think this is a short-term hack and will ultimately go the way of the dodo.
Yes, services like this will go the way of the dodo. You can't impersonate the original caller per se. There will be some other way to pass the identity of the caller, or other enriched call data that would be relevant to a database lookup. It won't be by presenting CID of a number you don't own.
-- Alex
On Nov 21, 2025, at 5:02 PM, Carlos Alvarez via VoiceOps <voiceops@voiceops.org> wrote:
I’ve just deployed something similar to this via Telin. I’m sure others can do it too. They have an automated system that verifies your ownership/permission to use a phone number, and from then on, you can use it and get either B or A attestation. The most common interpretation of the current regs is that this is the only way you can send off-net CLID in the future. If you want to have a live conversation about this I’m open to a call. It’s something I’ve been doing since the 90s and constantly fighting the changing landscape on CLID.
If you’d like to talk to someone at Telin I can make an intro. Great people, solid service.
On Nov 19, 2025 at 9:07:54 AM, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800
What happens is a patient doesn't show caller ID now? Eventually the service will ask for an patient ID of some sort or just treat all incoming calls from scratch. But eventually you'll just have B Attestation: *B — Partial Attestation* *Meaning:* The originating service provider *knows the caller* but *cannot confirm that the caller is entitled to use the phone number*. *Common scenarios:* - Calls coming from a PBX or VoIP provider *upstream*, where the terminating carrier knows the upstream provider but *not the end user*. - Calls where caller-ID numbers are provided by the customer and not verified. *Example:* A carrier receives a call from a SIP trunk reseller who authenticates the customer but *does not verify* the specific caller-ID. *Confidence level:* Medium. On Fri, Nov 21, 2025 at 12:24 PM Alex Balashov via VoiceOps < voiceops@voiceops.org> wrote:
Unfounded speculation, but I think this is a short-term hack and will ultimately go the way of the dodo.
Yes, services like this will go the way of the dodo. You can't impersonate the original caller per se. There will be some other way to pass the identity of the caller, or other enriched call data that would be relevant to a database lookup. It won't be by presenting CID of a number you don't own.
-- Alex
On Nov 21, 2025, at 5:02 PM, Carlos Alvarez via VoiceOps < voiceops@voiceops.org> wrote:
I’ve just deployed something similar to this via Telin. I’m sure others can do it too. They have an automated system that verifies your ownership/permission to use a phone number, and from then on, you can use it and get either B or A attestation. The most common interpretation of the current regs is that this is the only way you can send off-net CLID in the future. If you want to have a live conversation about this I’m open to a call. It’s something I’ve been doing since the 90s and constantly fighting the changing landscape on CLID.
If you’d like to talk to someone at Telin I can make an intro. Great people, solid service.
On Nov 19, 2025 at 9:07:54 AM, Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
I appreciate all the replies. I talked with some "engineer" higher up at the company and they were blissfully unaware of the Caller ID changes. (Probably because they weren't from the US) On somewhat of a side note, I don't get the unrelenting pressure in the healthcare industry to offshore everything to places that don't have the same data protection laws as us. Eventually someone's going to get bit hard when they realize they've been sending all their patients' voices off shore to help train an AI or to gather data and that service gets breached with zero recourse. In this particular situation, I don't understand why a simple voicemail box won't work. No one wants to talk to AI. Least of all to talk to AI to have it summarize what a caller wants only to get an email attachment of the summary along with an audio attachment via email. -A On Wed, Nov 19, 2025 at 8:07 AM Aaron C. de Bruyn <aaron@heyaaron.com> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A
“Spoofing” is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don’t always traverse service S. Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It’s so prevalent and normal that it’s hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different “phone line” for each outbound call? And they do understand that it’s extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number. As of today, the “Know Your Customer” policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls. In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I’m almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they’ll update the screen list. Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
There have been reasons for legitimate spoofing. I have first-hand experience with this related to PRI service over the decades. PRI translations allow for overriding the calling TN, for situations like battered women shelters and other humanity organizations so they cannot be traced back. However, I would have to admit.. I have been approached for such a service way more times for sketchy situations than legit. Kidd Filby 661.557.5640 (C) http://www.linkedin.com/in/kiddfilby On Sat, Nov 22, 2025 at 19:16 Mark R Lindsey, ECG via VoiceOps < voiceops@voiceops.org> wrote:
“Spoofing” is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don’t always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It’s so prevalent and normal that it’s hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different “phone line” for each outbound call?
And they do understand that it’s extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf
Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the “Know Your Customer” policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I’m almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they’ll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes. Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect _all the time. _It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month --
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID. Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison. On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps < voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- *Pinchas S. Neiman* Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use. What carrier "owns" the number is highly debatable these days because there's multiple players. 1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to. 2. The carrier who manages the TN under their LRN. (In ported TN situations) 3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs. Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps <voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote: "Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect _all the time. _It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month --
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> wrote: I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org -- Pinchas S. Neiman Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2 _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them. That would require us to get permission to "spoof" numbers from tens of thousands of patients. ...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN. -A On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com> wrote:
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use.
What carrier "owns" the number is highly debatable these days because there's multiple players.
1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to.
2. The carrier who manages the TN under their LRN. (In ported TN situations)
3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs.
Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps < voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- *Pinchas S. Neiman* Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
If they want you to do that for them, I would have them sign an LOA for each client that they want this service for. It should detail what numbers are assigned to each customer and which of their customer numbers can be spoofed to replace another number in the customer's list of DIDs. That way if someone files a complaint, at least you're protected because you followed the instructions of the customer's carrier. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2026-01-06 04:53 PM, Aaron C. de Bruyn wrote:
Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them. That would require us to get permission to "spoof" numbers from tens of thousands of patients.
...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN.
-A
On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com> wrote:
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use.
What carrier "owns" the number is highly debatable these days because there's multiple players.
1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to.
2. The carrier who manages the TN under their LRN. (In ported TN situations)
3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs.
Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps <voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote: "Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect _all the time. _It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month --
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> wrote: I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org -- Pinchas S. Neiman Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2 _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
Aaron, If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.” The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header. Sansay has a nice write-up about it here: https://support.sansay.com/t/p8hctyw/diversion-div-passport I do see mention of the DIV passport on this Twilio page: https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter. Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards. David From: Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> Sent: Tuesday, January 6, 2026 3:54 PM To: Mary Lou Carey <marylou@backuptelecom.com> Cc: Pinchas Neiman <neimanpinchas@gmail.com>; Mark R Lindsey, ECG <lindsey@e-c-group.com>; voiceops@voiceops.org Subject: [VoiceOps] Re: Services that rely on Caller ID spoofing? Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them. That would require us to get permission to "spoof" numbers from tens of thousands of patients. ...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN. -A On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com <mailto:marylou@backuptelecom.com> > wrote: There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use. What carrier "owns" the number is highly debatable these days because there's multiple players. 1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to. 2. The carrier who manages the TN under their LRN. (In ported TN situations) 3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs. Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote: I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID. Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison. On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps <voiceops@voiceops.org <mailto:voiceops@voiceops.org> > wrote: I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes. Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote: "Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S. Of course this happens in conventional SIP trunking and wholesale interconnect all the time. It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call? And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number. As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls. In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list. Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org <mailto:voiceops@voiceops.org> > wrote: I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID. The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office". My understanding is the ability to spoof Caller ID info across the PSTN is going away. I tested, and I certainly can't do it with a Twilio SIP trunk. The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office. Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement? Thanks, -A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org <mailto:voiceops-leave@voiceops.org> _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org <mailto:voiceops-leave@voiceops.org> _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org <mailto:voiceops-leave@voiceops.org> -- Pinchas S. Neiman Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2 _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org <mailto:voiceops-leave@voiceops.org>
If memory serves me correctly, when I was testing all the variations of *Call Forwarding* during FoA testing of *Caller ID* in the 90's, The only CF feature that actually changed the calling number received by the terminating party was RCF ( Remote Call Forwarding ). This was done primarily for call vectoring. However, as I have mentioned before, there are legit reasons for doing so. For instance, Shelters, who have a PRI, will normally invoke Station ID Restriction in their PBX. This is done for the callers' protection. JM2C from an old guy. On Tue, Jan 6, 2026 at 8:25 PM David Frankel via VoiceOps < voiceops@voiceops.org> wrote:
Aaron,
If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.”
The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header.
Sansay has a nice write-up about it here:
https://support.sansay.com/t/p8hctyw/diversion-div-passport
I do see mention of the DIV passport on this Twilio page:
https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir
Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter.
Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards.
David
*From:* Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> *Sent:* Tuesday, January 6, 2026 3:54 PM *To:* Mary Lou Carey <marylou@backuptelecom.com> *Cc:* Pinchas Neiman <neimanpinchas@gmail.com>; Mark R Lindsey, ECG < lindsey@e-c-group.com>; voiceops@voiceops.org *Subject:* [VoiceOps] Re: Services that rely on Caller ID spoofing?
Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them.
That would require us to get permission to "spoof" numbers from tens of thousands of patients.
...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN.
-A
On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com> wrote:
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use.
What carrier "owns" the number is highly debatable these days because there's multiple players.
1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to.
2. The carrier who manages the TN under their LRN. (In ported TN situations)
3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs.
Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps < voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month —
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf
Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this:
* I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office
* It's after hours and they are busy with other calls
* Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>)
* They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
--
*Pinchas S. Neiman*
Software Engineer At ESEQ Technology Corp.
Providing you reliable software solutions for any matter.
845.213.1229 #2
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- Kidd Filby 661.557.5640 (C) http://www.linkedin.com/in/kiddfilby
I can second this from a company that both receives forwarded calls and forwards calls. It is perfectly normal and standard to forward the caller ID that you received. This is exactly what the Diversion header and div passport were designed to do. Diversion has been around forever as the SIP indication that a call was forwarded. The major wireless carriers are now also using div passports now when they forward calls. I know this because I receive forwarded calls from them all day, every day. You should be completely in the clear, assuming you signal correctly. Your platform will need to preserve the original shaken passport and P-Asserted-Identity when appending your own div passport and Diversion header. Some platforms may not be updated to the current div passport standard, so you'll need to confirm that first. On Wed, Jan 7, 2026, 10:02 AM Kidd Filby via VoiceOps <voiceops@voiceops.org> wrote:
If memory serves me correctly, when I was testing all the variations of *Call Forwarding* during FoA testing of *Caller ID* in the 90's, The only CF feature that actually changed the calling number received by the terminating party was RCF ( Remote Call Forwarding ). This was done primarily for call vectoring. However, as I have mentioned before, there are legit reasons for doing so. For instance, Shelters, who have a PRI, will normally invoke Station ID Restriction in their PBX. This is done for the callers' protection.
JM2C from an old guy.
On Tue, Jan 6, 2026 at 8:25 PM David Frankel via VoiceOps < voiceops@voiceops.org> wrote:
Aaron,
If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.”
The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header.
Sansay has a nice write-up about it here:
https://support.sansay.com/t/p8hctyw/diversion-div-passport
I do see mention of the DIV passport on this Twilio page:
https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir
Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter.
Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards.
David
*From:* Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> *Sent:* Tuesday, January 6, 2026 3:54 PM *To:* Mary Lou Carey <marylou@backuptelecom.com> *Cc:* Pinchas Neiman <neimanpinchas@gmail.com>; Mark R Lindsey, ECG < lindsey@e-c-group.com>; voiceops@voiceops.org *Subject:* [VoiceOps] Re: Services that rely on Caller ID spoofing?
Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them.
That would require us to get permission to "spoof" numbers from tens of thousands of patients.
...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN.
-A
On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com> wrote:
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use.
What carrier "owns" the number is highly debatable these days because there's multiple players.
1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to.
2. The carrier who manages the TN under their LRN. (In ported TN situations)
3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs.
Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps < voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month —
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf
Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this:
* I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office
* It's after hours and they are busy with other calls
* Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>)
* They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
--
*Pinchas S. Neiman*
Software Engineer At ESEQ Technology Corp.
Providing you reliable software solutions for any matter.
845.213.1229 #2
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
-- Kidd Filby 661.557.5640 (C) http://www.linkedin.com/in/kiddfilby
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
Question – if you get a call in from your client’s PBX and it’s a forward, do you ONLY supply the DIV passport? I mean, it’s the only thing you’d know anything about as the originating number is from some offnet caller, so you wouldn’t have a standard passport. But, all the examples I’ve seen show both a standard passport and a DIV passport. How are you supposed to do both in a situation where the client’s forward is handled by their PBX? You’re not going to have the original passport to add on to. I am arguing that the DIV passport is what needs to be applied because that’s all we know anything about...but, I’m getting pushback saying that they are just going to do the standard passport – which makes no sense to me for some rather obvious reasons, I would think. Thanks. Kili From: Calvin E. via VoiceOps <voiceops@voiceops.org> Sent: Thursday, January 8, 2026 10:25 AM To: Voiceops.org <voiceops@voiceops.org> Subject: [VoiceOps] Re: Services that rely on Caller ID spoofing? NOTE: This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail. WARNING: Replies to this message will go to voiceops-bounces@voiceops.org<mailto:voiceops-bounces@voiceops.org>. If you believe this is malicious or are unsure if this is correct, please report it using the Report Phish button and our analysts will investigate it. I can second this from a company that both receives forwarded calls and forwards calls. It is perfectly normal and standard to forward the caller ID that you received. This is exactly what the Diversion header and div passport were designed to do. Diversion has been around forever as the SIP indication that a call was forwarded. The major wireless carriers are now also using div passports now when they forward calls. I know this because I receive forwarded calls from them all day, every day. You should be completely in the clear, assuming you signal correctly. Your platform will need to preserve the original shaken passport and P-Asserted-Identity when appending your own div passport and Diversion header. Some platforms may not be updated to the current div passport standard, so you'll need to confirm that first. On Wed, Jan 7, 2026, 10:02 AM Kidd Filby via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: If memory serves me correctly, when I was testing all the variations of Call Forwarding during FoA testing of Caller ID in the 90's, The only CF feature that actually changed the calling number received by the terminating party was RCF ( Remote Call Forwarding ). This was done primarily for call vectoring. However, as I have mentioned before, there are legit reasons for doing so. For instance, Shelters, who have a PRI, will normally invoke Station ID Restriction in their PBX. This is done for the callers' protection. JM2C from an old guy. On Tue, Jan 6, 2026 at 8:25 PM David Frankel via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: Aaron, If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.” The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header. Sansay has a nice write-up about it here: https://support.sansay.com/t/p8hctyw/diversion-div-passport I do see mention of the DIV passport on this Twilio page: https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter. Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards. David From: Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> Sent: Tuesday, January 6, 2026 3:54 PM To: Mary Lou Carey <marylou@backuptelecom.com<mailto:marylou@backuptelecom.com>> Cc: Pinchas Neiman <neimanpinchas@gmail.com<mailto:neimanpinchas@gmail.com>>; Mark R Lindsey, ECG <lindsey@e-c-group.com<mailto:lindsey@e-c-group.com>>; voiceops@voiceops.org<mailto:voiceops@voiceops.org> Subject: [VoiceOps] Re: Services that rely on Caller ID spoofing? Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them. That would require us to get permission to "spoof" numbers from tens of thousands of patients. ...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN. -A On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com<mailto:marylou@backuptelecom.com>> wrote: There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use. What carrier "owns" the number is highly debatable these days because there's multiple players. 1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to. 2. The carrier who manages the TN under their LRN. (In ported TN situations) 3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs. Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote: I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID. Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison. On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes. Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote: "Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S. Of course this happens in conventional SIP trunking and wholesale interconnect all the time. It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call? And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month — https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number. As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls. In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list. Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID. The service works like this: * I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office * It's after hours and they are busy with other calls * Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>) * They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office". My understanding is the ability to spoof Caller ID info across the PSTN is going away. I tested, and I certainly can't do it with a Twilio SIP trunk. The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office. Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement? Thanks, -A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> -- Pinchas S. Neiman Software Engineer At ESEQ Technology Corp. Providing you reliable software solutions for any matter. 845.213.1229 #2 _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> -- Kidd Filby 661.557.5640 (C) http://www.linkedin.com/in/kiddfilby _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work
The only way to have a chain of trust is with the original shaken passport and each forwarding hop adding a div passport. A div passport alone is meaningless without a shaken passport, and a forwarded call with only the original shaken passport would fail verification because the dst claim no longer matches. On Mon, Jan 12, 2026, 7:26 AM Kili Land <kili.land@gtt.net> wrote:
Question – if you get a call in from your client’s PBX and it’s a forward, do you ONLY supply the DIV passport? I mean, it’s the only thing you’d know anything about as the originating number is from some offnet caller, so you wouldn’t have a standard passport. But, all the examples I’ve seen show both a standard passport and a DIV passport. How are you supposed to do both in a situation where the client’s forward is handled by their PBX? You’re not going to have the original passport to add on to.
I am arguing that the DIV passport is what needs to be applied because that’s all we know anything about...but, I’m getting pushback saying that they are just going to do the standard passport – which makes no sense to me for some rather obvious reasons, I would think.
Thanks.
Kili
*From:* Calvin E. via VoiceOps <voiceops@voiceops.org> *Sent:* Thursday, January 8, 2026 10:25 AM *To:* Voiceops.org <voiceops@voiceops.org> *Subject:* [VoiceOps] Re: Services that rely on Caller ID spoofing?
*NOTE:* This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail.
*WARNING:* Replies to this message will go to voiceops-bounces@voiceops.org. If you believe this is malicious or are unsure if this is correct, please report it using the *Report Phish* button and our analysts will investigate it.
I can second this from a company that both receives forwarded calls and forwards calls. It is perfectly normal and standard to forward the caller ID that you received. This is exactly what the Diversion header and div passport were designed to do.
Diversion has been around forever as the SIP indication that a call was forwarded. The major wireless carriers are now also using div passports now when they forward calls. I know this because I receive forwarded calls from them all day, every day. You should be completely in the clear, assuming you signal correctly. Your platform will need to preserve the original shaken passport and P-Asserted-Identity when appending your own div passport and Diversion header.
Some platforms may not be updated to the current div passport standard, so you'll need to confirm that first.
On Wed, Jan 7, 2026, 10:02 AM Kidd Filby via VoiceOps < voiceops@voiceops.org> wrote:
If memory serves me correctly, when I was testing all the variations of *Call Forwarding* during FoA testing of *Caller ID* in the 90's, The only CF feature that actually changed the calling number received by the terminating party was RCF ( Remote Call Forwarding ). This was done primarily for call vectoring. However, as I have mentioned before, there are legit reasons for doing so. For instance, Shelters, who have a PRI, will normally invoke Station ID Restriction in their PBX. This is done for the callers' protection.
JM2C from an old guy.
On Tue, Jan 6, 2026 at 8:25 PM David Frankel via VoiceOps < voiceops@voiceops.org> wrote:
Aaron,
If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.”
The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header.
Sansay has a nice write-up about it here:
https://support.sansay.com/t/p8hctyw/diversion-div-passport
I do see mention of the DIV passport on this Twilio page:
https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir
Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter.
Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards.
David
*From:* Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> *Sent:* Tuesday, January 6, 2026 3:54 PM *To:* Mary Lou Carey <marylou@backuptelecom.com> *Cc:* Pinchas Neiman <neimanpinchas@gmail.com>; Mark R Lindsey, ECG < lindsey@e-c-group.com>; voiceops@voiceops.org *Subject:* [VoiceOps] Re: Services that rely on Caller ID spoofing?
Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them.
That would require us to get permission to "spoof" numbers from tens of thousands of patients.
...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN.
-A
On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com> wrote:
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use.
What carrier "owns" the number is highly debatable these days because there's multiple players.
1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to.
2. The carrier who manages the TN under their LRN. (In ported TN situations)
3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs.
Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps < voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month —
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf
Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this:
* I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office
* It's after hours and they are busy with other calls
* Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>)
* They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
--
*Pinchas S. Neiman*
Software Engineer At ESEQ Technology Corp.
Providing you reliable software solutions for any matter.
845.213.1229 #2
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
--
Kidd Filby 661.557.5640 (C) http://www.linkedin.com/in/kiddfilby
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
*NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work*
Is this a client that normally signs their own calls, or do you sign for them? If they normally sign their own outbound calls, it is up to them to preserve the original Identity (shaken) header when adding their own Identity (div) and Diversion header. If you sign for them, it's not as simple. Some carriers might see a non-customer Caller ID Number from a known customer and attest that as B. If you're also the origination carrier and feeling creative, you could cache the Identity header, send it to them (or use Call-ID, or some custom session header), and when they send a new (no tag on To) call with that cached header, and a different From/P-Asserted-Identity, and a Diversion header matching the destination of the original call, you add your own Identity (div). If the customer is multi-homed and they are forwarding calls from another provider, they need that provider to pass the ingress Identity (shaken) header to them, so they can include it with Diversion header, and you or they add the Identity (div). On Mon, Jan 12, 2026 at 7:26 AM Kili Land <kili.land@gtt.net> wrote:
Question – if you get a call in from your client’s PBX and it’s a forward, do you ONLY supply the DIV passport? I mean, it’s the only thing you’d know anything about as the originating number is from some offnet caller, so you wouldn’t have a standard passport. But, all the examples I’ve seen show both a standard passport and a DIV passport. How are you supposed to do both in a situation where the client’s forward is handled by their PBX? You’re not going to have the original passport to add on to.
I am arguing that the DIV passport is what needs to be applied because that’s all we know anything about...but, I’m getting pushback saying that they are just going to do the standard passport – which makes no sense to me for some rather obvious reasons, I would think.
Thanks.
Kili
*From:* Calvin E. via VoiceOps <voiceops@voiceops.org> *Sent:* Thursday, January 8, 2026 10:25 AM *To:* Voiceops.org <voiceops@voiceops.org> *Subject:* [VoiceOps] Re: Services that rely on Caller ID spoofing?
*NOTE:* This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail.
*WARNING:* Replies to this message will go to voiceops-bounces@voiceops.org. If you believe this is malicious or are unsure if this is correct, please report it using the *Report Phish* button and our analysts will investigate it.
I can second this from a company that both receives forwarded calls and forwards calls. It is perfectly normal and standard to forward the caller ID that you received. This is exactly what the Diversion header and div passport were designed to do.
Diversion has been around forever as the SIP indication that a call was forwarded. The major wireless carriers are now also using div passports now when they forward calls. I know this because I receive forwarded calls from them all day, every day. You should be completely in the clear, assuming you signal correctly. Your platform will need to preserve the original shaken passport and P-Asserted-Identity when appending your own div passport and Diversion header.
Some platforms may not be updated to the current div passport standard, so you'll need to confirm that first.
On Wed, Jan 7, 2026, 10:02 AM Kidd Filby via VoiceOps < voiceops@voiceops.org> wrote:
If memory serves me correctly, when I was testing all the variations of *Call Forwarding* during FoA testing of *Caller ID* in the 90's, The only CF feature that actually changed the calling number received by the terminating party was RCF ( Remote Call Forwarding ). This was done primarily for call vectoring. However, as I have mentioned before, there are legit reasons for doing so. For instance, Shelters, who have a PRI, will normally invoke Station ID Restriction in their PBX. This is done for the callers' protection.
JM2C from an old guy.
On Tue, Jan 6, 2026 at 8:25 PM David Frankel via VoiceOps < voiceops@voiceops.org> wrote:
Aaron,
If I understand you correctly, you are dealing with a fairly conventional call-forwarding situation, and that is addressed in the SHAKEN standards. It does not have anything to do with an FCC “crackdown.”
The standards (ATIS 1000085) define something called a DIV passport – this is an additional signature (IDENTITY header) that is generated by the service provider responsible for forward (DIVerting) the call. It generally is used in conjunction with the SIP DIVERSION header.
Sansay has a nice write-up about it here:
https://support.sansay.com/t/p8hctyw/diversion-div-passport
I do see mention of the DIV passport on this Twilio page:
https://www.twilio.com/docs/voice/trusted-calling-with-shakenstir
Whether your systems (and those of the provider receiving the forwarded call) support DIV ppt is another matter.
Forwarding is (still) perfectly legal and you don’t need to “spoof” anything when following the standards.
David
*From:* Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> *Sent:* Tuesday, January 6, 2026 3:54 PM *To:* Mary Lou Carey <marylou@backuptelecom.com> *Cc:* Pinchas Neiman <neimanpinchas@gmail.com>; Mark R Lindsey, ECG < lindsey@e-c-group.com>; voiceops@voiceops.org *Subject:* [VoiceOps] Re: Services that rely on Caller ID spoofing?
Unfortunately in this situation the 3rd-party company expects us to receive calls from patients and instead of sending them to voicemail after-hours, we forward the call on to them.
That would require us to get permission to "spoof" numbers from tens of thousands of patients.
...or...if the 3rd-party company wasn't completely incompetent, have us set up a SIP or IAX trunk directly to them that does allow us to pass the call to them without going over the PSTN.
-A
On Tue, Jan 6, 2026 at 2:50 PM Mary Lou Carey <marylou@backuptelecom.com> wrote:
There are certain circumstances where caller ID spoofing is allowed. For example, in the situation where a doctor may be calling a patient after hours. They can change the doctor's cell phone number to be the phone number of the medical office the doctor works for. What people are not allowed to do is to spoof a number that they do not have permission to use.
What carrier "owns" the number is highly debatable these days because there's multiple players.
1. The ILEC / CLEC / IPES / Wireless carrier that the NPA-NXX-X was assigned to.
2. The carrier who manages the TN under their LRN. (In ported TN situations)
3. The reseller who pays an upstream carrier for the DID service. (The DID may have been resold multiple times so the OCN associated with the LRN does not necessarily match the OCN of the carrier that manages the assignment of TNs.
Whoever has the direct connection with the end user customer has the responsibility of ensuring that the TN is not spoofed in situations that are illegal.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-24 12:00 PM, Pinchas Neiman via VoiceOps wrote:
I think it's pretty clear that we are victims of crediting the holder instead of the owner, the definition of number ownership, the "Deed", must be decoupled from holding it. This should not be a matter of provider to provider verification, but a global record that entity X may use that phone number for caller ID.
Side note, hackers are hackers because they view themselves as experienced troublemakers, the standard cowboy will not give up his career just because a tech person earns more than him, although some smarter do, and some hackers are getting smarter in prison.
On Mon, Nov 24, 2025 at 3:30 PM Mary Lou Carey via VoiceOps < voiceops@voiceops.org> wrote:
I think the intent to block spoofing is to prevent people from using telephone numbers they do not own. I once had a client that had the FBI show up on his doorstep because they said they traced a call back to his company. The number they were interested in was an unallocated TN in his PBX. Apparently someone had gotten ahold of that TN and was using it for nefarious purposes.
Hackers are creative, I'll give them that. However, I'll never understand why they can't use their skills to make money legally. Why does one need to make mountains of money illegally when they can make enough to support themselves legally? Many create such a boatload of damage within a small amount of time that their poor innocent victims are detrimentally impacted by. I guess they don't care who they hurt. One can only hope Karma comes calling for them one day and reimburses them ten fold.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2025-11-22 08:11 PM, Mark R Lindsey, ECG via VoiceOps wrote:
"Spoofing" is the standard term, even used in FCC docs, to mean that a person is placing a call from telephone number X using a voice service S, where calls placed from the PSTN to X don't always traverse service S.
Of course this happens in conventional SIP trunking and wholesale interconnect *all the time. *It's so prevalent and normal that it's hard to even wrap your telecom head around what the FCC and the US congress even means. Why would you assume S is a symmetrical service for both placing and receiving calls? Does someone really think UPS or Bank Of America or even then local Memorial Hospital are seriously placing calls from exactly one place, or using a different "phone line" for each outbound call?
And they do understand that it's extremely common. Read some discussion in the latest FNRPM from last month —
https://docs.fcc.gov/public/attachments/FCC-25-76A1.pdf
Attending conferences in this space and listening to FCC staffers, there is actually no push that I perceive to eliminate spoofing. But, there IS a push to eliminate the blind trust that anybody has the right to call from a telephone number, simply because they use it to populate the From header. In the latest suggestions from the FCC, what we might see are additional steps of vetting to determine you do have the right to place calls from a telephone number and the proper name that should be provided on that number.
As of today, the "Know Your Customer" policy and practices of legitimate service providers will ensure the SP takes steps to confirm the right to place calls from the telephone numbers they use as the calling part number for outbound calls.
In your example, Twilio was screening your calling party numbers. They probably have a list of telephone numbers from which you can call. I'm almost certain they have a process by which you can provide evidence you have the right to call from those numbers, and they'll update the screen list.
Mark R Lindsey Member of Technical Staff / VP +1-229-316-0013 https://info.ecg.co/lindsey
On Wed, Nov 19, 2025 at 11:13 Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:
I'm not entirely up on the whole FCC Caller ID Spoofing crackdown that's going on, but I just ran into a 3rd party service for medical offices that expects us to spoof Caller ID.
The service works like this:
* I grab my cell phone (123-456-7890) and call my doctor/dentist/medical office
* It's after hours and they are busy with other calls
* Their phone system turns around and forwards my call to a 3rd-party number (say 111-222-3333) emitting my Caller ID info ("Aaron" <1234567890>)
* They see a call come in on 111-222-3333 and know it's for "Dr. Bob's Office", so their system accesses his patient database and looks for my patient record with the phone number 123-456-7890 and someone answers the call saying "Thanks for calling Dr. Bob's office".
My understanding is the ability to spoof Caller ID info across the PSTN is going away.
I tested, and I certainly can't do it with a Twilio SIP trunk.
The main reason I'm curious is I have a customer that has their own phone system that I help them manage (FreePBX linked to Twilio). They just purchased an office that uses a 3rd-party phone provider (Weave) along with this 3rd-party answering service, and they are somewhat upset that I can't make it work with their existing phone system. The third-party answering service doesn't have any way of interconnecting other than spoofing Caller ID over the PSTN to a random number they assigned to the medical office.
Are services like this going the way of the dodo? Are they having to set up private SIP trunks between clients to get this functionality? Do some VoIP providers allow you to spoof Caller ID for this purpose under some sort of agreement?
Thanks,
-A
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
--
*Pinchas S. Neiman*
Software Engineer At ESEQ Technology Corp.
Providing you reliable software solutions for any matter.
845.213.1229 #2
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
--
Kidd Filby 661.557.5640 (C) http://www.linkedin.com/in/kiddfilby
_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org
*NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work*
participants (12)
-
Aaron C. de Bruyn -
Alex Balashov -
Aryn Nakaoka 808.356.2901 -
Calvin E. -
Carlos Alvarez -
David Frankel -
Dovid Bender -
Kidd Filby -
Kili Land -
Mark R Lindsey, ECG -
Mary Lou Carey -
Pinchas Neiman