Find out everything you need to know about the Robocall Mitigation Database below.
As per the Federal Communications Commission (FCC), any "intermediate and terminating service providers" cannot accept any traffic from carriers that are not registered in the Robocall Mitigation Database (RMDB) beginning on September 28, 2021.
According to the FCC, the sheer volume of unwanted calls — including those that are spoofed robocalls as well as those pertaining to illegal activity — are the top complaints among consumers in the United States. As a result, the FCC has attempted to solve this problem in a variety of ways and the Robocall Mitigation Database is the latest effort.
The RMDB is a way for voice service providers to certify whether they have already implemented the appropriate authentication framework, as well as to outline to what extent they have done so. Largely, it is a way for voice service providers in general to verify that they are taking "specific, actionable steps" to stop the origination of these illegal robocall instances once and for all.
Access to the Robocall Mitigation Database is available using the following public link.
According to the FCC, any organization that qualifies as a "voice service provider" must register in the Robocall Mitigation Database. As a result, they must also participate in all call blocking directives that have been dictated.
Under the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, the FCC defines a voice service provider as any IP-enabled voice services that are:
Because of the overarching nature of that definition, a wide range of different voice service providers will be required to register with the Robocall Mitigation Database. Generally speaking, this will involve the majority of organizations who have purchased enterprise or retail-oriented services from their provider.
Thankfully, registration is a relatively simple process that can be completed in a matter of minutes. To do so, use the following link.
Due to the severe nature of the problem the Robocall Mitigation Database is trying to solve, it's understandable that the penalty for a carrier failing to register is quite serious. For starters, it is likely that their service will be terminated until proper registration is complete.
The FCC's website lists a number of other potential penalties for failing to register, which include:
Note that because the September 28, 2021 deadline has already passed, that second penalty in particular may have already started to happen.
Voice service providers were required to submit their registration by no later than June 30, 2021 using the FCC's filing portal. Anyone who failed to do so prior to that time should register as soon as they are able to.
If registration did take place, but errors were discovered after the fact, contact FCC staff directly to make adjustments by sending an email to RoboCallMitigationDatabase@FCC.gov.
For consumers, the good news is that the FCC has an Enforcement Bureau in place to review each voice service provider's robocall mitigation plan to make sure they are meeting their obligations in a specific, effective way.
The FCC does not, however, provide a detailed checklist as to exactly what a program needs to include in order to meet this quality level. Doing so would likely give those who are looking for a way to circumvent the system an opportunity to do so, which is a problem the agency would like to avoid.
The FCC has indicated that such a program is "sufficient" if it meets all of the following standards:
To verify that your voice service provider is compliant with the Robocall Mitigation Database, you should visit the following link. There are a few different ways that registration status can be confirmed:
While the Robocall Mitigation Database and STIR/SHAKEN compliance are two very similar things, they are ultimately unique and should be treated as such. Even if a voice service provider has already taken the steps to become compliant with the STIR/SHAKEN authentication framework, they must still register with the Robocall Mitigation Database. This is because their compliance status with the former still needs to be noted with the latter.
At its core, STIR/SHAKEN is an interconnected framework of standards that are designed to combat spoofed robocalls in particular. A spoofed call is one that supposedly comes from one number, but really comes from another. This is why, when using a device with caller ID enabled, sometimes it is possible for a user to appear to get a robocall from their own telephone number.
The acronym STIR stands for "Secure Telephone Identity Revisited." The acronym SHAKEN stands for "Signature-Based Handling of Asserted Information Using Tokens."
In essence, any call traffic that travels across these interconnected networks will have their caller ID noted as "legitimate" through a signing process. This is done at the level of the originating carrier. Then, that status will be validated through any other carriers that the call traffic makes contact with, all before being passed along to a consumer.
This is the technology that makes it possible for "Possible SPAM Call" warnings to appear on a user's telephone when receiving a call that is likely illegitimate in nature.
One important consideration about this, however, is that the STIR/SHAKEN authentication framework isn't being deployed on legacy network devices. This can include "Bandwidth 7" and "Bandwidth 9" inbound and outbound gateways. Calls that travel across these networks won't receive the same signing status as outlined above, which is why additional registration in the Robocall Mitigation Database is also important.
Participating in a robocall mitigation plan is one of many markers on the road to proper FCC compliance. Others include 911 services, portability standards (voice service providers must comply with Local Number Portability rules), accessibility rules, and more.
To more specifically speak to the efforts to combat illegal robocalls in particular, the TRACED Act (along with the FCC) orders voice service providers to complete the following steps for the purposes of compliance:
In the end, both the FCC and the industry at large expect to see a significant reduction in robocalls moving forward. Not only that, but it is yet another tool for law enforcement agencies and similar organizations to identify and weed out these types of malicious callers before they can cause real harm to consumers.
It should be noted, however, that even the Robocall Mitigation Database is not necessarily a "silver bullet." It alone will not put an end to this problem — it will take the combination of all the FCC's efforts, coupled with the support of both voice service providers and their end users, to rid ourselves of these types of callers once and for all.
Other techniques include the use of blocklists, for example. This allows robocalls with specific attributes to be blocked, including things like specific numbers or prefixes, calling locations (including both states and countries), and the blocking of IP addresses that have been previously identified as robocallers, among other mechanisms. A reputation lookup can also be performed on any calling numbers for robocall detection. This tool provides a number with a reputation score and can be a very useful tool for businesses seeking to eliminate bad calls.
Naturally, this is going to take a fair amount of time, but the effort will prove to be more than worth it.