Robocalls have rapidly evolved from minor disruptions to widespread threats, complicating efforts for telecom providers to protect consumers. As bad actors use increasingly sophisticated tactics to spoof numbers and bypass regulations, traditional post-call analytics aren’t enough. This article explores how 46 Labs is taking a proactive stance by leveraging real-time data to detect unlawful calls, identify spoofing, and protect both consumers and carriers before harm is done.
The Unwanted Robocall Problem
The surge in robocalls—automated, often unwanted phone calls—can be traced to technological advances that have significantly reduced the cost of call automation and telecom infrastructure. They work by using Voice over Internet Protocol (VoIP), a communication method that’s highly flexible, scalable, and much cheaper than older Time Division Multiplex (TDM), circuit-switched technology. This allows robocalling platforms to place a high volume of calls very inexpensively, something far more difficult with TDM.
While much cheaper than older systems like TDM/SS7, modern VoIP/SIP technology also enables widespread illegal activities with significant anonymity. Unlike legitimate business calls, the bulk VoIP used by scammers and some telemarketers costs mere fractions of a penny per data transfer.
How Bad Actors Use Robocalling
Unwanted robocalls originate from bad actors with two different strategies. One strategy is to target specific individuals. This is known as “spear vishing” (vishing is a term that comes from voice-based phishing), a tactic in which data is used to identify and attempt to reach certain people. With this tactic, bad actors call numbers directly from databases they’ve purchased or otherwise obtained.
What most people experience is “broadcast vishing,” a method involving bad actors making many calls to many different numbers, hoping to get a “hit” on an active number that a consumer will answer. Think of broadcast robocallers as taking a “shotgun” approach: they call numbers indiscriminately, aiming for every possible phone number in the U.S. system. These automated callers don’t care if they hit a dead end like a non-existent or disconnected number, though that can be a clue for systems trying to block them. Ultimately, broadcast vishing calls are the most impactful in terms of the sheer number of calls made.
To get through to consumers, many robocallers use a technique called “telephone number spoofing” to trick you into answering. This means they electronically alter the caller ID so the number appears to be different from where the call originated. For example, a call might look like it’s coming from the U.S., but it’s really from another country. STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted Information Using toKENs) is a framework designed to combat telephone number spoofing by digitally verifying caller ID information. STIR/SHAKEN has helped reduce call spoofing. However, it is not ubiquitous and can’t stop unwanted robocalls by itself.
Not All Robocalls Are Bad
Consumers are understandably frustrated by the constant barrage of unwanted robocalls, leading wireless carriers to implement aggressive spam filtering measures. While these efforts aim to protect individuals from scams and telemarketing, they can inadvertently block legitimate and even crucial automated messages.
For instance, public safety alerts, such as emergency notifications from local authorities or Amber Alerts, might not reach their intended recipients if flagged as spam. Similarly, academic institutions often rely on robocalls to disseminate important information regarding school closures, event changes, or even urgent student welfare matters.
Financial institutions frequently use automated calls for fraud alerts, unusual activity notifications, or critical account updates, while healthcare providers may employ them for appointment reminders, prescription pickups, or vital health information.
When these valuable communications are mislabeled as spam, consumers can miss out on timely and essential information, potentially leading to missed appointments, financial vulnerabilities, or even safety risks. The challenge lies in striking a balance between effective spam prevention and ensuring the delivery of wanted and necessary automated calls to consumers.
This can be particularly difficult for wireless carriers, since the calling party number isn’t known by the terminating carrier and/or the analytic engine company that provides spam prevention. Often, algorithms assume that calls are “spam” simply because of algorithmic assumptions such as thresholds related to the frequency and/or volume of calls rather than the actual call intent.
What Makes a Call a “Spam Call”
The term “spam” is often used very generally to refer to any unwanted call. Not all unwanted calls break the law, but that doesn’t mean consumers want to receive them. When consumers complain about such calls, the telephone number associated with those calls can often receive a bad reputation score from the analytics engines. This type of crowd-sourced feedback often causes subsequent calls from the same telephone number to receive poor call treatment, such as a “spam” flag.
For purposes of this article, “spam” refers to voice calls that are fraudulent or otherwise unlawful.
Tools for Fighting Spam Calls
Combating spam calls today requires a powerful mix of data, intelligent algorithms, and regulations. Federal regulations, such as the Truth in Caller ID Act, Telephone Consumer Protection Act (TCPA), and Telemarketing Sales Rule (TSR), address the rise in deceptive calls. Together, they form a regulatory framework designed to reduce nuisance calls and protect consumers from fraud and abuse while still allowing legitimate businesses to operate within clear boundaries.
Analytics and Artificial Intelligence (AI) are crucial to fending off spam, with analytics engines (like those from Hiya, First Orion, and TNS) using deterministic methods (e.g., Do Not Originate lists) and probabilistic algorithms to identify and label spam calls, sometimes even blocking them.
Robust data management is another vital component. This includes structured data from Do Not Call (DNC) registries, the Reassigned Number Database (RND), and Do Not Originate (DNO) data, all of which help identify numbers that should not be called or that are unlikely to originate legitimate calls. Unstructured data, often leveraged through “big data” techniques, provides insights from sources like voice analytics. Combining both structured and unstructured data through event-based and content-based analytics significantly improves the accuracy of robocall detection.
Know Your Customer (KYC) enhances voice spam mitigation by verifying caller identity and reducing false positives, especially for institutions like banks. When paired with Know Your Traffic (KYT), which analyzes patterns like high volumes of short calls, telecom providers can better detect robocalls. While post-call analytics help, combining KYC with real-time KYT provides a stronger defense against bad actors, improves traffic assessment, and builds trust in call legitimacy.
How Real-Time Data and Analytics Make a Difference
Unlike the preceding data and analytics means and methods, which rely on post-call data to render opinions about telephone number reputation, real-time data and analytics involve analysis and decision-making while a voice call is in progress. For example, voice conversations may be analyzed as they are happening, rather than waiting for the calling party to leave a message on a honeypot or voicemail system.
While post-call systems can detect calling patterns or use metadata like calling frequency and STIR/SHAKEN attestation levels, they don’t “hear” the call. A real-time conversational analysis engine using natural language processing (NLP) and voice biometrics can understand tone, urgency, language patterns, and scripted robocall behavior, giving much deeper context into whether a call is harmful or not.
Another constraint of post-call systems is that they often require multiple instances to identify a pattern. A scammer using a new number or tactic might succeed several times before being caught. A real-time system can stop even a first-time fraudulent call, closing a major vulnerability in reactive systems.
Many spam callers spoof legitimate numbers and rotate through them to avoid pattern detection. Real-time analysis sidesteps this issue by focusing on the content of calls, such as what’s being said, not who appears to be calling in terms of telephony identity. This makes it harder for fraudsters to evade detection by simply changing phone numbers or tactics between calls.
For enterprise customers, real-time systems can detect when their number is being spoofed and/or their brand is being misrepresented during impersonation scams as they happen. This enables faster remediation, better brand protection, and stronger consumer confidence.
Identifying Intent in Real Time
As mentioned earlier, understanding intent is a key aspect of dealing with spam calls. However, that can be hard to identify without real-time analysis of call content. If indicators of a scam (e.g., voice prompts demanding personal info, high-pressure tactics, or specific threat phrases like “your Social Security number has been suspended”) are detected early, the call can be flagged or terminated immediately. This prevents the recipient from falling victim in the moment, which is not possible with post-call analytics.
When unlawful activity is detected—for example, if specific phone numbers are linked to illicit schemes like spoofing—network operators can delve deeper. An intermediate network operator, for instance, might compare the call durations of numbers flagged for unlawful behavior with those of other numbers showing similar call durations. Further investigation could reveal that all such suspicious calls originate from the same media IP address, providing crucial evidence for mitigating the threat.
These forms of real-time voice call analysis complement and outperform post-call robocall mitigation by allowing systems to act on the actual intent and content of the call, not just indirect indicators. It shifts the defense model from reactive to proactive, making it much harder for spam callers to succeed.
What 46 Labs is Doing with Real-time Data
Whereas most carriers take a reactive approach to spam call mitigation, 46 Labs is leveraging real-time data and analytics to proactively identify clearly unlawful calls and potentially unwanted robocalls. Some illegal calls are easier to detect than others. For example, the 46 Labs “Call Armor” solution leverages various definitive data sources, such as “Do Not Originate” (DNO) telephone numbers, to identify unlawful intent in real time.
In addition to deterministic data sources such as DNO, Call Armor also leverages probabilistic data and analytics at the control plane layer, which includes identity information, such as telephone numbers and STIR/SHAKEN data, and other data that is transmitted via SIP messages. 46 Labs leverages data from trusted sources, including its own network and repository of unused telephone numbers, as a means of discerning call intent probability.
The Call Armor solution utilizes STIR/SHAKEN information received via SIP signaling to evaluate identity claims. For example, certificate information is analyzed to determine if proper credentials are included with call attempts. If the real-time system determines that improper STIR/SHAKEN information is provided by an upstream carrier, 46 Labs may act on that information, up to and including blocking highly likely illegal calls.
So, if an upstream provider transmits a call to 46 Labs for transit, and Call Armor identifies that the call has not been signed, 46 Labs carries out its obligation per the FCC’s Eighth Report and Order to not allow the call to progress to its intended destination. Likewise, if a call attempt for ingress to 46 Labs is associated with a carrier that is not in the FCC Robocall Mitigation Database (RMD), 46 Labs will not allow the call to progress to its intended destination.
Call Armor has other sophisticated capabilities, such as verifying the association between a telephone number and STIR/SHAKEN information. For example, Call Armor can effectively deal with call attempts to ingress the 46 Labs network that are highly probable spoofed calls.
This works by comparing the calling party’s telephone number to the network service provider that is taking signing responsibility. This requires knowledge of the association of telephone numbers with registered enterprises and information about who is authorized to sign calls for them. If there is a mismatch between the telephone number and the signing entity for a call, the call is a highly probable spoofed call and therefore may be subject to blocking.
Taking Real-Time Data to the Next Level
While 46 Labs is a leader in spam call mitigation through its Call Armor solution, there is much more that can be done from a technical and business operations perspective by leveraging analysis of what is occurring in the transport plane.
It’s possible to analyze call content within the media IP layer of calls. Examples include evaluating spoken words for sentiment analysis and/or claims made by the calling party, such as “I am calling from ABC Bank.” It is technically feasible that Call Armor would decode and transcribe audio in real time, allowing for real-time analytics to identify ill intent, such as brand impersonation and/or other forms of misrepresentation.
However, there are privacy implications associated with such analysis. When contemplating real-time analysis of VoIP call content within the transport plane, one must exercise extreme caution due to the complex web of privacy laws that vary significantly by jurisdiction.
Under the Wiretap Act and the Electronic Communications Privacy Act (ECPA), intercepting or storing live or recorded calls typically requires consent from at least one party, and in some cases, even anonymized analysis may not be allowed without permission. Real-time voice analysis without proper safeguards could be considered illegal interception. Additionally, several states, including California, Florida, and Pennsylvania, have stricter laws requiring two-party or all-party consent for any call monitoring or recording.
Many jurisdictions require “all-party consent” for call recording or monitoring, meaning every participant in the conversation must be explicitly informed and agree to the analysis. Furthermore, industries like healthcare have even stricter regulations regarding the privacy of sensitive information transmitted over calls, requiring specific safeguards and audit controls.
Therefore, a thorough understanding of applicable laws and strict adherence to consent requirements are paramount as a precursor to realizing the full capabilities of Call Armor and any other similar type of approach.
The Future of Robocall Mitigation Leveraging Real-time Data
The future is promising for robocall mitigation efforts that harness real-time data, particularly as control plane analytics continue to evolve as a key line of defense against unwanted calls. While current approaches are limited by regulatory constraints on transport plane data, the effectiveness of real-time detection tools like Call Armor demonstrates how impactful even partial data access can be.
Encouragingly, there are signs that future regulatory frameworks may better reconcile privacy protections with the need for proactive consumer safeguards. If carriers are ultimately permitted to access and analyze data within the transport plane under strict compliance and anonymization protocols, it would unlock even greater accuracy and speed in identifying malicious calls. By continuing to invest in real-time tools and pushing for balanced regulatory progress, the telecom industry can move closer to a future where spam calls are the rare exception, not the norm.
