As robocall scams and caller ID spoofing continue to plague the telecom industry, regulators and carriers are turning to tools like the Do Not Originate (DNO) registry to combat fraud.
In the United States alone, consumers dealt with over 148 million robocalls in June 2025. And although 39% of those calls were important alerts and even payment reminders, 22% were scams. That’s a lot!
For VoIP resellers, understanding and implementing DNO is now essential. Below, we’ll explain what a DNO registry is, why it’s important, the Federal Communications Commission’s latest rules (including the Eighth Report & Order, FCC 25-15), and best practices to mitigate outbound calling fraud.
We promise to keep the language accessible and the focus on compliance, so both technical and business readers can follow along. Let’s get started!
What is a Do Not Originate (DNO) List?
A Do Not Originate (DNO) registry is essentially an “outbound-calling blacklist”; a list of telephone numbers that should never originate calls.
If a call appears to come from a number on the DNO list, it is highly likely to be spoofed or fraudulent and should be blocked. Typically, these are numbers that legitimate owners only use for inbound calls (they would never legitimately call you), or numbers that are otherwise not valid for outbound calling.
The United States’ Federal Communications Commission (FCC) outlines four categories that make a number eligible for DNO inclusion:
- Numbers that are inbound-only
- Invalid (nonexistent numbers)
- Unallocated (not assigned to any provider)
- Allocated but currently unused.
In short, DNO is a safeguard to catch obvious spoofed caller IDs before they reach unwary recipients.
How does DNO work in practice?
Voice providers maintain and consult DNO lists to filter traffic. For example, many government agencies and businesses have phone numbers reserved for inbound customer calls (like support hotlines or emergency numbers) and never place outbound calls from those lines.
Scammers know that calls from such trusted numbers will seem legitimate to victims, so they spoof those caller IDs. With a DNO registry in place, providers can automatically block any call claiming to be from an inbound-only number.
Meaning, if you get a call from that number, it must be a scam, and DNO stops it from ever ringing through.
RELATED: Lean all about VoIP spoofing and the risks involved
Industry groups have even created shared DNO databases for this purpose; for instance, the Industry Traceback Group’s DNO registry and the Somos RealNumber DNO dataset aggregate inbound-only numbers from government and private entities.
By checking calls against these lists, carriers and VoIP platforms can proactively drop suspicious calls before they reach end users.
Why DNO Is Important for Preventing Spoofing and Fraud
Caller ID spoofing – where fraudsters falsify the originating number – is at the heart of many robocall scams.
Impersonating a trusted organization (a bank, a government office, a hospital, etc.) dramatically increases the odds that a victim will answer and believe the caller.
DNO registries directly target this tactic. They prevent criminals from successfully spoofing known inbound-only or unassigned numbers.
For example, if scammers start “calling from” the IRS’s main help line (an inbound-only number), a DNO-enabled carrier would automatically block those calls, protecting consumers and the IRS’s reputation.
In the same way, DNO lists can include disconnected or unused numbers that are often used in spam calls – any call spoofing one of those numbers is almost certainly illegitimate and can be safely blocked.
Deploying DNO blocking not only protects the public but also benefits networks and resellers. It reduces wasted bandwidth and termination costs by eliminating obvious spam calls early. It also spares your customers from fraudulent calls that could lead to financial losses or erosion of trust.
DNO is one piece of a broader anti-robocall strategy, complementing other measures like call authentication. The FCC has noted that DNO is designed to shield consumers particularly from foreign-originated illegal robocalls (since many scam calls originate overseas and enter via gateway carriers).
While no single tool will stop all spoofing, combining DNO with others makes a powerful defense. In fact, when paired with the STIR/SHAKEN caller ID authentication framework, DNO filtering can severely mitigate the risk of illegal robocalls by both verifying caller identity and blocking known-bad sources.
Want to learn how to block spam calls using VoIP.ms? Hit play on the video below:
The FCC’s Stance and New DNO Mandates (Eighth Report & Order)
Regulators have taken notice of DNO’s effectiveness. In early 2025, the FCC adopted new rules in its Eighth Report and Order on combating illegal robocalls (FCC 25-15) that mandate DNO call blocking across the industry.
Previously, the FCC required only certain providers (like gateway carriers handling foreign traffic) to use DNO blocking, but the latest order expands this obligation to all voice service providers in the call path.
Whether you’re originating, transiting, or terminating a call, if a number is on a “reasonable” DNO list, you must block calls purporting to originate from it.
The FCC doesn’t supply a centralized DNO list; instead, each provider is expected to maintain their own reasonable DNO registry adapted to their network and customer base.
According to the FCC, a DNO list that is too narrow – leaving out many obvious scam-source numbers – could be deemed unreasonable. At minimum, the FCC expects providers to include certain key numbers: for instance, inbound-only numbers for government agencies (when the agency requests protection) and inbound-only numbers of private companies that have been used in impersonation scams (when the company asks to be included).
Naturally, numbers that are invalid, unassigned, or unused should also be included, as these have no legitimate reason to originate calls.
Why should VoIP resellers pay close attention to Do Not Originate lists?
Aside from the clear consumer protection benefits, compliance is now a must.
Failing to comply with DNO requirements can lead to serious regulatory penalties. The FCC has indicated it may impose steep fines on providers that do not block calls from numbers that should be on a DNO list: up to about $22,000 per violation (per call) for smaller entities, and up to ten times that (over $220,000 per call!) for larger carriers.
Moreover, providers must certify their robocall mitigation efforts (including DNO usage) in the FCC’s Robocall Mitigation Database; not doing so or being caught with inadequate measures could result in removal from that database.
(And being delisted would effectively cut off a provider’s ability to send traffic, since other carriers would refuse to accept it.)
Repeat or egregious offenders even risk having their operating authority revoked by the FCC.
In short, DNO compliance isn’t just best practice; it’s now a legal obligation with teeth. VoIP resellers, as part of the telecom ecosystem, should ensure they and their upstream carriers are following these rules.
Beyond avoiding penalties, showing that you actively fight spoofing (through DNO, STIR/SHAKEN, etc.) helps maintain your business’s reputation and keeps your legitimate traffic flowing without being erroneously blocked by others.
Best Practices for Outbound Call Fraud Mitigation
Regulatory compliance is the foundation, but a truly robust anti-fraud stance goes further. VoIP resellers can implement several best practices to strengthen their outbound calling integrity and protect their customers:
Caller ID Management
Maintain strict control over the caller ID (caller number) that your users or PBX systems can display on outbound calls. Only allow numbers that have been verified as belonging to the customer or that you have assigned to them.
This prevents scammers or misbehaving clients from injecting arbitrary caller IDs.
Good caller ID management not only reduces spoofing incidents, but also enables you to assign higher STIR/SHAKEN attestation levels to your calls (since you know the caller is authorized to use that number).
The result is more trusted calls and fewer red flags with other carriers and analytics systems.
Traffic Monitoring & Anomaly Detection
Keep an eye on your outbound traffic patterns and set up alerts for unusual activity.
Sudden spikes in call volume, bursts of very short calls, calls to high-cost or foreign numbers that a customer never normally dials, or calling patterns that match robocall campaigns (sequential dialing, for example) should trigger a closer look.
Implementing network analytics or fraud detection tools can help automatically flag and even shut down suspected fraudulent traffic.
As a reseller, you should know what “normal” usage looks like for your clients; when something deviates drastically, investigate quickly. Prompt intervention can stop a compromised account or malicious user before they rack up large bills or cause broader issues.
Call Authentication (STIR/SHAKEN)
As mentioned before, STIR/SHAKEN (which stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using Tokens) is the industry-standard framework for digital caller ID authentication.
It uses cryptographic certificates to sign outbound calls and allow verification of calling number legitimacy on the receiving end.
Make sure your upstream carrier or softswitch supports STIR/SHAKEN, and obtain the necessary credentials to sign calls on behalf of your users.
By signing your calls, you’re attesting that the caller ID is valid and not spoofed, which greatly improves the chances that calls will be delivered and trusted by call recipients. Likewise, verify incoming calls’ STIR/SHAKEN signatures when possible – this can help you identify spoofed calls and potentially block or label them.
STIR/SHAKEN has been mandated by the FCC for IP-based providers and is a key part of the fight against spoofing. Implementing it is both a compliance step and a smart fraud-prevention move.
Maintain DNO Lists and Registry Hygiene
Incorporate DNO filtering into your outbound call routing, and keep your DNO data up to date. “Registry hygiene” means regularly updating your lists of blocked numbers and ensuring they remain accurate.
New inbound-only numbers (e.g. a new bank hotline) should be added when discovered or when the legitimate owner requests it. Conversely, if a number on your DNO list becomes legitimately allocated or starts being used for outbound calls by its owner, remove it from the DNO to avoid false positives.
It’s wise to subscribe to or periodically pull updates from reputable DNO sources (such as industry DNO databases) so your information stays current.
Be Compliant and Keep Calls Secure with VoIP.ms
Many telecom providers offer tools to streamline everything mentioned above. VoIP.ms offers its resellers a complimentary Custom DNO Registry feature (accessible in the VoIP.ms portal) to help automatically block calls from known DNO numbers on their service.
Leveraging such resources can make compliance much easier. No matter the platform, ensure that DNO checks are integrated into your call flow; it’s an efficient way to catch obvious scam calls by their caller ID alone, before they become a problem.
But to ensure you’re starting your reseller business from a place of compliance and trust, get started with us today (for free!) and learn all about our Reseller Program!
