Implementing ECC recommendations 23/03 on CLI spoofing with Netaxis SRE and SBCaaS

Netaxis SRE and SBCaaS support telecoms service providers in implementing ECC recommendations for combating CLI spoofing.

Today, telecom service providers are increasingly required to implement spoofing and anti-fraud measures to combat the growing threat of CLI (Calling Line Identification) spoofing. Suspicious calls, once detected, are typically managed by anti-fraud teams. However, with the deployment of Netaxis’ Session Routing Engine (SRE) and Netaxis Session Border Controller as a Service (SBCaaS), multiple use cases can be implemented that enhance detection, block malicious traffic in real-time, and alleviate the burden on anti-fraud teams.

ECC (23)03 recommendations overview

The ECC Recommendation (23)03 mandates specific measures for handling incoming international voice calls with suspected spoofed national E.164 numbers. Key requirements include:

  1. Blocking Non-Compliant Calls: Operators must block international voice calls that do not adhere to ITU-T Recommendation E.157.
  2. Suppressing CLI for geographic numbers: For national geographic/fixed E.164 numbers, operators should preferably block these calls or at least suppress the CLI, except in justified cases.
  3. Handling mobile numbers: For national mobile E.164 numbers, operators should verify the roaming status of the user and either block or suppress the CLI unless justified exceptions apply.
  4. Ensuring Legitimate call handling: Measures should not hinder legitimate calls, including those using roaming or specific forwarding scenarios.

Learn more about the EC 23/03 recommendations. 

Netaxis SRE platform and SBCaaS Service

1. Session Routing Engine (SRE)

The SRE is a versatile and highly configurable platform that supports dynamic call routing and traffic management. Key features include:

  • Enabling Real-Time traffic analysis: SRE performs real-time analysis of incoming call traffic, identifying patterns indicative of CLI spoofing. It can access application servers to apply advanced algorithms to detect anomalies and suspicious activities.
  • Automated blocking: Based on predefined rules aligned with ECC (23)03, SRE can automatically block calls that do not comply with ITU-T Recommendation E.157 or exhibit spoofing characteristics.
  • Whitelist management: For justified exceptions, SRE can support secure whitelist management, ensuring legitimate calls are not blocked while preventing abuse by spoofers.

Netaxis SRE can interface with existing voice equipment and IT systems from the service provider to perform identity checks for both the calling and called parties. These operations can be executed using various protocols, including ENUM, HTTP API, and Diameter.


2. Netaxis Session Border Controller as a Service (SBCaaS)

SBCaaS provides critical network security and traffic management capabilities at the network’s edge. It integrates seamlessly with SRE to enhance spoofing and fraud prevention. Key functionalities include:

  • CLI validation: SBCaaS validates the CLI of incoming international calls, ensuring they adhere to national and international standards. Calls with invalid or spoofed CLI can be blocked or have their CLI suppressed in real-time.
  • Roaming checks: For national mobile numbers, SBCaaS can perform roaming status checks, ensuring calls are legitimate and not spoofed. This includes secure queries to home location registers (HLRs) or using a centralized roaming check proxy.
  • Policy enforcement: SBCaaS enforces ECC recommendations by applying strict call handling policies, including blocking or suppressing CLI based on call origin, destination, and compliance status.

Use Cases and Benefits

1. Real-Time malicious traffic blocking

By leveraging SRE and SBCaaS, telecom service providers can implement real-time blocking of calls identified or non-compliant with ECC (23)03. This proactive approach reduces the volume of suspicious calls reaching end-users and mitigates potential damage from phishing and other fraud schemes.

2. Enhanced detection and monitoring

SRE’s advanced traffic analysis and SBCaaS’s robust security features enable continuous monitoring of call traffic. This ensures early detection of spoofing attempts, allowing for quick intervention and reducing the load on anti-fraud teams.

3. Efficient exception management enablement

SRE’s whitelist management capabilities and SBCaaS’s policy enforcement capabilities ensure that legitimate calls, including those involving roaming users or special forwarding scenarios, are not mistakenly blocked. This balance maintains service quality while enhancing security.


Netaxis SRE and SBCaaS provide comprehensive solutions to support telecom service providers in implementing the ECC recommendations for combating CLI spoofing. These technologies enable real-time detection, blocking, and management of suspicious calls, thereby improving overall network security and reducing impacts on end-users. By integrating these solutions, telecom providers can enhance their anti-fraud measures, streamline operations, and maintain compliance with international standards.

Want to enhance your UC proposition?

More To Explore

Want to enhance your UC proposition?

Our teams can recommend the best-of-breed technology to complement your network and Netaxis services perfectly.