Do Not Originate (DNO)
Do Not Originate — DNO — is a default-deny mechanism on calling-number provenance. The premise is that some telephone numbers should never appear as the calling party on an outbound call, and any call that does claim to originate from such a number is therefore illegitimate by construction and should be blocked — ideally at origination, with downstream checks as a backstop. The mechanism is operational rather than cryptographic — it does not authenticate the call, it disqualifies it on the basis of who the calling number purports to be.
DNO is distinct from caller-ID authentication (STIR/SHAKEN), which signs calls cryptographically to attest to the originating provider’s authority over the number. DNO is also distinct from analytics-based blocking, which uses behavioral signals (call patterns, complaint volume, traffic anomalies) to identify likely-illegal traffic. Where authentication asks “can the originator prove this number is theirs?” and analytics asks “does this call look unwanted?”, DNO asks the simpler upstream question: can this number originate calls at all? For a meaningful share of the spoofing problem — particularly impersonation of well-known inbound-only numbers — that simpler question is sufficient.
The two-tier model
DNO eligibility falls into two structurally distinct tiers:
Tier 1 — Numbers that cannot originate. A number that has not been assigned to any subscriber, or is not validly formatted, cannot legitimately be the source of any call. The ineligibility is a property of the numbering plan itself, knowable from authoritative administration data without any subscriber declaration. Three categories live here:
- Invalid — numbers that violate the North American Numbering Plan format (impossible area codes, reserved blocks, malformed digit sequences). No legitimate caller could ever have been issued such a number.
- Unallocated — numbers that have not been assigned to any service provider. The assignment data lives in the NANP administration system for local numbers and in the Toll-Free Number Registry for toll-free numbers. A call claiming to originate from an unassigned number is necessarily spoofed.
- Unassigned — numbers within an allocated block that have not yet been placed in active service for any subscriber. The block has been allocated to a service provider, but the specific number does not correspond to a live endpoint.
Tier 2 — Numbers that can originate but the holder has declared they won’t. A validly assigned, in-service telephone number can legitimately originate calls, but the entity that holds the number may have operational reasons to declare it inbound-only:
- A government agency main line that exists for the public to call in but is never used to call out (the IRS taxpayer assistance line is the canonical example, and was the principal motivating case in the 2016–2017 Robocall Strike Force discussions).
- A financial institution customer-service number, hospital reception line, or fraud-reporting hotline maintained by a brand specifically to handle inbound contact.
- An enterprise number reserved for inbound marketing response that the holder wants protected from spoofing.
Tier 2 inclusion requires explicit declaration by the entity that holds the number — a Resp Org for a toll-free number, a SPID owner for a local number, or the subscriber directly through their service provider. Without that declaration, no third party knows the number is inbound-only, and the database administrator cannot infer it.
The two tiers compose: a comprehensive DNO list draws from numbering-plan administration data for Tier 1 and from explicit declarations for Tier 2.
Categories of inclusion
The following enumerates the categories that compose Tier 1 and Tier 2, with the source of truth and the maintenance pattern for each.
Tier 1 categories (structural)
Invalid numbers. Numbers that fail North American Numbering Plan syntactic validation. Source of truth: the NANP itself, as administered by NANPA. These numbers are static (the NANP format rules do not change frequently) and inclusion is automatic.
Unallocated local numbers. Numbers within valid NANP format that have not been assigned to any service provider for local exchange. Source of truth: NANP allocation data combined with NPAC port-history data. NANPA tracks which NPA-NXX ranges have been assigned to which providers; NPAC tracks subsequent ports. The combined view yields a complete picture of which ten-digit local numbers are currently allocated. Maintenance is continuous — new allocations and ports happen daily, and the DNO list must reflect the current state.
Unallocated toll-free numbers. Toll-free numbers (8XX) that have not been assigned to a Resp Org through the Toll-Free Number Registry. Source of truth: TFNRegistry. The registry has authoritative knowledge of every toll-free assignment and its status; numbers not present in the registry’s assigned set are unallocated by definition. For text specifically, the TSSRegistry (text-enablement registry for toll-free) provides the parallel authority — a toll-free number not text-enabled in the TSSRegistry is by definition not a legitimate origin for SMS traffic.
Allocated but unassigned. Numbers that have been assigned to a service provider or Resp Org but not yet placed into active service for an end-subscriber. Source of truth: provider records, with some visibility in NPAC for ported-but-unassigned numbers. This category is more difficult to maintain at scale than the others because the in-service / not-yet-in-service distinction is internal to each provider; aggregated visibility depends on provider participation in shared registries.
Tier 2 category (declaration)
Subscriber-requested DNO. Numbers for which the assigned subscriber, Resp Org, or SPID owner has declared inbound-only operation and requested that outbound traffic from the number be blocked. Source of truth: the declarations themselves, as collected by whichever registry the declaration was made to.
The declaration carries operational obligations on the declarant. The ITG Policies and Procedures (Appendix B, “Do Not Originate Policy”) specifies that the ITG re-confirms each declaration in writing with the holder no less than twice per year; absent re-confirmation, the declaration is removed. The principle is that an inbound-only assertion should not persist unverified — a number’s operational role can change, and a stale declaration could block legitimate outbound traffic if the holder later begins originating calls from the line.
List sources and composition
There is no single canonical DNO list. Multiple sources maintain authoritative views over different subsets, and providers typically consume from one or more of them:
ITG DNO Registry. Maintained by USTelecom’s Industry Traceback Group since 2017. Scope: Tier 2 only — government and private entity numbers for which the holder has formally requested DNO treatment. The ITG explicitly excludes Tier 1 (invalid, unallocated, unassigned) on the reasoning that those categories are better sourced from numbering-plan administration data. Approximate size: under two thousand numbers, all manually vetted and twice-yearly re-confirmed. Distributed to ITG Steering Committee Members and, at the ITG’s discretion, to analytics providers. The FCC has explicitly indicated that the ITG Registry is a “reasonable” DNO list under § 64.1200(o).
Somos RealNumber DNO. A composite dataset combining authoritative numbering-plan administration data (NANP, NPAC, TFNRegistry, TSSRegistry, all of which Somos administers) with manual subscriber declarations and the ITG Registry data. Scope: both tiers, comprehensively. Somos publishes the following composition:
- Approximately six billion 10-digit local numbers identified as DNO for voice (Tier 1: unallocated and unassigned, derived from NANP+NPAC).
- Approximately twenty-eight million toll-free numbers identified as DNO for voice (Tier 1: not assigned in the TFNRegistry).
- Approximately thirty-five million toll-free numbers identified as DNO for text (Tier 1: not text-enabled in the TSSRegistry).
- Over three million numbers manually entered as inbound-only by Resp Orgs and SPID owners (Tier 2).
- The ITG Registry numbers (Tier 2, vetted and re-confirmed under ITG procedures).
Distribution: real-time API and flat-file bulk download. The FCC has likewise treated RealNumber DNO as a reasonable list for compliance.
Provider-internal lists. Some carriers maintain proprietary DNO lists composed of their own customers’ inbound-only declarations, network-specific knowledge of unassigned number inventory, and known-bad numbers identified through their own fraud operations. Provider-internal lists are typically scoped to that provider’s traffic and are not distributed externally. They may compose with one or both of the external lists above.
Maintenance and lifecycle
A DNO list is a living dataset. Numbers enter, exit, and have their status re-evaluated continuously:
Tier 1 maintenance is driven by changes in numbering-plan administration. A number transitions from unallocated to allocated when NANPA assigns the NPA-NXX block to a service provider; from allocated to in-use when the provider activates the number for a subscriber. Each transition removes the number from DNO eligibility. Conversely, a number returning to unassigned status (release back to the administrator) re-enters Tier 1. Authoritative-source-derived lists update on the same cadence as the underlying registry data.
Tier 2 maintenance is driven by declarations and their lifecycle. Adding a number requires the holder to submit a request through the relevant registry (ITG for the ITG Registry; Somos for RealNumber manual entries). Removing a number can happen through holder withdrawal, failed re-confirmation, or a determination by the registry that the number’s operational role has changed. The ITG re-confirmation cadence (twice yearly minimum) is a typical baseline.
Distribution cadence varies by list and by consumer. Real-time API consumption keeps the consumer’s view perfectly current; flat-file bulk download captures a snapshot and stales between refreshes. The FCC’s “reasonable” standard is interpreted to require lists that are “continuously updated” to remain compliant — providers using stale lists risk having their DNO program deemed unreasonable.
Operational application
By name and design, DNO is fundamentally an origination-side obligation. Under 47 CFR § 64.1200(o), originating voice service providers must not place a call onto the network from a number that appears on a reasonable DNO list — the construct’s literal name (Do Not Originate) embeds the obligation in the name itself. For an originating provider operating with proper customer validation and number-assignment hygiene, DNO violations at origination should not be possible: the provider knows which numbers within its own allocations are actually assigned to which subscribers (the basis for Tier 1 enforcement), and it knows which of its customers have declared their numbers inbound-only (the basis for Tier 2). A call attempt from a DNO-listed number is, by definition, illegitimate from inception, and an originating provider doing its job should never emit one.
When an originating provider does detect DNO-listed calls being attempted from its own network, the detection itself is a signal of operational failure — a compromised customer credential, a misconfigured PBX, a provisioning gap, or willful complicity in spoofing — and should trigger root-cause investigation, not merely blocking of the call. A provider whose customer-validation, number-provisioning, and authentication stacks are working as intended should encounter zero DNO matches at origination over time; persistent matches indicate that something upstream of the DNO check is broken and warrants attention regardless of whether the call was successfully blocked.
Downstream providers — intermediate, gateway, and terminating — are nonetheless required by 47 CFR § 64.1200(o) to perform a DNO check on the calling number as a backstop. The backstop matters in two cases. First, not every originating provider is a U.S. provider subject to FCC authority — foreign-originated traffic enters the U.S. network via gateway providers, which act as the proxy origination point for regulatory purposes. Second, not every U.S. originator complies in good faith with the obligation. Downstream DNO checks ensure that a call that should never have been originated in the first place is dropped before it reaches the consumer.
The check itself is conceptually identical at every position in the call path. The provider performs a lookup of the calling-party number against the DNO list it consumes; a match results in the call being blocked. Only the consequences of “match” differ by position: at origination, the provider is preventing its own emission of an illegitimate call; downstream, the provider is rejecting a call that an upstream provider should not have emitted.
┌────────────────────────────────────────────┐
│ Sources: │
│ Tier 1: invalid, unallocated, unassigned │
│ Tier 2: subscriber-requested │
└──────────────────┬─────────────────────────┘
│ distribute (API or bulk)
▼
┌────────────────────────┐
│ DNO Check │
INVITE ────────► │ (Calling TN lookup │
│ in DNO list) │
└─────┬──────────┬───────┘
│ match │ no match
▼ ▼
┌────────────┐ ┌─────────────────┐
│ Block: │ │ Continue normal │
│ reject │ │ call processing │
│ at entry │ │ │
└────────────┘ └─────────────────┘
The blocking action itself is unspecified at the protocol level for DNO. A provider blocking a call on DNO grounds may reject the SIP INVITE with a 4xx or 6xx response, drop the call silently, or apply other treatment. The SIP 603+ notification code (ATIS-1000099, established by the Eighth R&O as the exclusive notification code for analytics-based blocking on IP networks) does not apply to DNO blocking — the originator of a call from an invalid or unassigned number is, by definition, not a legitimate originator entitled to structured feedback.
The lookup itself is a simple set-membership query. With Tier 1 numbers dominating the dataset by volume (six billion local numbers vs. millions in Tier 2), efficient lookup structures (Bloom filters, prefix tries on NPA-NXX-XXXX, or sharded hash tables) are the typical implementation pattern, but the data structure is left to the implementer.
Regulatory framework
DNO blocking is codified at 47 CFR § 64.1200(o), which mandates that all U.S. voice service providers in the call path block calls based on a “reasonable” DNO list. The rule was adopted in the FCC’s Eighth Report and Order (FCC 25-15, March 2025) and became effective December 15, 2025.
The regulatory definition of a “reasonable” DNO list aligns directly with the two-tier model: the rule names four categories of eligible numbers — invalid, unallocated, unassigned, and subscriber-requested. The first three correspond to Tier 1; the fourth to Tier 2.
A parallel rule for text messaging exists at 47 CFR § 64.1200(p), (q), and (r), requiring mobile wireless providers to block texts based on a reasonable DNO list. The text rule was adopted in April 2023 and became effective May 11, 2023, predating the voice mandate by over two years.
The current regulatory posture is the result of a multi-year escalation:
- 2017 — DNO emerges from the FCC’s Robocall Strike Force as a USTelecom-led ITG initiative. Implementation by ITG members is voluntary.
- November 2017 — Initial Strike Force Report formally documents the DNO concept and the ITG’s role.
- 2019 — The FCC begins permitting (but not requiring) voice service providers to block calls based on a reasonable DNO list.
- May 2022 — The FCC requires gateway providers (the U.S. point of entry for foreign-originated traffic) to block on a reasonable DNO list. The first mandatory DNO blocking obligation.
- April 2023 — The FCC extends the requirement to mobile wireless providers for text messages (rules (p)/(q)/(r)).
- March 2025 — The Eighth Report and Order (FCC 25-15) extends the requirement to all U.S. voice service providers in the call path, codified at § 64.1200(o).
- December 15, 2025 — The § 64.1200(o) requirement becomes effective. Forfeiture exposure under the FCC’s robocall mitigation enforcement framework attaches.
The FCC has consistently declined to specify a particular technical format, distribution protocol, or canonical list — the regulatory framework defines categories of eligible numbers and the obligation to block, but leaves implementation to industry. The “reasonable” standard substitutes for prescriptive specification: a list narrow enough to omit obvious categories may be deemed unreasonable, but multiple list sources and multiple distribution methods are equally acceptable under the rule.
Distinctions worth knowing
Understanding what DNO is also requires understanding what it is not. Several adjacent mechanisms are sometimes conflated with DNO and are worth disentangling:
DNO vs. analytics-based blocking. Analytics blocking uses behavioral and traffic-pattern signals to identify probably-unwanted calls. Decisions are probabilistic and revocable on consumer feedback. DNO decisions are categorical and based on number provenance — a number is either eligible for DNO inclusion or it is not. The two mechanisms operate on different signals and are typically deployed together. The FCC’s blocking-notification rule (§ 64.1200(k), SIP 603+ at ATIS-1000099) applies to analytics blocking specifically, not DNO.
DNO vs. STIR/SHAKEN. STIR/SHAKEN authenticates calls cryptographically — the originating provider attests via a signed PASSporT that it has authority over the calling number. DNO operates on the orthogonal question of whether the calling number is one that should ever originate calls in the first place. A signed call from a DNO-listed number can still be blocked on DNO grounds; the signature does not override the DNO determination, because the provider claiming authority over an unassigned number is itself signaling a problem.
DNO vs. Robocall Mitigation Database. The RMD is a regulatory filing regime under which voice service providers register their robocall mitigation practices. DNO blocking is one of the practices a provider would typically describe in its RMD certification. The two compose: DNO is an operational mechanism, the RMD is a compliance artifact in which the provider describes (among other things) how it implements DNO.
DNO vs. caller-ID display labeling. Display labeling (rendering a caller as “Spam Likely” or “Scam Likely”) is a presentation-layer treatment, not a blocking action. DNO is a blocking action upstream of any display.
Where this fits
DNO sits in the operational layer of the broader robocall trust framework. It composes with:
- The regulatory framework that mandates it (§ 64.1200(o), the Eighth R&O, the parallel text rules) and the current rulemaking that continues to refine the obligation.
- The compliance artifact that documents its implementation: every voice service provider’s RMD filing typically includes the provider’s DNO program as one of several robocall-mitigation practices.
- The caller-ID authentication framework (STIR/SHAKEN) that addresses the orthogonal question of whether a non-DNO-listed number is being legitimately asserted by an authorized originator.
The mechanism’s enduring relevance stems from the asymmetry it exploits: identifying the small set of numbers that should never originate calls is operationally tractable, while the corresponding question of which numbers should be allowed to originate is combinatorially impossible. DNO does not solve robocalling — no single mechanism does — but it removes a meaningful share of the problem cleanly, at low operational cost, and as far upstream in the call path as enforcement allows.