According to this doc: https://docs.fcc.gov/public/attachments/FCC-20-42A1.pdf, VOIP providers must implement STIR/SHAKEN by June 30, 2021. And furthermore, Comcast reports in this report that by the end of 2019, "virtually all calls...terminating with a Comcast residential subscriber are fully authenticated through the STIR/SHAKEN protocol".
We still get 3 or more ID-spoofed calls a day. Is STIR/SHAKEN actually implemented? Have the bad guys figured out a way around this technology? Why are we still getting these calls?