Telcos have systems in place that are specifically to allow international phone calls to appear as if they're local calls. This is to "facilitate business".
They have these services and continue to offer them because they get paid for having them, despite the double decker bus sized hole this provides for scammers.
I agree 100% that there should be much tighter regulation on telcos.
What I'm not sure of is actually whether it's possible without having to rebuild a lot of their networks almost from scratch.
Phone numbers should just be deprecated and move towards a DNS like system.
Phone numbers have nothing to do with the spoofing problem. Hierarchical identifiers would have the exact same problem. The problem is that VOIP callers can set whatever phone number they want. Email is also vulnerable to spoofing.
The solution is to roll out signing for phone numbers. The owner of each phone number is known. It could even be published in DNS with ENUM. Most phone calls are from big companies like telcos and mobile providers. The VOIP callers would be harder to update, but could be restricted so can't spoof known numbers.
If going to roll out new identity system, easier to use existing phone numbers than make a whole new identifier system.
Afaik, VoIP is just the easiest onramp to spoofing numbers.
Anyone with BGP-equivalent access to the phone network can spoof numbers, even if they're coming from a landline. Might even be able to when you have a business landline terminated in a PBX.
i.e. the phone network backend is built on trust.
The older I get the more I realise how much of an anchor legacy systems are, so the more I appreciate forward planning in many contexts.
I like to do things in a modular fashion; sectioning off related parts.
I admin the phone system for my phone company, for any user I can change the outgoing CLI to be literally any number in the world, I can even call out as "1" if I want to.
Are there good reasons for having that kind of configurability?
Do you use it?
Our provider don't support toll free numbers - so we can dial out using ours even though it's not in the system. Also helpful when you're doing a migration from one platform to another