[MalcolmDiggs]

Phones calls, in a sense, are like email was before SPF records and DKIM: The honor system. If you say you're XYZ, the receiving unit is inclined to believe you.

So no, it's not the carrier's fault, and it's not something they can control.

Designing an authentication/verification system is non-trivial but not impossible. There's just little political-will to actually do it.

As a side note, this is why you should always set a passcode on your voicemail box. Many folks have their voicemail set to skip passcode-authentication when they're calling in from their own cell phone number. The problem is: if someone spoofs your number and calls into your voicemail box, they've got unfettered access.