[walrus01]

The problem with fixing this is that, to extend your analogy, SS7 is like how SMTP worked in 1992 before anything like spf, dkim, dmarc, SSL/TLS. Adding extensions to it will break interoperability with the truly gargantuan installed base of old ss7 equipment around the world that nobody wants to pay to replace. It needs to be burnt to the ground and started over from first principles. But really, everything that we need can be implemented with pure VoIP.

I just don't answer my phone anymore unless I recognize the incoming number. And caller ID is trivially easy to spoof. Thankfully nobody spoofs any of the numbers of my top 50 contacts.

[Fjolsvith]

Last year, a spammer spoofed with my business phone number as their caller ID. Mid-day, I start getting phone calls from people yelling at me to stop calling them, stop harassing them. Every 2-3 minutes, someone new and angry. After about 3 hours I had figured out what had happened and got ahold of my carrier and had them change my phone number.

[utefan001]

I don't know enough about SS7 to understand if this is feasible, but it is clearly time for a call back based system. Millions of people signed up for the do not call registry. I am sure millions would sign up for a system where incoming calls trigger a call back. If your out bound call system doesn't support call back, don't worry because nobody wants to talk to anyone hiding behind the cloak of invisibility.

[walrus01]

Building a callback system doesn't fix ss7 and is a bandaid slapped on top.