I would really love to hear a telecom engineer explain why the true origin info isn't accessible to the called person. A telephone call is a two-way connection -- the path in both directions must be known otherwise you won't have a two-way conversation.
A telephone call is not email or an old-fashioned letter. Both of those are one-way communications, so if the intermediaries don't carefully track the email or letter as it progresses through the pipeline, you have spoofed email or untraceable letters.
But at the lowest level of the telephony protocol, the true and correct path to the originating caller has to exist. Otherwise your voice won't travel to the other person. I'm curious to know why that really deep reverse route has never been made available to public (as an API or a purchasable feature or in any other form).
[1] https://en.wikipedia.org/wiki/Automatic_number_identificatio...
Telephone isn't really like IP routing. If D wants to call P, the connection might get set up like this:
D -> K -> H -> V -> P
See what happens is D sends a message called "Call Request". This creates a channel id (D,C1) between D->K. K will then create it's own "Call Request" with it's own channel id (H,C2) which tells H to bill K for this call. Only K will know both the channels C1 and C2 and will bridge them internally. When H makes a "Call Request" to V, it has it's own billing arrangement with V and they agree to simply count calls, so H doesn't actually forward anything except the channel id (nil,C3). V gets away with this because the wire is clearly marked with "K TELEPHONE INC". Eventually P gets an "Incoming Call" message with it's channel id (P,C4), and can accept the call or reject it. If he accepts it, then each party will send "Accept Call" messages back down the chain.
These channel ids are used to actually carry the phone call (or data packets, or whatever).
"Caller ID" isn't the "source of the message", just some data transmitted along with the ringing sound, and as you can see the circuit doesn't have a globally unique identifier. If someone doesn't transmit who to bill, then nobody will get billed for that call (and maybe nobody will be!) but V doesn't want to send bills for this call all over the country so V only sends bills to a few carriers and its own customers.
All the bills have the "correct calling numbers on them" because of some extra billing data that's included in the call. This billing data might be omitted (the bill says "NUMBER BLOCKED"), and it clearly isn't required to establish the call. People can ask their phone company to ignore calls that have a blocked number.
Phone companies used to trust each other not to spoof this information, and now that calls from certain numbers aren't usually billed differently than from any other numbers, this doesn't cause a problem with billing -- only with people who seek to use "making a call from" an authentication method.
The companies could enforce the side channel info as the actual call origin, but they don't want to. Just like snail-mail spammers they're paying more money than residential customers will pay to require that info.
It's broken because it serves the purposes of the phone companies to keep it that way. This is what you get by detaching profit from ethics.
I'd settle for my phone company dropping calls with spoofed caller ID - like 0, my own number, foreign calls with local numbers, local numbers that don't even terminate, etc..
Indeed I think origin should be legally required even if it's "K phone network" - I don't mind blocking all calls via companies that service spammers.
The telco has some connection to a customer site which carries signaling data and N concurrent voice channels. A potentially large block of numbers are routed down that link by the telco. When he customer makes an outgoing call it sends whatever it wants (or nothing) as CID.
A national franchise with 1,000 stores serviced by 30 different small town telecoms might all send the national HQ number as caller ID, even though the calls do not jump through the national HQ first.
There is no will among the various telecoms to build and integrate a whitelist system that interoperates, so they leave it wide open.
You can't just find out who a phone number belongs to, and phone numbers do not have to ring to anyone on the other side to be valid outgoing CID numbers. It's unclear how such a whitelist system would help anyone, anyway.
This is by design and used in many cases. Call forwarding, for instance. Or even just the basic case of using multiple providers to route outbound calls. Some might be cheaper than others, so you need to select on a call by call basis. Also, think of international calls. How is Idaho Telco XYZ supposed to be able to verify that this call from Zambia really belongs to ZambiaCom XYZ? And vice versa.
Also note that there's simply no requirement to even having a number. You could just be placing outbound calls (like SkypeOut). Or no one to one mapping: an office sharing one number for outbound calls, or a single telemarketer changing numbers call by call as they dial for different customers.
Call forwarding is fine as long as the spoofed number is also associated with the caller. But anyone that lets people call using a number that's not theirs at all should be booted off.