I had the same problem. What helped me was I simply stopped answering any calls from numbers I didn't recognize. After a while, I stopped getting spam calls. My guess is after a while, these spammers eventually mark a number as defunct or unresponsive and stop calling. If someone I know is calling me and I don't answer, they can always text, email, etc me.
Interestingly, a while back, I got a call from a number that looked so familiar but I didn't recognize. I didn't answer but I couldn't get that number out of my mind. So I started looking through my contacts to see if it was someone I knew. Turns out, it was my own number. I couldn't believe it. These spammers were somehow spoofing my own number to call me.
"Spoofing" caller ID is a feature, not a bug or hack. Pretty much all VoIP providers let you send a callerID name/number [1]. If they don't, it's because they've done extra work to explicitly block it. If you're using Asterisk, for example, setting the number is a simple command [2] before you call the dial command, and is trivial to script.
CallerID name is more complex [3], as some providers will pass it along and some won't, and the termination provider (the one that receives the call) may or may not accept it. However, many VoIP providers have a way to register CNAM entries, this just also isn't totally reliable due to the way CNAM database sharing works [4].
Take away is: CallerID name and number are ENTIRELY unreliable as a means of identification or authentication. In fact, the only thing it's really useful for these days is that you get a call from a number in your contact list, it probably really is that person because it's unlikely that (a) by random chance the spammer choose a number that is in your contacts, and (b) has compromised your contact list and is using it to choose caller ID numbers.
> "Spoofing" caller ID is a feature, not a bug or hack
So was annonymous e-mail resenders and open proxies in a more genteel and dignified age.
Today, clearly the feature is being misused too much, so we need to shot it down. Make the CEO of any telecom company who forwards a spoofed call personally liabled for 100k in damages and that problem is solved. Some businesses may want a callback to go to their main-number, but frankly if somebody calls me I want a way to call them back.
I agree. I didn't mean to imply it's a GOOD feature, just that it's not an exploit of any kind.
The ability to set your outgoing number is very useful for a number of reasons, but only being able to do it from a list of numbers you've verified you have ownership of would go a long way. They could even do something similar to how SSL providers do domain verification.
Ah, I see. Unfortunately that's an aspect of the way the PBX is setup, and nothing to do with how caller ID works specifically. Most extensions don't have a DID (direct inward dial [1]) number, and unfortunately many inbound routing setups (especially for call centers) have no way -- or at list no advertised way -- to get to a spot where outside callers can dial an extension. For most PBX systems (eg, freepbx [2]) it's an option whether to allow direct extension dialing as part of the IVR.
Interestingly, a while back, I got a call from a number that looked so familiar but I didn't recognize. I didn't answer but I couldn't get that number out of my mind. So I started looking through my contacts to see if it was someone I knew. Turns out, it was my own number. I couldn't believe it. These spammers were somehow spoofing my own number to call me.