It can be very easy, depending on your comfort with breaking existing systems. Disable all inbound international calling and you no longer have a problem. That would remove 99% of spam and would have zero negative impact to 99% of individuals who receive calls.
Of course, businesses with a lot of money care about use cases in that last 1%.
A carrier could probably do that, individuals could not. The challenge is that caller ID is generally kinda like your email display name: It doesn't mean anything. The important part, which STIR/SHAKEN is adding verification requirements to, is what telcos are actually involved in the exchange.
I'd love a setting I could flip to disable inbound voice calls from any carrier that isn't like... Verizon, AT&T, T-Mobile, and Comcast.
Can't they implement DKIM, SPF etc. like system? Not aware of technical reality of Telcos but international number spoofing should be easily solvable as billing is done through the origin location
It's still in the early days of even deploying signing. Telcos are dragging their feet asking for exemptions and delays. Once virtually all calls are signed, then there has to be agreement on when to block unsigned traffic, and finally whack a mole with banning spammers and KYC to keep them banned.
Yes, that's exactly what STIR/SHAKEN does - in theory. In practice, like most complex systems, mandating a change like this requires software and hardware upgrades and compatibility testing, all of which takes time. The FCC tracks >10k telcos and providers. Last time I checked, only a quarter of the companies had fully implemented STIR/SHAKEN since the deadline and the FCC has recently started enforcement action on telcos that have ignored it. There is some evidence it has reduced spoofed calls, but just like email, the scammers have also moved to adapt their techniques.
However, just like email spam, stopping spoofed calls is harder in practice than in theory.