As a person who runs an email server, I have to jump through several different hoops to prove that the e-mail that I sent from my e-mail server comes from my e-mail server.
This isn't the case for phone calls. Any phone call originating from anywhere on the planet, from any network, from ... literally fucking anywhere can claim to have originated from any random phone number.
If I own the DNS name foobarr.com, and foobarr.com points to my IP address, 1.2.3.4, and my IP address 1.2.3.4 opens a connection to another SMTP server, and claims to be coming from the domain foobarr.com and the source IP address of the connection is 1.2.3.4, that still isn't fucking good enough. I need to do a cryptographic challenge (DKIM) that shows that it's the legitimate address. And SPF too, which I forgot how it works, but I need to pass SPF also.
With phone calls... the calling number just claims to be from 1-800-555-1234, and the carrier is like "ok cool, we'll send you right through" with ... no verification. At all. It just.... goes through.
The comparable situation with phones is that a home IP address with no DNS server attached to it connects to a random SMTP server and claims that its originating e-mail address is joe.biden@whitehouse.gov and the the SMTP server is simply expected to deliver the email. It is the dumbest of all possible systems.
This isn't the case for phone calls. Any phone call originating from anywhere on the planet, from any network, from ... literally fucking anywhere can claim to have originated from any random phone number.
If I own the DNS name foobarr.com, and foobarr.com points to my IP address, 1.2.3.4, and my IP address 1.2.3.4 opens a connection to another SMTP server, and claims to be coming from the domain foobarr.com and the source IP address of the connection is 1.2.3.4, that still isn't fucking good enough. I need to do a cryptographic challenge (DKIM) that shows that it's the legitimate address. And SPF too, which I forgot how it works, but I need to pass SPF also.
With phone calls... the calling number just claims to be from 1-800-555-1234, and the carrier is like "ok cool, we'll send you right through" with ... no verification. At all. It just.... goes through.
The comparable situation with phones is that a home IP address with no DNS server attached to it connects to a random SMTP server and claims that its originating e-mail address is joe.biden@whitehouse.gov and the the SMTP server is simply expected to deliver the email. It is the dumbest of all possible systems.