Conceptually, someone US-based should have to cryptographically sign, with their license to continue participating at stake, an assertion that the source phone number is real. People should be free to configure their devices or phone accounts (A) what countries to accept calls from and (B) whether to accept unverified calls whose numbers are presumably spoofed.
Note: i'm aware that SHAKEN/STIR or whatever exists and shares some of that idea, I'm just looking forward to full adoption of something so that I can make those choices described above.
Combine this next with ability to report numbers who spam (with the Apple/Google duopoly it should be trivially easy to put a "report spam" button in the call UI) and sanction providers (first financially and eventually with revocation of their credential to sign calls).
Maybe 30 years ago it would have been seen as too draconian to prevent someone from being able to call others anonymously but the Internet exists and provides ample avenues for those cliche use cases like "whistleblower needs to talk to journalists" so I'm 100% happy to have 'burdensome regulation' here if it stops scammers from ruining the phone as a usable channel for urgent information like "Your car is ready to pick up from the shop" or "Hi, you're the emergency contact for ____ and they are headed to the hospital."