A little bit off topic but We need dmarc to prevent phone spoofing. STIR/SHAKEN should adopt the DMARC model from email. The legitimate holder of a phone number should be able to publish a policy declaring that any call claiming to originate from their number without A-level attestation must be blocked by the terminating carrier. Just as domain owners can instruct mail servers to reject unauthenticated email sent in their name, number holders should be able to instruct carriers to reject unauthenticated calls spoofing their numbers.

In my experience since phone scammers tend to scam a small subset of numbers like dell, facebook, Microsoft, the Internal Revenue Service, copying this could allow big companies to block a huge number of phishing calls requiring their numbers. Since many calls originate from authenticating carriers now we need to go to the next level and block fake calls.