There are substantial flaws in the way phone routing works that makes this difficult.
Caller ID is specified by the outgoing call and anybody who has control over a private branch exchange (PBX) can mess with it. (This is a "feature" so e.g. a support center can always have the same callback number as opposed to the number of the associate calling you.) I believe there is some limited ability to traverse the call routing, but that stops as soon as it hits a voice-over-IP (VoIP) provider, which effectively provide a screen akin to reputation hijacking (an attacker gets lost in the noise of a shared pool of resources).
(I assume most spam calls come from VoIP, though my spam expertise is limited to email.)
Happily, the US (as of 2021-06-30) and Canada (as of 2021-11-30) now require STIR/SHAKEN, "a suite of protocols and procedures intended to combat caller ID spoofing".
From the FCC's news release PDF:
FCC MANDATES THAT PHONE COMPANIES IMPLEMENT CALLER ID AUTHENTICATION TO COMBAT SPOOFED ROBOCALLS
Industry-wide Deployment of STIR/SHAKEN Will Yield Substantial Benefits for American Consumers
WASHINGTON, March 31, 2020—The Federal
Communications Commission today adopted new rules requiring
implementation of caller ID authentication using technical standards
known as “STIR/SHAKEN.” These rules will further the FCC’s efforts to
protect consumers against malicious caller ID “spoofing,” which is
often used during robocall scam campaigns to trick consumers into
answering their phones.
…
With strict limitations on Caller ID forgery, spammer blocklists become feasible.
This also hopefully gives more teeth to the US National Do Not Call Registry, forwarding spam texts to 7726 (which is still quite tedious), the 1991 Telephone Consumer Protection Act, and newer proposals.