penalty is not really the problem
@AC: the penalty isn't really the problem, although it is a part. The central problem is twofold:
1. it's stupidly easy to spoof call-origin
2. the telcos have no incentive to "discipline" abusive callers. On the contrary, the telcos are happy for the huge call volumes to continue, as long as they can deny knowledge
So here's the solution (part of which I described in another post):
1. use the "automatic number identification" (800-service)
info to identify all calls
2. require all telcos to filter the Caller ID info supplied on their PBX trunks for "reasonableness". That is, the telco know what range of numbers is assigned to the trunk and a supplied number outside the range would be replaced by the main number for the trunk.
This won't solve the problem of international spam calls. But those do have non-trivial cost. All the one I have suffered (in the U.S.) seem to have been IP from "various Asian nations" that then enter the U.S. phone system at a local point. That is, they aren't "international phone calls" but "U.S. long distance calls" with a non-U.S. endpoint.
If we can do this then all the U.S.-based boiler rooms will go away, "Rachel" will retire to a beach somewhere, and international phone spam will have to contend with phone charges, and Caller ID.
I think this would be a good first step.