I think one legit reason is (for example) someone calling from a business, or call center etc., and the recipient’s caller ID shows the main number instead of the caller’s direct number. This isn’t “spoofing” in the sense of hiding the caller’s identity but I imagine that technically, it might work the same way. If so, that’s a pretty big loophole for robocallers to exploit.
Perhaps that’s the way to close the loophole… the caller ID doesn’t have to be the actual, originating number, but it does have to belong to the caller. Sort of like a multidomain SSL. (I think.)
