As I understand it, there is no way to validate caller ID when it comes from another carrier. They're testing STIR/SHAKEN which supposedly fixed this, although I'm unclear on how long that will really take to roll out and actually be turned. I'm also unsure how well it will actually work, I haven't looked at how it will be implemented.