When you call to get your voice mail, even from your cell phone, it typically asks for a PIN. There's a reason for that -- there is no authentication on Caller ID, and anybody can forge it. So if you don't require a PIN, and the voice mail let you in directly, anybody could listen to your voice mail or hack it in other ways. (The phone companies could of course authenticate Caller ID within their own networks, but this must be harder than it sounds because they don't.) Some services don't bother with a PIN if they identify the caller ID because the odds of somebody trying to hack it are low. In some cases that's because the hacking party would need to know what services a person uses.

Setting caller ID is actually pretty useful. I have coded into my PBX to call my cell phone voice mail using the caller ID of my cell phone, so I have a speed dial on my desk phone that calls my Sprint voice mail. I do still have to enter the PIN.

So here's the idea. Get a bank of phone number, 10,000 of them, for voice mail dial-in. This can be a bank in some rural area code that still has entire exchanges free. Getting an entire exchange is not trivial but turns out to be not that expensive if you can justify it. Then let a user with a PIN put that PIN into the last 4 digits of the phone number. They would call that special number, and only that number, to pick up their voice mail (or use whatever service.) If somebody called other numbers in the block using their caller-ID, this would be a sign of an attack, and too many attempts would turn on a switch so that any call to any number in the block now requires some identification. (This is a minor DOS attack but not too bad of one if you can still remember a different ID code.)

This done you can put your magic, PIN-embedded number into your speed dial and just use that for instant access to voice mail or other services.

Of course the rural number will look like long distance, but that's no issue to your own phone company. Indeed, if you only want this for use by phone companies for internal calls, we could devote an entire virtual area code -- but you could not call these numbers from another phone. All companies could share the area code because it would not actually exist. (Of course, authenticating their own caller-ID is easier, this is just a kludge to do it with existing tools.)

A block in the 866/877/888 band of toll-free numbers would be nice too but these are harder to come by.