Why do you assume that SMS messages come only from phones having an IMEI? Not only IMEI can be changed at will and is not connected to the phone number, you can send messages from a service which has legitimate reason to send the message as you. That's possible by design.

It's not that I believe that perfect security isn't possible. I believe that this issue cannot be fixed in any reasonable way without redoing most of how the current system works. I did some telephony-related work and I don't see any way this kind of limitation can be put on top of our current networks (both regarding sms and phone number spoofing).

I'd imagine that most users only send SMS messages from their phones, not third party services.

If the default was that users couldn't send from other services/devices, then that majority of users wouldn't be vulnerable to the spoofing, and those who opt-in to allow third-party sending would at least be aware somewhat of the implications.

Unless I misunderstand the underlying technology?

Companies would have to create a central authority saying what source numbers are allowed to be used in what way. Everyone would have to check this database before sending the message from their direct customer. Everyone would have to keep it up to date. Procedures for handing over control and allowing third-party modifications would have to be created. And when I say everyone, I mean every single provider in the world, not just ones in your country - there's nothing preventing people from Germany from sending "from number" +1.....

And there's still an issue of how to authorise the third parties. If some bank says multiple sources can use its number for sending messages, how do you identify them?

Still - it would take only a single provider ignoring this to break the whole scheme. It's a bit similar to spam really.

It would be much more realistic to implement a signing scheme. There are only a few mobile service providers, each of which would need a master certificate, which could be distributed.