This is not rocket science, but the development, testing, and rollout can be a very complex set of changes.
The apparently “least difficult” technological solution would be to simply apply the same blacklist approach (where Ooma screens caller numbers against the list before sending it the Ooma device, aka “base station”). This would not require a change to any software or hardware on the Ooma Office device. It isn’t ideal, but it’s better than the volume of spam calls I am getting already, after less than two months of Ooma use, including the spammers spoofing non-existent phone numbers.
Alternatively, changing software (and potentially hardware and storage) on the Ooma Office device would enable and equip Ooma Office users to host either a (potentially additional) blocked caller list. This would be an onerous process requiring a massive testing effort and very careful roll-out implementation.
If Ooma can not provide the same blacklist to Ooma Office that is available on Ooma Telo, then simply provide users of Ooma Office to create our own caller blacklist (and a whitelist would also be nice), either on an Ooma Office “base station-specific” basis, or a “user-specific” basis.
Has Ooma explored whether or not this could be provided more easily where the router is between Ooma Office base station device and the modem, by using the LAN port on the Ooma Office base station device, thereby requiring less change on the Ooma Office base station? In such an architecture and implementation, an additional network device, maybe a 'black box" (opportunity to sell additional product!) could host some management functions (for example, tuning the connect speed per user to 1.5 mbps to maintain call quality and avoid dropped calls), and host a “base station-specific” or “user-specific” blocked caller dataset.