This could work - similar to what happens in some bluetooth pairing flows. But you could still send a text message with a phishing link under the same Sender ID and fool someone into opening it. You'd really need to know that the specific sender would never a) send you a link, or b) send you anything without the "two-way verification" flow you suggested. I don't think any of those options are realistic at a certain scale.