Skip to content
Stopping Illegal Robocalls Where They Start

Robocall Radar #1

Published on: November 27, 2023.

ROBOCALL RADAR is updated periodically to reflect what we are seeing in our robocall surveillance platform. This page identifies some service providers and callers that we believe are contributing to the robocall scourge and gives constructive suggestions regarding what they might do to help mitigate the calls.

We are not attorneys and this is not legal advice. In some cases, even though certain calls might not be explicitly illegal, we will still suggest that they be discontinued out of respect for those that find them intrusive and annoying.

  1. General Recommendations
  2. Intermediate Signers vs. Proper Originating Provider Signatures
  3. Potential Fraud Calls
  4. Short and Silent Calls
  5. Lead Generation Calls
  6. Failure to Sign / Failure to Respond to Traceback
  7. Defective Shaken Signatures
  8. Relentless Calling to The Same Number

1. General Recommendations

Before diving into specifics, we have these general recommendations for all service providers:

  • In your Terms of Service and/or Acceptable Use Policy, make it clear that you have discretion to determine what sorts of call traffic you will reject, and reserve the right to modify that from time to time. Let customers know that you may discontinue service if you deem their traffic unacceptable. Do not enter into blanket confidentiality agreements; make clear that if their traffic is called into question, you will share their information with enforcers, regulators, called parties, service providers peers and others involved in robocall mitigation
  • If you accept “high volume” or “short duration” or “call center” traffic, do so only over SIP (VoIP) connections. Do not accept this traffic over legacy TDM connections which do not support STIR/SHAKEN. Do not encourage or allow others to evade the STIR/SHAKEN ecosystem.
  • If you are an originating service provider, obtain your own SHAKEN token and ensure that calls you originate are signed with your token (not that of some downstream provider). Work with your caller customers to enable the calls to be properly signed with A-level attestation.
  • If you are an intermediate service provider, insist that calls delivered to you are properly signed with the originator’s own token (or apply their signature for them). If you do accept unsigned traffic, understand and document for each call source why their traffic is not signed and the nature of that traffic. If it is high-volume traffic, find a way to get it signed with the originating provider’s token.
  • Do not do business with service providers that fail to respond to traceback requests.
  • Ask questions. Have an understanding with your call sources and your downstream providers that there will be no mysteries. If something looks strange or seems problematic, do not guess at the explanation; chase it down and figure it out.
  • Investigate issues quickly (within 48 hours) and take swift and deliberate action. If a customer is slow to respond, suspend their service until they confirm that issues are corrected. Avoid issuing repeated “warnings” to customers that repeatedly send bad traffic – cut them off.
  • Recognize that refusing to accept problematic traffic is going to cost you revenue. Accept that the revenue will likely go to some competitor until we get the traffic completely turned off. Realize that solving the robocall problem requires effort and sacrifice across the industry. Be part of the group that leads us to a better place.
  • If you think any of these suggestions (or those below) are unrealistic or could be improved, please let us know by emailing support at zipdx.com.

Service providers are welcome to contact us to discuss RRAPTOR findings. ZipDX offers free access to service providers so they can see examples of the calls they are signing. And we are happy to post a response or statement from a service provider regarding our findings if they email that to us.

RRAPTOR captures calls with hundreds of different signatures. These providers stand out as contributing to a higher volume of calls than others not listed.

2. Intermediate Signers vs. Proper Originating Provider Signatures

These INTERMEDIATE PROVIDERS appear to sign calls with their own signature even though they are not the originating provider. By signing for them, these intermediates are masking the identity of the originating providers and letting those providers evade accountability. It would be more helpful if the intermediates would insist that these calls are signed with the token of the originating provider.

Provider

Attestation

Bandwidth

These providers assign B-level attestation, implying that they have verified the identity of the calling party; tracebacks suggest otherwise

Peerless Network

Lumen / Centurylink / Level3

These providers assign C-level attestation, which is the appropriate level for an intermediate provider. But it would be more helpful if these providers insisted that the calls be signed with the signature of the originating provider.

Coztel LLC

Telcast Network

On Air Telecom

Brightlink

Return to top

3. Potential Fraud Calls

These providers are associated with calls that appear to be outright fraud. Caller-IDs from many different numbers. It would help if the providers would scrutinize their customers more carefully, monitor traffic for metrics indicative of problematic calling, and quickly disconnect customers sourcing fraud. Alternatively, if these providers are not responsible for the origination of the calls, they can ensure that the calls are signed with the originator’s SHAKEN token.

Provider

Recorded Calls

Bandwidth

25 Nov LISTEN 25 Nov LISTEN 24 Nov LISTEN All B-Attest

Go Voip Dialing LLC

22 Nov LISTEN (20+ similar recordings on this day)

Brightlink / NUSO

24 Nov A-Attest LISTEN 23 Nov LISTEN 22 Nov LISTEN

France Telecom LD USA

22 Nov LISTEN 21 Nov LISTEN

Lumen / Centurylink / Level3

 25 Nov LISTEN

Every1 Telecom

24 Nov A-Attest LISTEN

Peerless Network

24 Nov B-Attest LISTEN 21 Nov A-Attest LISTEN

Fusion Connect, Inc.

23 Nov B-Attest LISTEN

Global Net Holdings, Inc.

20 Nov LISTEN

T-Mobile USA, Inc.

24 Nov LISTEN 23 Nov LISTEN

Return to top

4. Short and Silent Calls

RRAPTOR captures a significant number of short and/or silent calls. Many are signed by the providers listed here. We suggest that providers insist in their ToS or AUP that callers not place these calls. If a caller reaches what they believe is voice-mail they should (1) identify themselves; (2) explain the purpose of the call; (3) invite a callback if the called party is interest; (4) not call that number again. It is rude and harassing to have volume callers hanging up if they do not like what they hear. Do not call numbers on Federal DNC list.



Signer

Over 7 Days Ending 26-Nov



Category / Description

Calls

Unique
ANIs

Unique
Called #s

Listed
on DNC

Examples
(Attest)

LiveVox

1090

676

473

1052

A A A A A

SHORT

AM Communication Labs

963

872

608

924

A A A

SHORT

Primo Dialler LLC

703

657

437

682

A A B B

SHORT

Convoso

654

593

320

625

A A A

SHORT

BCM One Cloud Communications

632

584

359

621

B B B

SHORT

Broadband Dynamics

620

375

224

610

A A A

SHORT

LiveVox

317

223

210

310

SILENT

AM Communication Labs

258

243

207

251

SILENT

Broadband Dynamics

129

112

38

129

SILENT

Primo Dialler

128

127

105

126

A B C

SILENT

On Air Telecom

125

123

108

125

SILENT

Rapid Eagle / VOIP Essential

118

111

83

114

SILENT

AllClear Connect

118

117

117

99

SILENT

Return to top

5. Lead Generation Calls

“Lead Generation Calls” are one of the most prolific general categories of unwanted calls. Most are prohibited by regulation unless the caller has consent from the called party. But we have not granted consent for ANY calls to RRAPTOR numbers. Many “consents” are at best out of date; at worst they are fabricated. We suggest that providers accepting these calls insist that lead generators (1) use a consistent caller-ID (ANI) for a given category of calls; (2) always announce the name of their organization and a callback number that will reach a responsible human; (3) leave a coherent message rather than hanging up; (4) not place more than one call to a given number. Some calls target business owners; no RRAPTOR numbers are assigned to a business. No calls should be placed to numbers on the Federal Do Not Call list.



Signer

Over 7 Days Ending 26-Nov



Category / Description

Calls

Unique
ANIs

Unique
Called #s

Listed
on DNC

Examples
(Attest)

Primo Dialler LLC

617

560

340

600

Medicare-Cashback

Primo Dialler LLC

122

122

99

118

Medicare

Contact Center Specialists

59

58

54

56

Medicare

Convoso

49

46

34

46

Medicare

FIVE9

33

30

28

32

Medicare

Cloud Connect LLC

285

245

181

258

Google Business Listing

Etelix.com USA LLC

111

105

59

108

Google Business Listing

Go Voip Dialing LLC

241

241

195

232

Back Tax

AM Communication Labs

60

60

57

59

Property

Net Speak Pro LLC

57

34

31

53

Debt (preapproval)

Etilix.com USA LLC

21

21

21

20

Debt (hardship)

Go Voip Dialing LLC

91

91

89

88

Economic Impact

Primo Dialler LLC

30

30

18

26

Auto Accident

Primo Dialler LLC

51

51

29

51

Medicare – HC Benefit

Meta-Lynk LLC

25

25

25

25

Medicare

Twilio

40

23

20

37

Property

Coztel

23

23

23

23

Health Care Benefit

Return to top

6. Failure to Sign / Failure to Respond to Traceback

Based on tracebacks we initiated in October and November, it appears that the providers listed here either failed to sign calls they originated, and/or failed to respond to traceback requests. Since traceback and STIR/SHAKEN signatures are key elements in the fight against robocalls, we ask that all providers comply. We also ask providers downstream from those not signing or not responding insist that their upstreams come into compliance; otherwise, we suggest that those downstreams cease accepting their traffic.

Provider

Failure

Downstream

Intellect Communications (Hong Kong)

No Response to Traceback

OMANTEL

Perfect Pitch Technology (Lehi, UT)

Failure to Sign

CCI Network Services; TouchTone

CallWin LLC (Sheridan, WY)

Failure to Sign

The Telecom Solution

Qemert Pro Technology (Dominican Republic)

Failure to Sign

1 Call Connect

Arc Solutions (Pakistan)

No Response to Traceback

UHK Networks LLC

Emmzee Communications (Pakistan)

Failure to Sign

Bravo Lines LLC

The Telecom Solution (Las Vegas, NV)

Failure to Sign

Tech Bizz Solutions (Lewes, DE)

Failure to Sign

On Air Telecom

ICOE, LLC (Las Vegas, NV)

Failure to Sign

Peerless

Return to top

7. Defective SHAKEN Signatures

Proper STIR/SHAKEN signatures must adhere to a set of technical standards. Calls captured by RRAPTOR (as of 27-Nov 2023) indicate that these providers are not following the standards when signing their calls. We ask that these providers promptly investigate and correct these issues or let us know if they find our analysis to be in error.

Provider

Nature of Failure

Go Voip Dialing LLC

FROM field in signature does not match FROM calling number in SIP header.

Every1 Telecom

Verification fails, perhaps due to private/public key mismatch.

Perfect Network LLC

On majority of calls, TO field in signature has a superfluous prefix (e.g, 101# or 5150 or 7125).

Voxox / Telcentris

Certificate expired on 2023-11-16.

FastCast Networks

FROM field in most signatures lacks the required “1” initial digit.

Go2Uno LLC

FROM field in most signatures lacks the required “1” initial digit.

Fusion Connect, Inc.

FROM field in most signatures lacks the required “1” initial digit.

AcmeTelecom / ACMETEL

Certificate is self-signed. Acme does not appear on the iconectiv list of approved SHAKEN token-holders.

Return to top

8. Relentless Calling to The Same Number

When calling a number assigned to a wireless carrier, or listed on the Federal Do Not Call list, the caller typically needs consent from the subscriber. Often these consents are out-of-date or erroneous or fraudulent. That’s bad enough. But when they call over and over again, it is especially frustrating for the call recipient. Even worse is when the calls come from many different Caller-IDs.

In the fall of 2022, RRAPTOR was receiving one or two THOUSAND calls every week that we understood to be coming from Digital Media Solutions (aka DMS Group), a big lead generator. We ended up in a months-long dialog with their attorney and the call volume dropped over time, but RRAPTOR still captures on the order of 100 calls a week that appear to come from DMS. (The caller uses DBA names that have previously been associated with DMS.)

You can read some of our previous back-and-forth with DMS via these links:

Despite this extended dialogue, it appears that DMS can’t bring themselves to completely stop placing calls to DNC-listed numbers for which they do not have proper consent. Below is a summary of recent calls claiming to be from “Medicare Rewards” – a DMS DBA.

If nothing else, I wish DMS would make no more than three call attempts to a given number before giving up. And while I wish that they would use the same Caller-ID for ALL calls associated with a particular DBA, they should at least use a consistent Caller-ID when calling the same number repeatedly.

Called #

# of Calls

Unique
Caller-IDS

Elapsed
Days

Most
Recent

Audio Examples

830XXXYYYY

78

25

91

2023-12-01

713XXXYYYY

20

9

19

2023-12-03

713XXXYYYY

14

11

8

2023-11-29

Convoso is apparently another relentless caller. Many of Convoso’s calls are very short; often they just say “How are you” or “Good morning; am I speaking with [some name]?” But Convoso signs their calls (almost always with A-attestation) so we can be reasonably certain they are involved in the calls. RRAPTOR has been receiving about 3,000 Convoso-signed calls monthly all year; over 6,000 in November. Like DMS, Convoso calls some numbers over and over and over. As a first priority, my ask of Convoso is the same that I suggested for DMS above.

Called #

# of Calls

Unique
Caller-IDS

Elapsed
Days

Most
Recent

Audio Examples

318XXXYYYY

358

141

92

2023-12-02

856XXXYYYY

140

30

25

2023-12-01

651XXXYYYY

119

15

64

2023-12-01

417XXXYYYY

105

15

63

2023-11-30

561XXXYYYY

96

42

26

2023-12-02

804XXXYYYY

93

25

29

2023-12-01

765XXXYYYY

93

66

92

2023-12-02

651XXXYYYY

78

32

87

2023-12-02

Return to top