Robocall Radar #1
Published on: November 27, 2023.
ROBOCALL RADAR is updated periodically to reflect what we are seeing in our robocall surveillance platform. This page identifies some service providers and callers that we believe are contributing to the robocall scourge and gives constructive suggestions regarding what they might do to help mitigate the calls.
We are not attorneys and this is not legal advice. In some cases, even though certain calls might not be explicitly illegal, we will still suggest that they be discontinued out of respect for those that find them intrusive and annoying.
- General Recommendations
- Intermediate Signers vs. Proper Originating Provider Signatures
- Potential Fraud Calls
- Short and Silent Calls
- Lead Generation Calls
- Failure to Sign / Failure to Respond to Traceback
- Defective Shaken Signatures
- Relentless Calling to The Same Number
1. General Recommendations
Before diving into specifics, we have these general recommendations for all service providers:
- In your Terms of Service and/or Acceptable Use Policy, make it clear that you have discretion to determine what sorts of call traffic you will reject, and reserve the right to modify that from time to time. Let customers know that you may discontinue service if you deem their traffic unacceptable. Do not enter into blanket confidentiality agreements; make clear that if their traffic is called into question, you will share their information with enforcers, regulators, called parties, service providers peers and others involved in robocall mitigation
- If you accept “high volume” or “short duration” or “call center” traffic, do so only over SIP (VoIP) connections. Do not accept this traffic over legacy TDM connections which do not support STIR/SHAKEN. Do not encourage or allow others to evade the STIR/SHAKEN ecosystem.
- If you are an originating service provider, obtain your own SHAKEN token and ensure that calls you originate are signed with your token (not that of some downstream provider). Work with your caller customers to enable the calls to be properly signed with A-level attestation.
- If you are an intermediate service provider, insist that calls delivered to you are properly signed with the originator’s own token (or apply their signature for them). If you do accept unsigned traffic, understand and document for each call source why their traffic is not signed and the nature of that traffic. If it is high-volume traffic, find a way to get it signed with the originating provider’s token.
- Do not do business with service providers that fail to respond to traceback requests.
- Ask questions. Have an understanding with your call sources and your downstream providers that there will be no mysteries. If something looks strange or seems problematic, do not guess at the explanation; chase it down and figure it out.
- Investigate issues quickly (within 48 hours) and take swift and deliberate action. If a customer is slow to respond, suspend their service until they confirm that issues are corrected. Avoid issuing repeated “warnings” to customers that repeatedly send bad traffic – cut them off.
- Recognize that refusing to accept problematic traffic is going to cost you revenue. Accept that the revenue will likely go to some competitor until we get the traffic completely turned off. Realize that solving the robocall problem requires effort and sacrifice across the industry. Be part of the group that leads us to a better place.
- If you think any of these suggestions (or those below) are unrealistic or could be improved, please let us know by emailing support at zipdx.com.
Service providers are welcome to contact us to discuss RRAPTOR findings. ZipDX offers free access to service providers so they can see examples of the calls they are signing. And we are happy to post a response or statement from a service provider regarding our findings if they email that to us.
RRAPTOR captures calls with hundreds of different signatures. These providers stand out as contributing to a higher volume of calls than others not listed.
2. Intermediate Signers vs. Proper Originating Provider Signatures
These INTERMEDIATE PROVIDERS appear to sign calls with their own signature even though they are not the originating provider. By signing for them, these intermediates are masking the identity of the originating providers and letting those providers evade accountability. It would be more helpful if the intermediates would insist that these calls are signed with the token of the originating provider.
Provider | Attestation |
Bandwidth | These providers assign B-level attestation, implying that they have verified the identity of the calling party; tracebacks suggest otherwise |
Peerless Network | |
Lumen / Centurylink / Level3 | These providers assign C-level attestation, which is the appropriate level for an intermediate provider. But it would be more helpful if these providers insisted that the calls be signed with the signature of the originating provider. |
Coztel LLC | |
Telcast Network | |
On Air Telecom | |
Brightlink |
3. Potential Fraud Calls
These providers are associated with calls that appear to be outright fraud. Caller-IDs from many different numbers. It would help if the providers would scrutinize their customers more carefully, monitor traffic for metrics indicative of problematic calling, and quickly disconnect customers sourcing fraud. Alternatively, if these providers are not responsible for the origination of the calls, they can ensure that the calls are signed with the originator’s SHAKEN token.
Provider | Recorded Calls |
Bandwidth | |
Go Voip Dialing LLC | 22 Nov LISTEN (20+ similar recordings on this day) |
Brightlink / NUSO | |
France Telecom LD USA | |
Lumen / Centurylink / Level3 | 25 Nov LISTEN |
Every1 Telecom | 24 Nov A-Attest LISTEN |
Peerless Network | |
Fusion Connect, Inc. | 23 Nov B-Attest LISTEN |
Global Net Holdings, Inc. | 20 Nov LISTEN |
T-Mobile USA, Inc. |
4. Short and Silent Calls
RRAPTOR captures a significant number of short and/or silent calls. Many are signed by the providers listed here. We suggest that providers insist in their ToS or AUP that callers not place these calls. If a caller reaches what they believe is voice-mail they should (1) identify themselves; (2) explain the purpose of the call; (3) invite a callback if the called party is interest; (4) not call that number again. It is rude and harassing to have volume callers hanging up if they do not like what they hear. Do not call numbers on Federal DNC list.
| Over 7 Days Ending 26-Nov |
| ||||
Calls | Unique | Unique | Listed | Examples | ||
LiveVox | 1090 | 676 | 473 | 1052 | SHORT | |
AM Communication Labs | 963 | 872 | 608 | 924 | SHORT | |
Primo Dialler LLC | 703 | 657 | 437 | 682 | SHORT | |
Convoso | 654 | 593 | 320 | 625 | SHORT | |
BCM One Cloud Communications | 632 | 584 | 359 | 621 | SHORT | |
Broadband Dynamics | 620 | 375 | 224 | 610 | SHORT | |
LiveVox | 317 | 223 | 210 | 310 | SILENT | |
AM Communication Labs | 258 | 243 | 207 | 251 | SILENT | |
Broadband Dynamics | 129 | 112 | 38 | 129 | SILENT | |
Primo Dialler | 128 | 127 | 105 | 126 | SILENT | |
On Air Telecom | 125 | 123 | 108 | 125 | SILENT | |
Rapid Eagle / VOIP Essential | 118 | 111 | 83 | 114 | SILENT | |
AllClear Connect | 118 | 117 | 117 | 99 | SILENT |
5. Lead Generation Calls
“Lead Generation Calls” are one of the most prolific general categories of unwanted calls. Most are prohibited by regulation unless the caller has consent from the called party. But we have not granted consent for ANY calls to RRAPTOR numbers. Many “consents” are at best out of date; at worst they are fabricated. We suggest that providers accepting these calls insist that lead generators (1) use a consistent caller-ID (ANI) for a given category of calls; (2) always announce the name of their organization and a callback number that will reach a responsible human; (3) leave a coherent message rather than hanging up; (4) not place more than one call to a given number. Some calls target business owners; no RRAPTOR numbers are assigned to a business. No calls should be placed to numbers on the Federal Do Not Call list.
| Over 7 Days Ending 26-Nov |
| ||||
Calls | Unique | Unique | Listed | Examples | ||
Primo Dialler LLC | 617 | 560 | 340 | 600 | Medicare-Cashback | |
Primo Dialler LLC | 122 | 122 | 99 | 118 | Medicare | |
Contact Center Specialists | 59 | 58 | 54 | 56 | Medicare | |
Convoso | 49 | 46 | 34 | 46 | Medicare | |
FIVE9 | 33 | 30 | 28 | 32 | Medicare | |
Cloud Connect LLC | 285 | 245 | 181 | 258 | Google Business Listing | |
Etelix.com USA LLC | 111 | 105 | 59 | 108 | Google Business Listing | |
Go Voip Dialing LLC | 241 | 241 | 195 | 232 | Back Tax | |
AM Communication Labs | 60 | 60 | 57 | 59 | Property | |
Net Speak Pro LLC | 57 | 34 | 31 | 53 | Debt (preapproval) | |
Etilix.com USA LLC | 21 | 21 | 21 | 20 | Debt (hardship) | |
Go Voip Dialing LLC | 91 | 91 | 89 | 88 | Economic Impact | |
Primo Dialler LLC | 30 | 30 | 18 | 26 | Auto Accident | |
Primo Dialler LLC | 51 | 51 | 29 | 51 | Medicare – HC Benefit | |
Meta-Lynk LLC | 25 | 25 | 25 | 25 | Medicare | |
Twilio | 40 | 23 | 20 | 37 | Property | |
Coztel | 23 | 23 | 23 | 23 | Health Care Benefit |
6. Failure to Sign / Failure to Respond to Traceback
Based on tracebacks we initiated in October and November, it appears that the providers listed here either failed to sign calls they originated, and/or failed to respond to traceback requests. Since traceback and STIR/SHAKEN signatures are key elements in the fight against robocalls, we ask that all providers comply. We also ask providers downstream from those not signing or not responding insist that their upstreams come into compliance; otherwise, we suggest that those downstreams cease accepting their traffic.
Provider | Failure | Downstream |
Intellect Communications (Hong Kong) | No Response to Traceback | OMANTEL |
Perfect Pitch Technology (Lehi, UT) | Failure to Sign | CCI Network Services; TouchTone |
CallWin LLC (Sheridan, WY) | Failure to Sign | The Telecom Solution |
Qemert Pro Technology (Dominican Republic) | Failure to Sign | 1 Call Connect |
Arc Solutions (Pakistan) | No Response to Traceback | UHK Networks LLC |
Emmzee Communications (Pakistan) | Failure to Sign | Bravo Lines LLC |
The Telecom Solution (Las Vegas, NV) | Failure to Sign | |
Tech Bizz Solutions (Lewes, DE) | Failure to Sign | On Air Telecom |
ICOE, LLC (Las Vegas, NV) | Failure to Sign | Peerless |
7. Defective SHAKEN Signatures
Proper STIR/SHAKEN signatures must adhere to a set of technical standards. Calls captured by RRAPTOR (as of 27-Nov 2023) indicate that these providers are not following the standards when signing their calls. We ask that these providers promptly investigate and correct these issues or let us know if they find our analysis to be in error.
Provider | Nature of Failure |
Go Voip Dialing LLC | FROM field in signature does not match FROM calling number in SIP header. |
Every1 Telecom | Verification fails, perhaps due to private/public key mismatch. |
Perfect Network LLC | On majority of calls, TO field in signature has a superfluous prefix (e.g, 101# or 5150 or 7125). |
Voxox / Telcentris | Certificate expired on 2023-11-16. |
FastCast Networks | FROM field in most signatures lacks the required “1” initial digit. |
Go2Uno LLC | FROM field in most signatures lacks the required “1” initial digit. |
Fusion Connect, Inc. | FROM field in most signatures lacks the required “1” initial digit. |
AcmeTelecom / ACMETEL | Certificate is self-signed. Acme does not appear on the iconectiv list of approved SHAKEN token-holders. |
8. Relentless Calling to The Same Number
When calling a number assigned to a wireless carrier, or listed on the Federal Do Not Call list, the caller typically needs consent from the subscriber. Often these consents are out-of-date or erroneous or fraudulent. That’s bad enough. But when they call over and over again, it is especially frustrating for the call recipient. Even worse is when the calls come from many different Caller-IDs.
In the fall of 2022, RRAPTOR was receiving one or two THOUSAND calls every week that we understood to be coming from Digital Media Solutions (aka DMS Group), a big lead generator. We ended up in a months-long dialog with their attorney and the call volume dropped over time, but RRAPTOR still captures on the order of 100 calls a week that appear to come from DMS. (The caller uses DBA names that have previously been associated with DMS.)
You can read some of our previous back-and-forth with DMS via these links:
- Draft blog post by Frankel – 26-Jun-2023 (PDF)
- DMS Response 7-July-2023 (PDF)
- Thread of email correspondence (PDF)
- 30-Nov-2022 – Letter from D. Frankel to DMS via Skadden (PDF)
- 8-Dec-2022 – Letter from D. Frankel to Skadden (PDF)
- 10-Jan-2023 – Letter from DMS to D. Frankel (PDF)
- 11-Jan-2023 – Letter from D. Fankel to Skadden (PDF)
Despite this extended dialogue, it appears that DMS can’t bring themselves to completely stop placing calls to DNC-listed numbers for which they do not have proper consent. Below is a summary of recent calls claiming to be from “Medicare Rewards” – a DMS DBA.
If nothing else, I wish DMS would make no more than three call attempts to a given number before giving up. And while I wish that they would use the same Caller-ID for ALL calls associated with a particular DBA, they should at least use a consistent Caller-ID when calling the same number repeatedly.
Called # | # of Calls | Unique | Elapsed | Most | Audio Examples |
830XXXYYYY | 78 | 25 | 91 | 2023-12-01 | |
713XXXYYYY | 20 | 9 | 19 | 2023-12-03 | |
713XXXYYYY | 14 | 11 | 8 | 2023-11-29 |
Convoso is apparently another relentless caller. Many of Convoso’s calls are very short; often they just say “How are you” or “Good morning; am I speaking with [some name]?” But Convoso signs their calls (almost always with A-attestation) so we can be reasonably certain they are involved in the calls. RRAPTOR has been receiving about 3,000 Convoso-signed calls monthly all year; over 6,000 in November. Like DMS, Convoso calls some numbers over and over and over. As a first priority, my ask of Convoso is the same that I suggested for DMS above.
Called # | # of Calls | Unique | Elapsed | Most | Audio Examples |
318XXXYYYY | 358 | 141 | 92 | 2023-12-02 | |
856XXXYYYY | 140 | 30 | 25 | 2023-12-01 | |
651XXXYYYY | 119 | 15 | 64 | 2023-12-01 | |
417XXXYYYY | 105 | 15 | 63 | 2023-11-30 | |
561XXXYYYY | 96 | 42 | 26 | 2023-12-02 | |
804XXXYYYY | 93 | 25 | 29 | 2023-12-01 | |
765XXXYYYY | 93 | 66 | 92 | 2023-12-02 | |
651XXXYYYY | 78 | 32 | 87 | 2023-12-02 |