that is an impressive flaw. why would you ever assume a wild card across all parts of a phone number? I get a lot of spam calls where there area code + prefix matches my number and I just ignore them.
I have a hard time justifying even wildcard values for the last four digits in whole, partial wild card yes to get a PBX or such
My wild, totally uninformed, guess that it wasn't an assumption that empty meant wildcard but rather a failure to sanitize input at all. My experience, though limited, with these management applications is that the developers assumed the operator would never, ever, ever enter an illegal or unexpected value and therefor implicitly trusted the input. It's possible that the empty value was considered illegal and whatever module that handles call routing on the phone switch failed to function, blocking traffic as a result of the value.
It sounds crazy, but consider a similar circumstance of popping something illegal into an Apache or nginx configuration file. The service fails to start and anything hosted behind it is down. I'm not saying it's acceptable, just likely[0]. The difference here is that this software has an audience of very few people, is poorly developed to begin with, and usually outputs error messages similar to C++ compilers from the 90s. And the software was probably written in the 90s, too.
[0] While a competent sysadmin expects that a failure to provide valid values in a configuration file will result in a service not functioning, our typical interaction with modern software comes with the expectation that an invalid value provided to a configuration form will result in a rejection of the value. Even in the cases of Apache/nginx, they provide a method to check your configuration before using it -- just to be safe to make sure you didn't leave out a semicolon/closing brace/</Something>
The sheer fact that it routed to a line that rang is enough for them to know it's a good number. Their auto-dialer could be configured such that answering it increased the cadence of calls or something such as that. But the absence of the call being routed to a not-in-service/no-longer-available response is enough of a signal for them to know it's a good number.
Source: I did data management for a company that performed a high volume of outbound business dials (not consumer lines). At one point we evaluated productizing our non-valid numbers list, so that businesses could do things like flag when their main contact at an account was no longer at the company, triggering an automatic alert to follow up with the remaining contacts at the company and re-establish a relationship. CNAM lookup services like Twilio Lookup[1] don't do so well at this use case, since companies tend to reserve a full block of phone numbers (always showing as active when doing a CNAM lookup), but when an employee leaves their line will temporarily be de-activated internally until it's re-assigned to a new employee.
I have a hard time justifying even wildcard values for the last four digits in whole, partial wild card yes to get a PBX or such