In general telemarketers business practices are questionable at best, and they often obtain lists of numbers from various "information service" companies....people that make a living either scouring the internet for personal data (facebook, blogs, personal websites, even forums), or operating ruses, like promising a chance to win some prize if you enter a form of personal data to "enter". These lists then of phone numbers, addresses and the like are sold off to people who want to sell you something. Junk mail, telemarketing calls, ect. Often e-tailers of dubious intentions will store personal data entered when making purchases.....address, phone, name, and later sell these batches of data off for a quick extra buck at your expense. Why doing business with shady looking or unknown websites is risky.
The do-not-call list is little more than a veil of security. It in no way "protects" you from anything. It's a list of people that stated they do not want to receive commercial phone calls. Companies that operate with a telemarketing division are supposed to be tied into this list and check every number they might call against it. That's a lot of work and few if any bother to do it....what's going to happen if they do? Nothing. You can call and report so-and-so number called you. The FTC doesn't give a ****. They've got better things to do than worry that some fly by night salesman interrupted your dinner for 10 seconds before you hung up on them.
Nobody really telemarkets anymore....it's a dead practice, nobody trusts it. Kind of like how the days the of the travelling, cold-call salesman are done also....it's so rare to get someone even interested that it's just not worth the time, it doesn't pay off in sales.