uceprotect.net has us blacklisted?
So I went to their website, and put my IP in to see why. It's not blacklisted because of my IP, or even the entire subnet(s) that it belongs to. So it's not because of any Linode spammers.
They're listing our subnets because we're under "GNAXNET-AS - Global Net Access, LLC", who has had over 300 spammers in the last week out of over 92,000 IPs. 0.3% spamming?
I work at an ISP. I know it's impossible to catch them all. Particularly with today's trojans, worms, viruses, and not to mention a recent one we've been fighting– hijacked webmail logins for squirrelmail and so forth.
uceprotect claims that we (customers with IPs in these networks) are part of the problem by supporting a carrier that doesn't stop spammers. Bull****. Blacklists that list thousands of innocent mail servers are evil, and the ISP's first priority is to make sure the traffic goes through for their paying subscribers.
If any of you guys are using uceprotect to block spam, I'd recommend against using them. You'll be blocking linode customers.
:)
38 Replies
> If any of you guys are using uceprotect to block spam, I'd recommend against using them. You'll be blocking linode customers.
Good up to date alternative blacklists are welcome
I don't think this is a blanket wide ban on Linode IP's.
I run two mail servers on different Linodes and neither of the IP's appear to blocked by uceprotect.
The site I use to check my IP's is:
http://www.robtex.com/rbl.html
Cheers
Their webpage is almost comical on the matter. To quote:
> What means listed at UCEPROTECT-Level 3?
GAME OVER. We and our users have seen enough spam and heared all possible excusions why some lazy providers think to be not responsible for what their customers are doing.
We are not just another blacklist. We really know better. Spam is always a problem tolerated by the provider.
We have very bad news for you: It seems you have chosen the wrong provider.
Your IP 64.22.124.36 was NOT part of a spamrun, but your provider seems to believe that spam is what the internet was made for.
By tolerating your provider doesn't care about spammers you are also supporting the global spam.
If all people would boycott spammerhaevens, spam-friendly providers wouldn't even exist.
I find it funny that they have two massive buttons, PAYPAL and MONEYBROKERS next to the level-3 listing, to allow express removal of it.
It seems that they've blacklisted the entire AS3595, or in sum, 92,160 IPs because they have complaints about 316 of them.
Any RBL with an "accuracy" rate of 0.00343% isn't one that should be used in my book.
The entire RBL seems like a scam to me…
@kbrantley:
Any RBL with an "accuracy" rate of 0.00343% isn't one that should be used in my book.
Any RBL that expands its range to punish innocent people ("don't support people who support spammers") is worthless. Sounds like this list is just the latest pathetic version.
@NecroBones:
So I went to their website, and put my IP in to see why. It's not blacklisted because of my IP, or even the entire subnet(s) that it belongs to. So it's not because of any Linode spammers.
So the question should be: If Linodes ranges within GNAX are clean, why does Linode accepts GNAX having so much spammers.
They could also use cleaner datacenters.
@NecroBones:
They're listing our subnets because we're under "GNAXNET-AS - Global Net Access, LLC", who has had over 300 spammers in the last week out of over 92,000 IPs. 0.3% spamming?
That is 0.1% more than accepted by our standards.
So they perfectly match Level3 listing criterias
@NecroBones:
I work at an ISP. I know it's impossible to catch them all. Particularly with today's trojans, worms, viruses, and not to mention a recent one we've been fighting– hijacked webmail logins for squirrelmail and so forth.
I even worked in an providers abuse department in Switzerland before i was employed by Admins WebSecurity.
I have knowlege what is possible and what is not for providers.
A provider can clean up their act, most of all providers have 0.05 to 0.1 % abusers per 7days comparered to their total ip space.
Having 0.3 % as GNAX is really bad, even a sewer as VERIZON has 0.27%, which means they are cleaner than GNAX compared to their size.
Also very interesting to see 105500 providers are not able to get listed at Level 3 because they stay exteme below 0.2 % abusers per 7 days.
It Is possible that a provider can have VERY clean ranges if he really wants!
@NecroBones:
uceprotect claims that we (customers with IPs in these networks) are part of the problem by supporting a carrier that doesn't stop spammers. Bull****. Blacklists that list thousands of innocent mail servers are evil, and the ISP's first priority is to make sure the traffic goes through for their paying subscribers.
No one paying a sewer is innocent.
Evil are providers not having preventive measures.
A provider hosting webservers should at least have MODSECURITY
Doing so makes it almost impossible to abuse weak scripts / unpatched cms / blogs / other crap dumb users might install.
A datacenter not using MODSECURITY is nothing than unprofessional.
You are part of the problem because you have accepted they ignore the problem and even think you must defend them.
@NecroBones:
If any of you guys are using uceprotect to block spam, I'd recommend against using them. You'll be blocking linode customers.
:)
You are ranting at the wrong place. You should have done so at GNAX.
Furthermore you can assume people using Level 3 for blocking do exactly know what they are doing. We have at this time listed providers as VERIZON at Level 3, so i really doubt Level 3 users will care about some webservers hosted at GNAX are also listed.
Level 3 is declared as an draconic list and used by BOFH's and other HARDLINERS out there.
Interesting to see that meanwhile also some providers are blocking at Level 3 and it does not make me whonder.
Why should a super clean provider having installed our 4 steps to prevent mailabuse allow lazy others to wast his resources and flooding his users?
Many people harrass us, because we are running a very hard and unforgiving course at UCEPROTECT-Network.
They are thinking we could be assholes which want to extort their money.
That is not true.
EXPRESSDELISTING IS AN OPTION ONLY, NOT A MUST.
I want to explain how we came to this option called "Expressdelisting".
In UCEPROTECT's early days (August 2001) the blocklists had public "removeme" Buttons, where listees could remove them self.
As spammers were beginning to abuse that with automated scripts we did secure it with a captcha. Then Spammers did hire persons in India and China to remove their listings manually.
That was the point where my predecessor got rid of "selfremovals" and then everyone was required to contact us to get removed before expiration.
If you ever run a public blocklist, you have clue what this means:
You have to read some thousand removal request per day, and all these guys are claiming to be completley innocent, and they all have fixed their problems.
Not necessary to say that 90% of them did find their way back into the list within minutes, because they had indeed NOT fixed their problems.
Somewhere in 2003 my predecessor has chosen that the only way to get out would be automatic expiration. You know what happened next, do you?
Some listees claimed that it would cost them thousands of dollars to be listed for a week, but
they would have fixed their problem and they are so sure that their problem is now fixed that THEY WOULD EVEN PAY FOR IT TO GET OUT IMMEDIATLEY.
Logic says: One would not waste money if he would't have fixed the problems.
You now know why there is an OPTIONAL Expressdelisting at UCEPROTECT.
We also think we have found a good balance between what is acceptable for someone who has really fixed his problems and needs his email and also expensive enough that spammers would not pay for.
Fees are 50 Euro for a single IP (Level 1), 150 for an allocation (Level 2), and 250 for complete ASN's (Level 3).
You have probaly seen that this is a large discount we give on Levels 2 and 3 compared with Level 1, so one can not compare us to BLARS.
And in fact: Most of those who payed have really fixed their problems and learned an unforgettable lesson: NEVER GO ONLINE AGAIN WITH AN INSECURE SYSTEM.
Ok lets come to our reasoning why we run UCEPROTECT-Network.
You know there are many public blocklists available, but they all do it wrong:
Their logic is to just stop infected machines from delivering spam to their users today.
That tactics really sucks because they can be very easy be gamed by spam-friendly providers.
It is nothing new that there are providers which are moving their spammers around in their address-space. They have no interest to block spam, because they want the spammers money as they want the money of regular users too.
Our mission is different. We want to stop all spam on this planet. Finally.
We meanwhile got so much popular that getting listed on Level 3 becomes a serios issue for providers.
I can tell you about 5 providers (within the last month) now blocking port 25 on all their dialups after they did end up in Level 3 and they have seen that we are the wrong persons to play games with.
There are 105898 AS-Numbers known at this time, but only between 250 - 300 or other said less then 0.3% are listed in UCEPROTECT-Level 3.
I guess that should tell you enough about them and their way to work.
Most people hate spam, but have no clue who is reponsible for that.
Our lookup tool is opening their eyes showing them how deep their own provider is involved in the spam problem or if he is one of the clean ones.
Assuming number of our users is growing the way it did in the last 4 years, then every provider ending up in Level 3 can enjoy his very own intranet latest by 2011/2012.
If that happens, it will be the ultimate end of spam.
This is what we and people using all our Levels for blocking want to happen.
It does not matter to us:
If the complete anti-spam industry goes bankrupt after spam will be history.
If spam-friendly providers will loose all their customers.
If former spammers will have to search for real jobs.
If no one can buy faked viagra or rolexes on the net.
If UCEPROTECT is no longer needed in some years.
We had good lifes before spam came, and we will have good lifes after spam will be gone.
So now lets come to the point how i could be helpfull for Linode to get off Level 3:
I think you got the hint within this discussion.
Lever 3 lists ASN's. At this time Linode doesn't seems to have its own AS, thus suffering from GNAX lazyness or incompetence to clean up their mess.
We have no idea how much IP's Linode has, but we know about very small providers owning a /24 only, but having its own AS.
So why does Linode not also do so?
Linode's ranges will fell out of Level 3 automatically, because they would no longer be seens as part of AS 3595.
Claus von Wolfhausen
@kbrantley:
It seems that they've blacklisted the entire AS3595, or in sum, 92,160 IPs because they have complaints about 316 of them.
Any RBL with an "accuracy" rate of 0.00343% isn't one that should be used in my book.
The entire RBL seems like a scam to me…
You should be better informed before posting next time, to prevent you will look like a fool in second place.
How did you came to the consens it would have an accuracy of 0.00343%?
You know AL IVERSON is one of the most respected blocklist experts in the world?
See his stats for UCEPROTECT-Level 3 here:
http://stats.dnsbl.com/uce3.html
In short it said Level 3 blocked 50.8% spam while it blocked 0.8% ham last week.
So even if it lists complete providers, it looks like UCEPROTECT-Level 3 is a very accurate blocklist and producing very low false positives.
I doubt SPEWS was ever such accurate.
Looks like we have listed the most spammiest ASN's in Level 3, and therefore you should now be informed what to be listed there says about GNAX.
Yours
Claus von Wolfhausen
We have over 2000 dedicated servers between the two companies listed above. Each server comes with - by default 5 IPs but many have more as they are hosting servers with SSL etc.
Hell 6 servers with a /26 gets black listed out of ~ 5000 servers on our network between dedicated and colo customers and we are a spam shop.
Even if we had 50 full time abuse staff we could never keep it below that - just not possible - unless we were to click on that little paypal link…
@GNAX|Jordan:
You have to be kidding me, the GNAX network is used among both tranxactglobal.com and netdepot.com dedicated server companies (among others).
We have over 2000 dedicated servers between the two companies listed above. Each server comes with - by default 5 IPs but many have more as they are hosting servers with SSL etc.
Wow, you think it is ok for someone having 2000 dedicated Servers resulting in 342 spamming IP's per week, do you?
See here:
http://www.uceprotect.net/en/rblcheck.php?asn=3595
@GNAX|Jordan:
Hell 6 servers with a /26 gets black listed out of ~ 5000 servers on our network between dedicated and colo customers and we are a spam shop.
Even if we had 50 full time abuse staff we could never keep it below that - just not possible - unless we were to click on that little paypal link…
I do not see how what you want to tell me with this 6 Servers ~ 5000 Server's example, but even if you click that paypal button, you would be back in a short timeframe, if you have not fixed your problems in first place.
For my understanding you are a datacenter and having lots of virtual servers on your dedicated servers.
That means you will have also many people as customers which never heared about insecure scripts, mysql injections and similar attacks.
You can not expect those to become security experts.
Hell they are endusers expecting you to protect their servers.
Why do you think you have to wait for abuse to happen and investigating afterwards?
That approach might have worked in 1995 but not in 2007.
You have to install preventive measures, so that your endcustomers lack of competence will not allow spammers to abuse your ranges.
Have you ever heared of MODSECURITY
What do you think will happen if you install it on all your servers by default?
I can tell you: You might be able to run the abuse-department for 2000 servers as a one or two man show.
Modsecurity filters all kinds of attacks against webservers, even 0 day exploids are no longer a problem.
Even if some lame customers are going to install formmails of 1997 you wouldn't have a problem.
Best of all: MODSECURITY IS FREE!
So running a datacenter without modsecurity is just UNPROFESSIONAL.
Cheers
Claus von Wolfhausen
Sorry, I'm not buying your arguments.
@NecroBones:
Face it, blocking thousands of legitimate mail servers does nothing but destroy the credibility of your blacklist. You think you're being hard on spammers but in reality you're being hard on those who would actually use your blacklist, destroying it's usefulness.
Sorry, I'm not buying your arguments.
Why do you assume that it would be thousands of legitimate mail servers in a datacenter?
Expirience tells me that most servers found in datacenters by today are nothing than webservers.
They have MTA's installed because almost every distribution does so by default, not because they would be really needed.
No one reasonable would use an vserver in a datacenter to send important mails, because he would always be at risk to end up in point blocklists as SPAMHAUS, SORBS, SPAMCOP or even UCEPROTECT-Level 1, as soon as one of the other customers hosted on that machine installs a 1997 formmail and spammers abuse it.
So what important mail can we expect to come from a datacenter which has such a bad reputation that it got listed at Level 3?
I have not seen a single one up till today, but lots of spammails instead.
So the facts are that we are listing thousands of webservers where more than 300 of them have massive security holes.
As said an MTA from the default installation doens't make an Webserver a legitim Mailrelay.
Cheers
Claus von Wolfhausen
> No one reasonable would use an vserver in a datacenter to send important mails, because he would always be at risk to end up in point blocklists as SPAMHAUS, SORBS, SPAMCOP or even UCEPROTECT-Level 1, as soon as one of the other customers hosted on that machine installs a 1997 formmail and spammers abuse it.
Given that each virtual machine has its own IP address, why would linode1 on hostA cause linode2 on hostA to appear in the black list? 1.2.3.4 is different to 1.2.3.5 and whether they're physically different colocated boxes or virtually colocated boxes makes no difference.
Unless the blacklist expands to cover the /24, /16, /8…
Oh wait. That's your model.
@sweh:
Given that each virtual machine has its own IP address, why would linode1 on hostA cause linode2 on hostA to appear in the black list? 1.2.3.4 is different to 1.2.3.5 and whether they're physically different colocated boxes or virtually colocated boxes makes no difference.
Unless the blacklist expands to cover the /24, /16, /8…
Oh wait. That's your model.
Ok lets see the facts:
It was told to me that each of the dedicated servers would come with 5 IP's. You want to tell me that every vserver there has it's own IP?
You should also see the advantage given to you from UCEPROTECT (free of charge) :
Finally GNAX seems to have cleaned up their act after they got listed at UCEPROTECT-Level 3.
The daily expiration routine has delisted them about 1 hour ago, because there are only 85 abusers left where 184 would trigger a Level 3 listing.
That is not clean, but it is a beginning.
http://www.uceprotect.net/en/rblcheck.php?asn=3595
I guess they will better watch out next time, so you should now have better chances than ever to get your mails delivered to the world, even if you would use your webservers to do so.
Cheers
Claus von Wolfhausen
> You want to tell me that every vserver there has it's own IP?
YES every Linode has its own IP, and most of us use our Linodes for all kinds of server-y stuff, especially and including sending mail.
Your ridiculous assumptions about what people should do with their server presences is as asinine as Verisign assuming that the Internet is just for surfing the Web.
@Claus von Wolfhausen:
Ok lets see the facts:
It was told to me that each of the dedicated servers would come with 5 IP's. You want to tell me that every vserver there has it's own IP?
Umm, GNAX didn't mention vservers at all. (and he mentioned 5 by default, with others having more).
You mentioned vservers. This is linode. On linode every vserver gets its own IP address.
@JDM:
I'm not going to get into the fact-throwing nonsense, but I will say that Uceprotect is doing the wrong in this situation.
Of course he is. He's been laughed at all through nanae. We won't convince him that he's in the wrong (and I wish he hadn't come here to bring his fight to this place).
Fortunately anyone who uses his RBLs aren't serious about getting their mail delivered, so I don't care. I just laugh at them, and maybe try to educate them. Fortunately all the clued people I know also laugh at him.
@sweh:
Of course he is. He's been laughed at all through nanae. We won't convince him that he's in the wrong (and I wish he hadn't come here to bring his fight to this place).
Fortunately anyone who uses his RBLs aren't serious about getting their mail delivered, so I don't care. I just laugh at them, and maybe try to educate them. Fortunately all the clued people I know also laugh at him.
I find it amusing, in a way, that he's come to the forum of a service filled largely with clueful people (clueful due to the nature of how linode works), to defend blocking a large fraction of us, despite us not being spammers. There's a sort of tragic irony in that.
@Claus von Wolfhausen:
Expirience tells me that most servers found in datacenters by today are nothing than webservers.
Then maybe you are looking at the wrong datacentres.
What makes a vserver any different than a physical server? Today's technology allows 40 vservers to run on one physical server. Tomorrow we'll be running 400 vservers on a single server. The big iron guys have already demonstrated thousands of vservers on a single machine.
The physical servers of today will certainly be (and are already) replaced by vservers. We use our vservers for our company mail, cvs repositories, ipv6 tunneling and sometimes web servers.
Think about it.. where are mail servers hosted? My ISPs mail servers all sit in a datacentre. My company's mail server sits in a datacentre. In fact most mail servers sit in a datacentre.
–deckert
@NecroBones:
They have us blacklisted again.
Hardly anybody cares - they are totally irrelevant - their bizarre policies and extortionist business model causes sensible providers to ignore them.
My two bits for what it's worth
@mwalling:
Some blacklists are ok though, like Spamhaus' PBL… that list stops a lot of malware infested Windows boxes from getting spam through.
The problem is not some hundret hacked boxes, the problem is that your UPLINK GNAX is hosting a major spammer with some hundret IP's at this time.
Have a look at the IP's which are causing the problem and see what you get as PTR's:
Scroll down complete to see the IP's which got listed at Level 1 and so causing the problem.
So lets see some of the IP's and decide what it is:
63.247.64.65 mail1.awesomemktg.net
63.247.64.66 mail2.awesomemktg.net
and so on some hundrets more of that one..
Now lets look to whom you can say THANK YOU for being listed:
Domain Name: awesomemktg.net
Registrar: Name.com LLC
Expiration Date: 2009-04-28 00:00:00
Creation Date: 2008-04-28 16:06:07
Name Servers:
ns1.awesomemktg.net
ns2.awesomemktg.net
REGISTRANT CONTACT INFO
Inet Advertising
Domain Administrator
234 Morrell Rd.
Suite 160
Knoxville
TN
37919
US
Phone: +1.6155126750
Email Address:
63.247.64.100
and let's see who is that:
Domain Name: differentmktg.net
Registrar: Name.com LLC
Expiration Date: 2009-04-28 00:00:00
Creation Date: 2008-04-28 16:06:08
Name Servers:
ns1.differentmktg.net
ns2.differentmktg.net
REGISTRANT CONTACT INFO
Inet Advertising
Domain Administrator
234 Morrell Rd.
Suite 160
Knoxville
TN
37919
US
Phone: +1.6155126750
Email Address:
Lets pick another IP from that space …
63.247.95.100 mail4.mailingsforconsumers.net
Domain Name: mailingsforconsumers.net
Registrar: Name.com LLC
Expiration Date: 2009-04-13 00:00:00
Creation Date: 2008-04-13 16:33:56
Name Servers:
ns2.mailingsforconsumers.net
ns1.mailingsforconsumers.net
REGISTRANT CONTACT INFO
Inet Advertising
Domain Administrator
234 Morrell Rd.
Suite 160
Knoxville
TN
37919
US
Phone: +1.6155126750
Email Address:
If you will do the work and have a look to that list above then you will find that GNAX did lease some hundret IP's to a well known spammer.
Claiming they would not have known about that is futile.
The PTR's given should have been warning enough to know that it will be no brave customer.
All of the domains within the complete Listings were registered less than 3 month ago and for only one reason - spamming.
Spammers lie and so does GNAX.
GNAX wants YOUR money, but they also want spammers money.
They did exactly knew that they will end up in UCEPROTECT-Level 3 again if they will give complete /24 Networks to spammers again as they did it one year ago too.
It might be a good idea if Linode would search for a better uplink instead.
Companies using our lists do exactly know why they are using UCEPROTECT and you will not get them to drop us, because UCEPROTECT works for them.
Have a look at AL IVERSON's independant staistics:
That translates to: UCEPROTECT-Level 3 (which lists complete providers) has blocked about 40% spammails, but less than 0.3% false positives
Could that mean that those some hundret providers which manage to end up in Level 3 are responsible for 40% of the global spam, but less than 0,3% real mail came from their networks and ranges?
Claus, its a small forum, you don't need to post the same propaganda twice. And, since you seem hellbent on attacking GNAX,
Take the hint, it's not our problem, because we have no control over this whatsoever. If you were to extend the same logic all the way up the chain, you might as well add the entire internet to your blacklist, because it's the whole world's responsibility to combat spammers.
@NecroBones:
you might as well add the entire internet to your blacklist, because it's the whole world's responsibility to combat spammers.
Sound like UCEPROTECT-Level 4 just got invented;)
AUSTRIA
AT-Mirror 2 - Foltec GesmbH
CANADA
CA-Mirror 1 - Admins WebSecurity GbR
CA-Mirror 2 - iWeb Technologies Inc.
FRANCE
FR-Mirror 1 - Cisneo.fr
GERMANY
DE-Mirror 1 - Blindi Net Project
DE-Mirror 2 - Cosimo GmbH
DE-Mirror 4 - I-NetPartner GmbH
HUNGARY
HU-Mirror 1 - Nordtelekom Ltd
MEXICO
MX-Mirror 1 - Suavemente Networks
PHILLIPINES
PH-Mirror 1 - Bitstop Network Services
SWITZERLAND
CH-Mirror 1 - Your-Web GmbH / Swiss Computer Services AG
USA
US-Mirror 1 - Net Services Group
US-Mirror 2 - AntiSpamTech
US-Mirror 3 - Cari.net
US-Mirror 4 - Cari.net
US-Mirror 5 - VIRTBIZ Internet Services
US-Mirror 6 - Suavemente Networks
US-Mirror 7 - Egihosting
US-Mirror 8 - Sprocket Networks, Now powered by AppServe Technologies, LLC
US-Mirror 9 - Singlehop.com
US-Mirror 10 - Marlin eSolutions
US-Mirror 11 - Netriplex
US-Mirror 12 - Wholesaleinternet.com
US-Mirror 13 - CPC Technology
Also "thank you" to Phil Marsh, Snowdon Consultants Ltd for proofreading and correcting the English version of the website.
To Whom It May Concern:
The company you are sponsoring has several people trying to get together and file a class action lawsuit against this company due to their methods of operation. Listed below is several comments including UCEPROTECT on their methods of operations along with comments on what people think of this company.
From UCEPROTECT themselves…
People that use UCEPROTECT (BACKSCATTERER) go with level 1 or level 2 of filtering because level 3 is to aggressive by blocking out entire IP blocks instead of specific IP addresses as they should do. (
Here is a list of IP addresses currently being blocked by them. I pasted them into Microsoft Excel to see how many are black listed and it went way beyond Microsoft Excel’s limit of 65,536. You can find the list here. (
Here are some links of people’s comments on BACKSCATTERER along with some quotes about their tactics of extorting money which I myself have paid also. ($74.97, which I found out after paying they want on a monthly basis. I should consider myself lucky because I found out that they used to charge $200 per month) There are people rallying out there to bring up a class action lawsuit against them.
…We used to use uceprotect but we found waaay too many false positives because of very large, blanket listings We had to remove it from our list of used RBLs…
…I actually was using the exact same set of RBL's, but after a while I found out that UCEPROTECT1 repeatedly listed the smtp servers of some major ISP's here (NL). Of the unique hits of this RBL (not in any of the others), about 50% was a false positive, so I removed it. I have not yet encountered similar problems with Zen, Spamcop and PSBL….
…This is an extortion racket along the lines of sorbs.net. This 'anti-spam' service may well be run by spammers - with their strange understanding of legal matters, poor grammar, and payment by PayPal - they sure act like spammers….
…JVF has never heard about UCEPROTECT until now. Their practices are bordering on extortion. Ourselves, as well as others in our same situation, feel that a class action lawsuit should be brought against them. Their method of blocking the entire ISP's IP range just because of a similar users IP is unacceptable and against every rule in the spam book. Below you can see the hoops we have been jumping through to get our IP address removed from their blacklist….
…OK, so we're listed on their blacklist, this is not the first time we have had to remove an IP address we manage that has been incorrectly added to a blacklist, so what is the process? As you can see in the screenshot below, they want us to pay 150.00 € Euro's (EUR) to process our request and remove our IP address. That's almost $200 dollars! This is totally unacceptable, and quite possibly illegal! We are aware that some IP addresses are definitely more suspicious than others, but you wouldn't want to filter mail from them without a little further evidence (like seeing some spam from them)….
…It is borderline extortion. The only people who pay are the admins that dont know any better….
…These people are crooks and probably run by the same people that create spam. No respectable hosting company should use them for blacklists.
They have no legitimate reason for listing an IP and can offer no proof or information for fixing the so called offence (even if you pay 150$ for it).
There are many scams on the Internet and UCEPROTECT is one of them….
…This means no reasonable Person should use Level 3 for BLOCKING….
Here is a comment from my tech support on UCEPROTECT which powers BACKSCATTERER. MIPSPACE also uses BACKSCATTERER.
. . . Hello,
While the server is listed at UCEPROTECT, there is very little we as a company can do. They run their blacklists only as an effort to make money. We've tried to work with them before and it all comes down to them wanting money to do something that is automated in the first place. We have repeatedly asked them for logs/evidence/proof and they adamantly do not provide any. Armed with this information, upper management refuses to deal with such unscrupulous companies. . . .
Thank you for your time,
Michael
What do you think? This DEFINATELY shows questionable behavior!
Michael
I have no business relationship with GNAX. I rent a VPS from Linode, and Linode hosts their hardware at NAC.
It's like saying "We do not allow customers from Canada because of an action taken by a citizen of the United States. You're on the same continent as them, your continent supports this sort of action, so your country should choose a different continent."
lol someone got bent enough to make this: uceprotect.wtf
I feel bent too. We have 13 servers with Linode. All of the IPs are blacklisted with UCEPROTECT.NET (dnsbl-3.uceprotect.net).
This has become a major problem for us as a service we use with the email provider INTERMEDIA is detecting that we are this blacklist and therefore not whitelisting our IPs to send email from web servers.
Intermedia itself monitors our email sending and has from time to time detected an errant form that was penetrated by spammers. We have then fixed the issues. But this is rare event. We run a full security suite for all of these WordPress site, and use AKISMET which knocks down 99.9% of bad form submissions. These servers simply aren't spamming and yet the IP on listed with UCEPROTECT - but no other blacklists.
I don't know why some providers use include them in their blacklist checks, but I will lobby Intermedia to remove it.
I realize that Linode cannot control this uceprotect blackhat behavior, I just wanted to contribute our experience.
Best,
James
Director, Colophon New Media, LLC
This thread is 14 years old. There are a couple of other threads on this topic. You can search for them…
These servers simply aren't spamming and yet the IP on listed with UCEPROTECT - but no other blacklists.
This is because UCEPROTECT is an extortion racket. Instead of blacklisting single IPs or subnets, they blacklist entire ASNs. My Linode has two IP addresses: IPv4 and IPv6. Yours probably does as well. For my Linode:
- it's IPv4 network contains 16384 addresses; and
- it's IPv6 network contains 1267650600228229401496703205376 IP addresses.
Linode's ASN has a 131 networks in it. If all of them are similar to these two, you can see that blocking more IP addresses than there are stars in the galaxy for one instance of spamming is just ridiculous. UCEPROTECT wants money for Linode to be de-listed from their blacklist…with no guarantee that, after the ransom is paid, Linode's ASN won't land right back on UCEPROTECT for violating their state-secret criteria for determining if a sender's IP address is spamming. It's a clear instance of extortion…
Consequently, Linode won't pay the ransom. Linode's ASN goes on and falls off UCEPROTECT periodically (right now it's on). No one in their right mind should use or pay attention to UCEPROTECT. None of the big email operators pay any attention to them, you shouldn't either. Maybe if their income stream dries up, they'll crawl back into the ooze from which they emerged and leave the world alone.
UCEPROTECT is not about stopping spam…it’s about generating income for the operators.
-- sw
I have two servers on Linode - not a lot compared to most of you. Both IPs are in subnets listed in their Level-3 BL. The only thing I can do is pay about 50CHF every 6mo to have one of them whitelisted and use it as a mail relay. Since I have one server running as a spam filter gateway, that is the one I white listed.
It appears that Microsoft uses uceprotect.net for black listing. Without the whitelist I am blocked from sending email to any microsoft domain. The automated removal from the MS black list is always denied, and I push for escalation. Never get a response. uceprotect.net LEVEL 3 is the only black list I am on, and that is not even related to me.
Personally, I see what their doing as extortion. It is ridiculous that we are being strong armed using criteria that isn't even attached to our provider. It is like paying the mafia for protection.
@netzarim --
Personally, I see what they're doing as extortion.
Yep. It's a scam.
It appears that Microsoft uses uceprotect.net for black listing.
Correlation != Causation.
M$ does not use UCEPROTECT. Periodically, UCEPROTECT will blacklist Office 365 IP addresses (looking for a big payday I suppose). Why would M$ initiate something like that?
More likely, you're caught in M$s "bad IP reputation" black hole (the details of which are a Redmond state secret).
The automated removal from the MS black list is always denied
You're just a puny user to M$. I'll bet if you waved, say, $500K (US) in front of them, you'd get a response pretty quickly. That's not to say M$ would resolve your problem, but you would get a response.
and I push for escalation. Never get a response.
Your requests are probably going into one of the many dead receptacles for this kind of stuff. M$ knows all and knows best. They don't care what you think or want. They only care about $$$.
The operators of this nonsense are in India somewhere and they have to justify their existence to the mothership in Redmond periodically…so idiot stuff like this is the norm -- not the exception. The facility (whichever one it is) also staffed largely by junior people (all of whom seem to be no lower in the hierarchy than Senior Vice President) and contractors. Neither group can tie their shoelaces without emailing Bill Gates first to ask how. Neither group could make a decision to abandon a sinking ship if that's what was called for. Got the picture yet?
uceprotect.net LEVEL 3 is the only black list I am on, and that is not even related to me.
Welcome to the club! EVERY Linode IP address is on UCEPROTECT. Part of their scam is to block Linode's ASN (autonomous system number -- every address in every network Linode operates). Look how long this thread has been in existence…nearly 15 years. This gives you an idea of how long this has been going on.
My only suggestion is to try IPv6 to send the emails you want. My Linode's IPv6 address is not on UCEPROTECT. However, your experience with M$ may be exactly the same. You could also ask Linode support for their intercession with M$…that seemed to work the last time (it took quite awhile however). Linode won't deal with UCEPROTECT because it's an extortion racket. You shouldn't either. You shouldn't even contact them.
-- sw
I have managed to get Microsoft to remove my server from their blacklist several times. Each time this happens the entry is removed from UCEPROTECT at the same time. This is suspicious.
As for how to accomplish this, I have no idea. It's pure 1% luck that the right service agent gets your request and processes it. Even then it will eventually reappear on the blacklist so what's the point.
I have all but given up which is exactly what the big profit mail providers want. I have even tried collecting IP addresses that are not on any blacklist at all and even if they are never used for anything, given some time they magically appear on UCEPROTECT. I believe the act of checking an IP address against UCEPROTECT is enough to get it listed. I wouldn't rule out collusion but nobody seems to care or understand the issues involved. This scam has been going on for far too long.
To be fair, I do see cases where a server is not on any blacklist at all and Microsoft (or whoever) still blocks it. This is the pain.