Internet Solutions UCEProtect blocking - Is this a scam?

[MrGray]

Our email server is on a static dsl line provided by VoxDatapro which in turn use Internet Solutions.

Our email recently started being rejected by some servers on the basis that it had been blacklisted by UCEProtect. We looked up our mail server on the UCEProtect website to see what the problem was and apparently our mail server is in the clear and not itself blacklisted, however, entire IS subnets are blacklisted because some spam has been reported on them and therefore we are included in a "UCEProtect Level 2 blacklist".

UCEProtect goes on to provide a link to www.whitelisted.org that says:

"WHITELISTING IS RECOMMENDED FOR THIS IP.
Your IP is listed in UCEPROTECT Level-2 Netrange 196.208.0.0/14.
Since your IP wasn't directly involved in abuse, you can exclude your IP from neigborhood blocklists as UCEPROTECT Levels 2 and 3 and others that
are importing our whitelist, by registering your IP with us.
Registration is available at 10.- EURO for 6 month / 20.- EURO for 12 month / 30.- EURO for 18 month / 40.- EURO for 24 month."

This smells like extortion - is this a scam?

We must pay money to get our mail server whitelisted even though we have done nothing wrong?

 

[Tinuva]

UCEProtect is not fun to deal with

It is however not a scam, just a way for them to generate extra money for the time it takes them to set up the Whitelisting for you.

It is not about you doing anything wrong, it is about you ensuring mail sent by your server (as long as it is not spam) gets to it's destination.

 

[MrGray]

It is however not a scam, just a way for them to generate extra money for the time it takes them to set up the Whitelisting for you.

... nope, I don't buy it. They ban an entire isp because a few ip addresses are in their spam lists, and consequently innocent people must pay $$$

 

[Tinuva]

Well whether you buy it or not that is your choice of coarse, and you are more than free to make it whichever way you please.

Fact however is, you are affected and there is a way out if you are willing to pay the price. If not I am sure you can ask your Host to move your box to different IP space which is clean for now.

But yes a whole ISP getting blocked by it, is indeed retarded (my own opinion).

 

[cavedog]

You can send a complaint to IS and wait for a response. Maybe they could negosiate a deal with UCEProtect

 

[PsyWulf]

196.208.0.0/14

Welcome to 196.208.0.0/14 One of our Mail server are also on this IP range and it's caused all types of headaches with Email.

After much research I can tell you - this is legit. If enough level1 spammers are on an IP range they start blocking and widening the IP blocks. Mailmarshal can subsribe to these lists making it a pain in the ass if you're on one of these.

Your options are:
1) New IP in a clean range
2) Pay whitelisted the fee to be added to the do-not-filter list
or 3) Get IS to ban and get their clients to clean up their IP ranges from spamming mail

We went nr2

 

[Tinuva]

Oh it makes sense, its the same /14 in which their ADSL clients are. Trust me IS will either do one of the following, wonder which:
- Ignore the problem
- Block smtp outbound traffic from their ADSL ip ranges
- Filter smtp outbound traffic from their ADSL ip ranges

That's the 3 options they have...I am sure they not going to pay the price to get it on that whitelist.


See the actual problem is, adsl user's whose pcs are infected with virus's/bots and sending out email spam non-stop as long as the pc is turned on. Big problem really, but this UCEProtect list might be able to start having ISPs doing something about that...

 

[WyldPhoenix]

Send a complaint!

 

[MrGray]

I've done a bit of digging and it seems that there is widespread global outrage about UCEProtect's practices, to the extent that there are many suggestions of possible class action lawsuits and the possibility of extortion charges in Germany against them.

I suggest that anyone using UCEprotect in their spam filters remove them, as you will be rejecting email from legitimate sources.

On the surface, they claim that their strategy is to force ISP's to be responsible and police their users, however, they want money to clear individual ip's which are not abusers and even more money to clear isp's and it seems very likely this is just a cash raising effort.

No other spam listing service charges for removal.

 

[Tinuva]

Well to be honest, one should not outright block on any single blacklist. Instead just attach a score rating to the mail if the ip is listed in a BL, and if the IP is listed in multiple blacklists, then have it get close to be blocked.

There might be an outrage about UCEProtect in germany, but there is an outrage for anything that people dont like everywhere in the world so I wouldn't hold my breath, except when they are told to stop by a judge.

 

[aquadog]

From their FAQ:

Q17: Why don’t you say who you are?

A17: Spammers are criminal gangs. In 2004 and since, many other blacklists stopped after they were threatened or attacked.
We also got a package from Ukraine with a dead rat inside and a message: "You are next!"

 

[PsyWulf]

Interesting note,IS' Virtual Hosted servers' Mail is protected by a mailmarshal subscribed to UCEProtect,in effect IS blocks mail from IS IPs

 

[Tinuva]

From their FAQ:

Q17: Why don’t you say who you are?

A17: Spammers are criminal gangs. In 2004 and since, many other blacklists stopped after they were threatened or attacked.
We also got a package from Ukraine with a dead rat inside and a message: "You are next!"

Read this:
Help for ISPs: http://www.uceprotect.net/en/index.php?m=4&s=0

3. Ensure that your dynamic / dialups / homeusers cannot be abused as spam zombies.

Block all outgoing connections from client dynamic / dialups / homeusers to destination-port 25 TCP UNIVERSE if that destination is not your mailrelay / smarthosts and force them to connect to your mailrelays / smarthosts or smtp-submission instead.
Then, if a user's computer becomes infected by malware, propagation will be impossible or at least contained very quickly.
This way, any damage stays within limits and it will be unlikely that blacklists become aware of your system.
Your Homeusers will not be affected by this, because they can still use external mailsystems by using the SMTP-SUBMISSION Port 587 which is in common use since 10 years meanwhile.
For details about SMTP-Submission Port 587 see RFC 2476 which was published in 1998 and which is supported by almost all Freemailers and Webmailservices around the globe.
There is no logic reason why a homeuser with a dynamic IP should have the chance to connect to destination port 25 outside your networks, other than allowing spammers to abuse his computer as spambot.
DSL and Cable Providers which fail to block connects from their homeusers to destination port 25 are almost always at risk to end up in our Level 3, which means all their IP's will be blacklisted and therefore they will run in trouble with their business customers too.
Please also read Informations at MAAWG why to block Port 25.

 

[cda]

Do not pay UCEProtect, do not even talk to them.

Mail the people who are blocking you, and tell them to remove UCEProtect from their blacklists.

 

[ambo]

Mail the people who are blocking you, and tell them to remove UCEProtect from their blacklists.

That would be my advice too.

UCEProtect tend to list huge blocks of addresses to 'make a statement' when spam continues to be sent. I have recently been dealing with an issue where UCEProtect blacklisted almost an entire country for spam.

On the flip side - UCEProtect are not going to list you if spam is not being sent from the network you are on. So clearly there is a problem on the IS network that they need to deal with.