I started getting notified via MXToolbox (I had it set up years ago, offers single IP free monitoring) that my static home IP is blacklisted on Uceprotect level2.
There is a link to check out what to do about it, and there it says my IP is not directly involved in any spamming, but they still put the whole block on a blacklist if there is a single spammer sending out crap.
The thing is it’s a big-ass block, 65536 IPs if my math is correct (xxx.xxx.xxx.xxx/16). Provider does not give a crap, naturally.
But being nice people they are, they will whitelist my IP if it’s whitelisted on whitelisted.org, as it’s not my fault but some other asshole on my block. They however want to get paid, and get paid a lot - 25CHF/month.
This just feels like an extortion attempt, sort of like “You are going to prison because someone in your neighborhood is a criminal. Unless you pay us. Monthly.”.
Should I take any action, or just ignore them? I didn’t observe any email send/receive issues from the home server.
That sounds like it’s going to take up a lot of my time… and money
Get a lawyer in home country → sue some German company trying to get money trough a Swiss company. And my ISP is basically a monopoly so they are more-less untouchable.
DDoS it is, can I borrow someones botnet please?
Anyone who is using blacklists that are throwing away entire /16s arguably no longer has a functional internet connection. I doubt many places are implementing whatever list you’re on, or if they are, they were just using it to monitor more closely and not outright block. I wouldn’t worry about it unless you experience actual service problems.
It also occurs to me that blacklisting a block that large might be geographical. In either case, you could get around it for under 25CHF (swiss franc?) by using a VPS as a reverse proxy.
Yeah, I’ll probably just ignore them. @Jari suggested to contact their support, but what I found was very unprofessional, and I would argue illegal.
YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR NET IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.
And when you run a query you get this if your IP block is blacklisted, even if your specific IP is not the offending one:
We never make exceptions. Requests to us are futile. Only your provider can fix this problem.
It sure does feel like blackmail, extortion or similar bullshit…
Have a word higher up the chain. Here’s the relevant portion of a whois query:
[email protected]: whois uceprotect.net
Domain Name: UCEPROTECT.NET
Registry Domain ID: 97889633_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.psi-usa.info
Registrar URL: http://www.psi-usa.info
Updated Date: 2021-01-26T12:14:59Z
Creation Date: 2003-05-14T13:34:00Z
Registry Expiry Date: 2021-05-14T13:34:00Z
Registrar: PSI-USA, Inc. dba Domain Robot
Registrar IANA ID: 151
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +49.94159559482
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: GUSS.NS.CLOUDFLARE.COM
Name Server: KAMI.NS.CLOUDFLARE.COM
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2021-02-22T18:27:21Z <<<
Do you have dkim entries setup, are you still having issues?
Yeah, I had someone setup DKIM and SPF (i think?), and It looks like there is no issues so far, it’s just that every Monday MXToolbox monitoring wold send an email that says something along the lines of “Everything is fine, IP has not been blacklisted anywhere for x amount of time”, but these last few weeks, emails come at any time and notify that I landed on a Ucprotect level2 black list, and they always leave instructions where to check for delisting.
They (MXToolbox) monitor a lot of blacklists for you, but l don’t get why would they be on a lookout for Ucprotect if they obviously extort people, unless some security systems actually use it.
Microsoft domains blacklist my entire range because it’s a VPS. All mail is rejected.
The system is rigged.
I am fighting this problem since February, writing lots of emails to MS support (obviously there is a different support for Office365 and Outlook). My mailserver has a score of 10/10 at mail-tester com (recommended by MS). Unfortunate we got a new IP due to a server upgrade in February, so I am not sure if is is a problem of the new IP or the new server setup.
I tried another IP from a very different range, but I still can’t deliver any email to MS hosted domains. I would be very interested, if anyone found a
unfortunately I have not even bothered to attempt finding a solution. In all likelihood I will be told to pound sand anyway since microsoft doesnt give a damn about a forum with 40-ish users.
I ended up ignoring ucprotect, as there was zero impact on mail delivery. Maybe look into DKIM, DMARC and SPF if you haven’t already. If I remember correctly when we were doing the phishing test, IT guys had to setup SPF and DKIM to deliver to Microsoft365.
my mailserver has all this features: SPF,DKIM,DMARC.
As I said, my mailserver has a perfect score at mail-tester (dot) com
(while MS just has a score of 7: -2 for spamassassin and -1 for missing DKIM)
Actually their mail server doesn’t meet their own requirements.
How is Microsoft getting away with this fascism?? Their internal mail blocklist is MAINLY blocking IP addresses that are in the same IP block as spammers. Which, in other words, is virtually all VPS or other rented IP addresses from large vendors. This in essence is a SCHEME to prevent ALL SMALL BUSINESSES in the entire world from being able to send email unless they bow down at the altar of one of the “major” email vendors (gmail, msoft, aol, etc…) and all of their horrible systems.
There are free list’s available here:
Add em to hosts, config, browser, app, OS. Check the ranges aswell, and perhaps use other browser software and search engines. Instead of relying on typical search engines with the algorhytm they use.
This crap right here is why email needs to die. Its insecure, does not have proper access control and is built on the same concept as the telephone service, and y’all know how fucked the telephone service is when it comes to spam.
What… the fvck?
Threatening us with legal action is just ridiculous and will have the consequence that your message will be [published by us as Cart00ney.](http://www.uceprotect.org/cart00neys/index.html)
Expect that to cause additional damage to your reputation, so think twice before playing the Cart00ney card.
Are these guys even remotely professional, or are they just trolls / FUD extortionists? Their own website uses TLS 1.0 / 1.1, so you cannot access it without lowering your browser's security. Also, in their latest "cart00ney" (didn't bother to read the others) they seem unprofessional too. There are ways in which you can shame court / suing trolls, but the way they do it seems like they are making fools of themselves.
Yeah, not wasting my time in reading all that or continuing this comment.
Based on their website, I’d argue the latter. “Spammerheavens ;-)” really screams “we are all about serious business here at uceprotect”
To that end, I suggest a boycott of uceprotect.
Just tried to check the status of my IP, and
whitelisted.org doesn’t even support IPV6.
Yeah, U**PROTECT is a total joke.
Also, this topic reminded me of this thread by some mail server admin:
If this is a pro big business thing that is aligned with IOT to take down all small business online - - - smh - WE HAVE THE RIGHT TO EXIST!