Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


UCEPROTECT scammers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

UCEPROTECT scammers

NyrNyr Community Contributor, Veteran
edited October 2013 in General

So I didn't know much about UCEPROTECT until now, since they just listed the entire Core-Backbone AS in their level 3 RBL.

Only way to for an ISP to request a delist is to pay them 586 USD. If you don't want to pay, you need to wait at least one week for the BL to be removed.

The blacklist covers 48128 individual IP's but only 256 were used for spam. It was a single /24, not even owned by Core, but they had listed the whole ASN as spammy. Not only Core owned addresses, IP's from other companies announced on the same ASN too.

From their FAQ:

As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP xxx.xxx.xxx.xxx was NOT part of a spamrun, but you are the one that has freely chosen your provider.
By tolerating or ignoring that your provider doesn't care about spammers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldn't wonder about the consequences.

When you try to whitelist a single address:

Since your IP wasn't directly involved in abuse, you can exclude your IP from neigborhood blocklists as UCEPROTECT Levels 2 and 3 and others that
are importing our whitelist, by registering your IP with us.

They know nor my IP or subnet was used for abuse, but they want me to pay (23USD/m) for delisting anyway. No way I am paying anything to those scammers.

Those guys don't look like a legit operation at all, but their RBL's are used by some big providers and worst of all, they are actually sponsored by some big guys like WSI, EGI, Singlehop or Cari.net:
http://www.uceprotect.net/en/index.php?m=11&s=0

Has anyone had problems with them in the past? Are they known scammers or only undercover ones?

«1

Comments

  • Welcome to the club. Someone should start an "Anti-Abusive RBL" campaign.

    Thanked by 1AlwaysSkint
  • SkylarMSkylarM Member
    edited October 2013

    UCEPROTECT is one of the blacklists I dislike dealing with the most. Before we had solid smtp monitoring we had a customer purchase 5 ips total and got all of them listed in UCEPROTECT which resulted in a full /24 being blacklisted for something like 14 days. "Express" delisting is just their way to try and snag some extra cash out of it, never paid for it as it's not worth it IMO.

    Sucks to see an entire AS blacklisted as a result of IP space they announce for a customer. They really shouldn't penalize an entire AS range for an IP announce issue. That'll take quite a bit of time to get delisted.

    I think base limit for a level 3 listing (full AS) is 100 in a set period of time. Pretty strict, but makes sense if it's the actual provider's IP space imo. Doesn't take much to announce IP sets for a customer, have them spam and get their IPs listed, and then screw over an entire AS range so I don't feel it SHOULD apply to non-provider owned IP space in that specific case.

  • I love UCEPROTECT, but everyone who uses them as a RBL is a fool. Use UCEPROTECT, as recommended, to score email, and you will be very very happy.

  • AnthonySmithAnthonySmith Member, Patron Provider

    You have to consider though... with all the spam, are any of them actually helping at all, if someone wants to send spam they are going to send spam RBL or not.

  • NyrNyr Community Contributor, Veteran

    @jimpop said:
    I love UCEPROTECT, but everyone who uses them as a RBL is a fool. Use UCEPROTECT, as recommended, to score email, and you will be very very happy.

    I don't want to add spam score to my email based on ratings by an organization which lists entire legit ASN's as spammy and wants big $$$ for delisting.

    Thanked by 1AlwaysSkint
  • @Nyr said:
    Not only Core owned addresses, IP's from other companies announced on the same > > ASN too.

    Look's like /24 block was assigned from Core ?

    If so what UCEPROTECT did is right decision, because ISP won't solve the spam issue until will be blacklisted completely.

    Thanked by 1marrco
  • c0yc0y Member

    @Magiobiwan said:
    Welcome to the club. Someone should start an "Anti-Abusive RBL" campaign.

    RBL system is broken. Setup your own antispam filters and providers should take down those assholes.

    Remotely trusting an organization with so much power (that is for EVERY antispam organization) is just stupid as fuck

    Thanked by 2Mark_R quicksilver03
  • NyrNyr Community Contributor, Veteran

    @alexvolk said:
    If so what UCEPROTECT did is right decision, because ISP won't solve the spam issue until will be blacklisted completely.

    It was a /24 owned by Core and assigned to a customer, I was wrong about that.

    But no, most ISP's deal with spam professionally, without getting their entire AS listed. The right action would be to list only the /24 since Core network is clean like addresses in my assigned assigned range are. My IP space isn't even owned by Core, only announced by them and is blacklisted anyway. They only want money for delisting innocent customers, Core has a pretty clean IP space.

  • @Nyr said:
    I don't want to add spam score to my email based on ratings by an organization which lists entire legit ASN's as spammy and wants big $$$ for delisting.

    To each their own, I believe it gives them credibility AND leverage.

  • NyrNyr Community Contributor, Veteran

    @jimpop said:
    To each their own, I believe it gives them credibility AND leverage.

    Credibility ≠ listing entire subnets as spammy when they are 100% clean.

    Thanked by 1perennate
  • Some day a RBL is going to go so far as to list any blocks announced by Google, HE, nLayer, or some other MAJOR ISP. Then the shit will REALLY hit the fan.

  • jarjar Patron Provider, Top Host, Veteran

    Not all of these lists are so bad. I've found spamcop increasingly pleasant to deal with in more recent months. It's a self regulating market if you think about it. If they block too liberally, subscribers to their list will lose clients. If they block too conservatively, no one will want their list in the mix. If they blackmail and overcharge, they'll block enough people that aren't willing to pay and subscribers to their list will lose clients.

    It all plays out in the end, just struggles in the middle.

    Thanked by 2Maounique marrco
  • @Nyr said:
    Credibility ≠ listing entire subnets as spammy when they are 100% clean.

    Au contraire, UCEProtect never lists subnets outside of the entity they feel are responsible for the spamming. I would agree with you if UCEProtect listed a subnet from Anders due to spam received from a subnet belonging to RapidSwitch, but that is not the case. You are upset because a provider you do business with has been identified by UCEProtect for unscrupulous behavior in a netblock partially related to yours

    Thanked by 1marrco
  • MaouniqueMaounique Host Rep, Veteran
    edited October 2013

    I agree with jarland, however, it takes a long time for self-regulation.
    UCEPROTECT makes big money for years from extorsions (spammers will pay as they can afford).
    Just send mail over IPv6 and kick those clowns to the curb.
    They list big providers from romania because they have customers with dynamic IPs infected.

  • FWIW ISPs with residential customers, especially on dynamic IPs should have smtp blocked.

  • BrianHarrisonBrianHarrison Member, Patron Provider

    How egregious was the level of spam coming from that /24? Are the IPs also blacklisted by Spamhaus and do they have high SenderBase scores?

  • MaouniqueMaounique Host Rep, Veteran

    @rds100 said:
    FWIW ISPs with residential customers, especially on dynamic IPs should have smtp blocked.

    There are lists for that if you wish to block them no need to block the whole provider just because gives unfettered access to the internet.

  • NyrNyr Community Contributor, Veteran

    @jimpop said:
    You are upset because a provider you do business with has been identified by UCEProtect for unscrupulous behavior in a netblock partially related to yours

    No. I am upset because I am requested to pay for "protection", basically. My provider hasn't had any unscrupulous behavior and this incident has to do with only a single subnet owned by a single customer out of the hundreds my provider has.

  • NyrNyr Community Contributor, Veteran

    @Maounique said:
    There are lists for that if you wish to block them no need to block the whole provider just because gives unfettered access to the internet.

    That. UCEPROTECT suggests providers to only allow access to their own SMTP gateways and that's completely wrong for net neutrality at so many levels.

    Oh, and they blacklist addresses for portscaning too...

  • @Nyr said:
    No. I am upset because I am requested to pay for "protection", basically. My provider hasn't had any unscrupulous behavior and this incident has to do with only a single subnet owned by a single customer out of the hundreds my provider has.

    I understand that pain, I really do. I'm sure it is very frustrating to have to deal with that situation. However, I don't blame UCEProtect for that. UCEProtect did not tell other people to block your emails solely based on UCEProtect data. You should vent your frustration at whoever is incorrectly using UCEProtect to block your email. (I hope it's not me!) :-)

  • Maounique said: Just send mail over IPv6.

    Atm mail over IPv6 is not a good idea, and will cause your deliverability drop really low. Since it's not pratical to blacklist ipv6 space many providers will resort to just whitelist known good ipv6 addresses.
    Solution is known, always monitor you ip space reputation, act quickly and check your abuse mailbox, get subscribed to closed loop feedback with large providers (hotmail/live, yahoo ecc), and try not to have spammers subscribe your service first. Price appropriately, verify who your customers are, write a good tos and monitor/limit outgoing port 25 connections.

  • jimpop said: I would agree with you if UCEProtect listed a subnet from Anders due to spam received from a subnet belonging to RapidSwitch, but that is not the case. You are upset because a provider you do business with has been identified by UCEProtect for unscrupulous behavior in a netblock partially related to yours

    Uh, google took me here when researching an issue I have now with this racketeering spamlist group. On one of our machines the entire IPv4 space is blacklisted, and the people who spammed are on a different ASN! (though in the same city, and my ASN used to be in the same building with them to be fair) I think their price for removing me or whitelisting me is rediculous, they even admit on their whitelist site and their spamlist site that my ip addresses were not involved, but they blocked the whole subnet anyways. The IPs are not found on any other blacklist in checking tools.

  • letboxletbox Member, Patron Provider

    They do the same with me!

  • MaouniqueMaounique Host Rep, Veteran

    And prices almost doubled. This means very few people pay, so, try to convince whoever uses their list to stop.
    Or you can change provider, in this case it seems it is a provider which does not care if they did not terminate the spammers, so, uceprotect might be right. If they did,just wait one week and use mandrill in the meantime.

  • Mark_RMark_R Member
    edited December 2014

    Another shitlist related thread.. we should just burn those RBL's and be done with it. there are anti-spam solutions that do not involve lists managed by those blackmailers who try to justify blocking an entire /24 causing important messages to be lost and putting the blame on the provider. Nothing makes me more upset than missing important emails because of lists like this.

  • MelitaMelita Member, Host Rep
    edited December 2014

    The way it works:
    UCE Level 1: single IP
    UCE Level 2: multiple IP on netblock. Will trigger if have more than 5 listing (5 IPs) of Level 1 record within that netblock
    UCE Level 3: single ASN. Will trigger if have more than 118 listing (118 IPs) of Level 1 record within that ASN

    My experience with them goes like this. Bought dedi from one of provider here (for VPS selling) and asking for /25 (128) IP. They give me the 2nd /25 of address (.128 - .255), while the 1st /25 (.1 - .127) belongs to other customer of this provider. I knew this exact allocation (even customer name) from WHOIS data.

    Then 2 days ago, this other customer had 9 IPs blacklisted in UCE level 1 (random IPs between .1 - .127) which actually does not belongs to me, and I had no control over this. As a result, UCEProtect blacklist the whole /24 (255 IPs) in its level 2.

    I want to inform UCEProtect to just block this customer /25 instead of /24 (affect me also), but I had no way to contact them. In http://www.uceprotect.net/en/contact.php it's stated that "this is not a removal form and all such requests will be ignored."

    The only way to remove level 2 is to wait until Level 1 listing within this netblock decreased below 5. Level 1 listing will decease if that single IP stopped doing spam activity for 7 days.

    It might be easy if I had control for this first /25, since I can just suspend / terminate the offending VPS I sell. But that blocks belong to other people / provider, so I kinda stuck here.

    Also, this provider which I buy from actually had their whole ASN (like 64k++ IPs) blacklisted in level 3 before some months ago. I told them about this and they're quick to remove this (I think by paying $600++ or so to UCEProtect).

  • FSCFSC Member

    Hi ! Years later, UCEPROTECT is still the same asshole mafia, making money because a few lamer sysadmins still use their listing. I've got an innocent SMTP server sharing a /24 with other servers owned by other guys. One of them is certainly sending mails to a UCEPROTECT honeypot-email, and because of that, I'm listed every week.
    There's NO way I'll ever pay to this racket Germany-based fucking company.
    If you're a sysadmin, DON'T USE their service. If you own a bunch of servers, consider DDOS to get rid of them (and you'll have a big job, because they use cloud hosting services, but at least they'll lose their fucking money).
    Stay FREE. Say NO to their racket. May they die.

  • @FSC said:
    Hi ! Years later, UCEPROTECT is still the same asshole mafia, making money because a few lamer sysadmins still use their listing. I've got an innocent SMTP server sharing a /24 with other servers owned by other guys. One of them is certainly sending mails to a UCEPROTECT honeypot-email, and because of that, I'm listed every week.
    There's NO way I'll ever pay to this racket Germany-based fucking company.
    If you're a sysadmin, DON'T USE their service. If you own a bunch of servers, consider DDOS to get rid of them (and you'll have a big job, because they use cloud hosting services, but at least they'll lose their fucking money).
    Stay FREE. Say NO to their racket. May they die.

    You registered to make your first post in a necro from 7 years ago. Great.

  • defaultdefault Veteran
    edited April 2021

    Sweet mother lord of necros... 2014 !!!

  • angstromangstrom Moderator

    @FSC said: If you own a bunch of servers, consider DDOS to get rid of them

    You shouldn't suggest this here

    No congrats on your first post

    Thanked by 2tetech webcraft
Sign In or Register to comment.