Opened 8 months ago

Last modified 8 months ago

#16232 new Bug/Something is broken

Cleveland added to UCEPROTECTL3 spam database

Reported by: Lori Price Owned by:
Priority: High Component: Tech
Keywords: Cleveland Cc: lori@…, southwell.gov@…
Sensitive: no

Description

Hi all,


Cleveland.mayfirst.org (162.247.75.111) has been added to the UCEPROTECTL3 spam database. And, the dirt-bags at uceprotect.net (ironically, a horrible site still running on http) will not de-list Cleveland's IP unless they get MONEY. Maybe MayFirst can figure something out? Hopefully, Cleveland can be delisted so the CLG newsletter can reach subscribers. Details are below.


From MXToolBox:

https://mxtoolbox.com/Problem/Blacklist/UCEPROTECTL3/?s0=PROBLEMDETAILS_BLACKLIST_AB&abt_id=AB-551&abt_var=Variation&reason=127.0.0.2&hidetoc=1&showLogin=1&action=blacklist:162.247.75.111

More Information About Uceprotectl3
If you are on the UCEPROTECTL2 / L3, you have an IP Address from your ISP that falls into a poor reputation range; i.e. the entire range of IP Addresses is blocked as a result of the provider hosting spammers.

Uceprotectl3 Reports Subnets
Subnet-based Blacklists are used to reject email from entire ranges of IP Addresses, i.e. providers that are hosting companies sending spam, as well as single IP Addresses that may fall in that range of IP Address.

Uceprotectl3 Reports Shared Hosts
Host-reputation Blacklists will list either single IP Addresses that host multiple domains or entire ranges of IP Addresses from DNS &/or Email Hosts that host email for their registered domains on shared email servers. When one company sends Spam Mail or Unsolicited Bulk Email (UBE), the entire ranges can be reported as blacklisted.

Uceprotectl3 Reports Sources Of Spam
Spam-based Blacklists are those that will list either single IP Addresses or entire ranges that have actually received Spam, i.e. Unsolicited Bulk Email (UBE) in their Spamtraps from an IP-Address. This could be a result of a compromised email account, an Open Relay, or simply sending mass emails / marketing and not following best practices according to the "CAN-SPAM Act of 2003" (ref: https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003)

Uceprotectl3 Automatically Delists Entries
This blacklist does not offer any form of manual request to delist. Your IP Address will either automatically expire from listing after a given timeframe, or after time expires from the last receipt of spam into their spamtraps from your IP Address.

Uceprotectl3 Accepts Payments Or Donations
This blacklist does support a manual request to remove, delist, or expedite your IP Address from their database upon Payment or Donation of fees to their organization. Please note the following; 1) MxToolBox does not in any way advocate the paying of removal from any blacklists. 2) Removal requests that are submitted without addressing the core problem will likely result in your IP Address being relisted in the database which can cause subsequent problems and extended listing periods without release.

More information about UCEPROTECTL3 can be found at their website: http://www.uceprotect.net/

Reason for listing - Your ISP HURRICANE, US/AS6939 is UCEPROTECT-Level3 listed because of a spamscore of 54. See: http://www.uceprotect.net/rblcheck.php?ipr=162.247.75.111


http://www.uceprotect.net/rblcheck.php?ipr=162.247.75.111


Thank you,


Lori Price
www.legitgov.org

Change History (7)

comment:1 Changed 8 months ago by Lori Price

I just noticed that both Assata and Paulo are on the UCEPROTECTL3 blacklist, too:

http://www.uceprotect.net/rblcheck.php?ipr=209.51.180.23

http://www.uceprotect.net/rblcheck.php?ipr=162.247.75.97


Thank you,
Lori

comment:2 Changed 8 months ago by Jamie McClelland

Thanks for the research! We'll take a look.

comment:3 Changed 8 months ago by Jamie McClelland

Wow, this one might be truly hopeless.

UCE Protect has three levels. We are listed in Level 3:

What does it mean to be listed at the UCEPROTECT-Level 3? UCEPROTECT Network operates three levels of blacklisting, so our users can make the decision how strong they want to filter. While UCEPROTECT-Level 1 lists single IP's only, UCEPROTECT Level-2 escalates and lists spammy allocations. UCEPROTECT-Level 3 is the highest possible escalaion, complete Autonomus Systems (AS) get listed at Level 3 if there were too many spamming IP's (listed in Level 1) originating from said AS within the last 7 days. If the provider harbours too many spammers and only has one ASN (Autonomus System Number) that logically means: All IP's of said provider get listed at Level 3 then.

In other words, it's not even May First that is flagged as level 3 - it is our provider, Hurricane Electric.

If you check here: http://www.uceprotect.net/en/rblcheck.php for ASN: 6939, you get a list of IPs that have been spammy, none of which seem to be ours. It looks like there has been some kind of uptick recently.

comment:4 Changed 8 months ago by Jamie McClelland

I just put in a request with our upstream to try to address this problem.

comment:5 Changed 8 months ago by Jamie McClelland

Alas, no help from HE. And honestly, I am sympathetic to the customer causing this problem.

Hello, Jamie,

Unfortunately, no. Their complaints are based entirely on the actions of a single customer of ours, whose behavior is not malicious but is being mistaken as such. We have tried explaining, but to no avail.

Fortunately, UCEProtect is a particularly disreputable service, with an exploitative pay-for-removal system, and few email providers use it.

-Ben Larsen Hurricane Electric Internet Services, AS6939 (510) 580-4100

comment:6 Changed 8 months ago by Lori Price

Thank you for trying, Jamie!


This "ransom" situation to delist by UCEPROTECT is insane.


Lori

comment:7 Changed 8 months ago by Lori Price

Sensitive: unset

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.