Comments on: Uceprotect, a good guy or a bad guy?

By: maounique

maounique — Sat, 03 Dec 2011 14:11:37 +0000

Really… I do test every provider i get and I get many for many companies I offer services to.
If they are only listed in UCE, there is no problem, I just tell them how to inform the admins of some mail servers that still use their list to whitelist them and also how to stop encouraging extorsion. If there are enough ppl that have to be whitelisted, using UCE is no longer an option for the admins, so they will switch to a legit list in the end. It is all about education, scams only work because ppl are not informed, once you know what to do, extortion is not working anymore.
M

By: Wouter van Eekelen

Wouter van Eekelen — Sat, 03 Dec 2011 08:49:33 +0000

@ Phil Taylor: You do not have to pay! The listings automatically expire once the SPAM stops for 7 days. Also, nothing is impossible. What about scanning outgoing mail for SPAM? What about enforcing safe passwords? What about locking an account if there have been 50 valid logins from the customers country (UK for example) and then suddenly one from Nigeria/Iran/Morocco? What about limiting a customer to 50 emails per day and raising this limit if you see they sent > 50 legitimate e-mails? Lots of options.

@admin: Then that’s a choice you make. You stick to an ISP that doesn’t take security/anti-spam seriously, then you will end up getting blacklisted (on more than just uceprotect)..

By: admin

admin — Sat, 03 Dec 2011 08:44:00 +0000

Changing isp is not that easy, and in my country, my current isp is the best there is. Swicthing isp will be downgrade the connection.

By: Phil Taylor

Phil Taylor — Sat, 03 Dec 2011 08:32:14 +0000

@bfebrian @PM I guess that you work for UCEPROTECT?

What in incredible patronizing attitude. We take security very seriously but unfortunately we have users that do not understand this. Once problems have been discovered, we swiftly correct them but by then the damage is already done. If a user accidentally discloses their password through a phishing attack, how are we supposed to know about this BEFORE the messages get sent out? We are an ISP with 1000s of users on our mailservers so your suggestion to switch to an ISP that takes security seriously is quite frankly ridiculous.

We closely monitor our mailservers and have automated alerts if mailq lengths are unusually high but it is quite likely that in this situation 100-200 spam emails can get through before we detect it.

We are absolutely NOT going to pay this extortion racket in order to be delisted. You appear to feel that you can defend the indefensible which suggests to me that you are a shill.

By: Wouter van Eekelen

Wouter van Eekelen — Sat, 03 Dec 2011 08:10:07 +0000

UCEPROTECT does not list an entire range just because of 1 abusive customer.
There need to be 5 spammers in one /24 (255 users) to get a range listed.

Your ISP should either start taking security/abuse seriously (as mentioned in my earlier comment), and if they don’t, you should switch to an ISP that does.

By: bfebrian

bfebrian — Sat, 03 Dec 2011 06:36:11 +0000

@Wouter van Eekelen: other dnsbl simply listed the one IP that sent out spam, but uceprotect listed the entire ISP.
just because one criminal hide in my apartment building, the police can’t just blow up the entire building, that what uceprotect does, blow up the entire building.
Personally, I try so hard to secure my system, my network and my servers, but just because one of the IP in my ISP send out spam, I also got the blame.
for business that heavily rely on email, 7 days are too long for something that I didn’t do. Seven days can close the business down.
We all trying to secure our network to make it better, but sh*t happen, even the biggest IT companies also got hacked.

By: Wouter van Eekelen

Wouter van Eekelen — Fri, 02 Dec 2011 20:41:27 +0000

UCEPROTECT is fine. They charge money for _express_ delisting, to avoid spammers from removing their IP instantly and continuing to SPAM. Otherwise it simply expires after 7 days and no harm is done.

The comments on this blog are funny by the way:
> “becouse its worker go to vacation and set autorespond about that.”
Auto responders are horrible, especially if they reply to SPAM.
E-Mail can be forged to be from ‘victim@domain.tld’, so you are effectively amplifying the attack and sending e-mails to innocent users who have nothing to do with it.

- “due to an infected pc”
How about taking security seriously? Your infected PC most likely sent out thousands of SPAM emails, and hence has been listed for 7 days. Seems equal to me.

- “my provider had some ranges that were infected”
So your provider has to block port 25, run anti-spam on their network (outgoing), educate their customers on security and terminate abusive ones.

- “due to 1 or 2 user in our ip range get blacklisted.”
How about taking security seriously? Your infected PC most likely sent out thousand of SPAM emails, and hence has been listed for 7 days. Seems equal to me.

- “this from about 1700 perceived spam emails.”
1700 SPAM emails and you find it odd they blacklist you for 7 days? Softlayer should take abuse seriously and act upon every single complaint they get.

- “some dodgy African spammer hacked into one of my users accounts”
How about taking security seriously? Your users account was most likely used to sent out thousands of SPAM emails, and hence has been listed for 7 days. Seems equal to me.

Simply put: take security seriously, take abuse seriously and you won’t be listed on any blacklist whatsoever. Stop helping spammers send out SPAM and make this world a better place.

By: PM

PM — Mon, 07 Feb 2011 09:19:24 +0000

It’s a similar issue I have with uceprotect.net. Our IP is not listed in any other Spams Blacklist, and they insist in keeping us in their lists… They’re sollution is for us to pay them… This is unaceptable behavior… even more from a entity that says is just trying to help… Why Isn’t any authority doing something about this? fortunatly it seems the only emails not being send caused by “they” blacklists is gmail. But I guess it’s just a matter of time gmail also sees what everyone is seeing… They are mostly just after your money… shamefully…

By: bfebrian

bfebrian — Thu, 28 Oct 2010 05:42:34 +0000

@julian, sorry to hear that. i know how you feel, they still block me. there is nothing that we can do, as long as people still use their service, still pays money to them, they still exist. i just hope that people that use their services realize that actually they dealing with crooks.
give money so we can listed in their white list? lol.

By: julian

julian — Wed, 27 Oct 2010 18:47:23 +0000

I had a problem today with UCEPROTECT, my mail server IP was listed in Level1.

The page on their site stated that I’d been cought by a spamtrap (sic!) and they showed evidence of that indicating exact date/time of when that happened.

Well, I spent two hours checking the server logs and I found no evidence of that! No email going out to spamtraps, not even one.

They wanted 74 EUROS to remove my IP from their list.

It’s very difficult to contact them, I tried from different networks but they all resulted Level3-blocked…

I absolutely don’t agree with the terms of this commercial service, plus they are connected to that other commercial site whitelisted.org.

[They make money with this stuff]

From my point of view I just see this:
- my IP was listed for no reason at att;
- my logs showed no evidence of what they said;
- they are very difficult to contact;
- they ask for money to remove your IP;
- they suggest you to pay to get removed plus to pay to be whitelisted.

Well, my server doesn’t relay for anybody, has Reverse PTR, uses SPF and DKIM records, has a security model applied to it. And most important, my server doesn’t send spam…

What can my conclusions be?

Julian -France