Uceprotect, a good guy or a bad guy?

There are some users reported to me that emails to certain domains are being rejected. After further check, I realized that the emails are being blocked by uceprotect.

This is the error message

—– Transcript of session follows —– … while talking to
some.domain.com.:
>>> DATA
<<< 554 5.7.1 Service unavailable; Client host [xxx.xxx.xxx.xxx]
blocked
using dnsbl-2.uceprotect.net; Net xxx.xxx.0.0/16 is UCEPROTECT-Level2 listed
because of 301 abusers. Your ISP xxx has to fix this. See:

httpx://www.uceprotect.net/rblcheck.php?ipr=xxx.xxx.xxx.xxx
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients

I heard about uceprotect before, how they block the entire ISP’s IP just because of some users of that ISP sending spam emails, but never though that will happen to me.

Normal rbl (dnsl) usually only block certain IP’s, but this uceprotect “smart” and “brave” enough to block the whole ISP’s IP range.

Simply said that I’m getting punished by uceprotect because somebody else spams. That is stupid.

In their website clearly says that my IP was not, is not involved in a spamrun, but still getting “the punishment”. This is the quote from their website.

YOU ARE NOT!. Your IP xxx.xxx.xxx.xxx was NOT involved in a spamrun, but has a spammy neighborhood. Other customers within this range did not care about their security and got hacked and started spamming, while your provider has possibly not even noticed that there is a serious problem.
We are sorry for you, but you have chosen an provider not acting fast enough on spammers.

I try so hard to make my IP’s clean, by removing viruses and make sure that no spam going outside through my mail servers. But my hard work is not enough, I still got blocked by uceprotect because somebody else spams.

Uceprotect in their website suggest that I should change ISP, that not that easy, and certainly not cheap.

So, I use a shortcut. I contact the admin of the domain that use uceprotect, and asked politely if it possible for them not to use uceprotect for emails from my domains. I gave them every information they need and explain my situations, and thankfully they agreed and approved my request.

Uceprotect may be want to be a good guy in spam fighter, but to me, uceprotect simply a bad guy.

33 thoughts on “Uceprotect, a good guy or a bad guy?

  1. dandin1 says:

    I’m a subscriber Teksavvy, a very transperant indy ISP, and they just got hit by the uceprotect blacklist. It doesn’t give a rationale, only a zealous and angry message telling me my ISP is evil.
    And now I notice they charge to have ISPs removed from the list! Sounds like extortion. I agree with your ‘bad guy’ statement. This kind of attitude on their part doesn’t help fight spam, only discredit these lofty ‘global blacklists’.

  2. Ed says:

    I agree, UCEPROTECT IS EXTORTING BY FIRST HOLDING YOU AT RANSOM. I would not use them as a blacklist on my server knowing of this practice.

  3. Theo Delight says:

    They say they don’t block email addresses, just publish lists of IP addresses reported to have sent spam. That’s probably as bad and, if the data they collect is false, then they may be publishing libellous statements. They are so utterly arrogant that they will never admit to even the possibility of having made a mistake, whilst their “express removal service”, costing 50 euros, is little short of blackmail. Their threat to leave one’s IP address blacklisted indefinitely if one dares to take any legal action against them clearly shows them for what they are: thugs and bullies. I am not a lawyer, but I dare say that were that to be attempted, it would rightly be considered to be a contempt of court and the BOFHs at UCEPROTECT might well end up in the slammer.

    Whilst I am not sure if they are nazis, plain crooks, or something in between, I am quite sure that they are causing damage to the Internet just as much as – or even more than – the UCE they claim they are trying to stop.

  4. bfebrian says:

    Totally agreed.
    I wish that every mail administrator unsubscribe from uceprotect and use another dns based spam protection like spamcop or else.

    Uceprotect simply is a bad guy.

  5. erty says:

    Uceprotect add to the list one of my customer becouse its worker go to vacation and set autorespond about that. Response was sent to server protected by uceprotect (it was 5 replays to 5 persons – one per person).
    Uceprotect is totaly anonymous. Nobody know who they are. Please note, that express delist cost 50euro, and for real you don’t know who takes those money.

  6. shari says:

    we’ve just been blacklisted by them, every other list due to an infected pc removed us immediately, not these guys.. they say to wait 7 days… they are crooks who just want 50 euros of your money. i wish we could put them out of business

  7. Phil Taylor says:

    I had exactly the same problem, some dodgy African spammer hacked into one of my users accounts (easily cracked password). As soon as I discovered it I changed the password and deleted all spam from the mail queues but I still have to wait 4 weeks for my server to be de-listed or pay 50 EUROS. I don’t think so. I changed the primary IP address of my server. Much cheaper!

    Phil

  8. dp says:

    I just paid these guys to remove us! SvX!

  9. bfebrian says:

    @dp, sorry that you must paid to uceprotect.
    As an email administrator myself, I know how you feel.

  10. Tony says:

    I’ve just received a rejected email from one of our legitimate customers requesting information from our forms. UCE Protect seems structured as an extortion racket which misleads subscribers of their “lists” into thinking that they are “protected”. In our case, because of the Canadian nature of our websites, we firewall out countries such as the ones UCEprotect operates in because of abuse – how can they possibly test/manage mail servers which they are not permitted to access – but they still publish lists to customers who are within our acceptable use realm.

    Of course, for 50 Euros, they’re willing to stop hurting your business immediately.

    Blackmail. Period.

  11. maounique says:

    Have been listed on level 3 because my provider had some ranges that were infected… My IP range was not infected, yet they still listed the whole provider which is second largest in my country. Recently they increased their prices, probably racketing business no longer works that good anymore. Stop paying them and they will cease to exist, so every 2-3 months I wont have to talk to some poor admin to change his list and show why extorsion should not be encouraged.
    M

  12. Harry Barracuda says:

    UCEPROTECT is a SCAM and nothing more, no matter how they try and package it.

    If you find anyone using UCEPROTECT’s so-called lists, advise them of this fact and tell them to drop them like a stone.

    They must be cleaning up charging legitimate, well-run mail domains to be “whitelisted” WHEN THEY’VE DONE NOTHING WRONG!

    As this is an issue of public interest, please go to the following link and submit a detailed complaint to the European Parliament:

    http://www.europarl.europa.eu/parliament/public/staticDisplay.do?id=49&language=EN

    If they receive enough complaints, they will investigate, and as this tawdry little organisation is operating out of Holland, it should be a simple matter to close them down.

  13. Harry Barracuda says:

    Correction, operating out of Germany.

  14. Gerald says:

    i just get blacklisted due to 1 or 2 user in our ip range get blacklisted.
    My ip not in the blacklist but i still have to pay money to get white-listed ?

    There are hard to get alternative ISP here. omg.
    Where can we complaint them ?

  15. Same hear. Just started getting emails bounced back a few days ago. Turns out useprotect added a range of Godaddy.coms IP addresses to their blacklist. Ridiculous. Definitely an extortion scam. Shame on uceprotect. They will get what’s coming to them. Karma has a way of catching up to everyone.

  16. legal hint says:

    Do not be shy to immediately contact and inform the Bundeskriminalamt (German Federal Criminal Office) which is the authority in charge as that website operator in question is seated in Bavaria, Germany under alternating postal addresses. Out of there, they operate nationwide and worldwide.

    Please contact

    Bundeskriminalamt
    65173 Wiesbaden
    Germany

    phone: +49 – 611 – 55 – 0
    fax: +49 – 611 – 55 – 12141
    E-mail: info(at)bka.de

    Their website is http://www.bka.de

  17. Igor T says:

    IF I am a spammer I can pay 50 euro every day to get unlisted so my spam gets through
    so THIS SYSTEM IS BROKEN

  18. helper says:

    As the ‘company’ operators are German citizens physically lingering in Germany, victims should immediately contact the German government agency BKA which is in charge of transnational crimes and is legally bound to become active on their own behalf in case of a suspicion of such crimes.
    Contact:

    Bundeskriminalamt
    65173 Wiesbaden/Germany
    phone.: +49 611 55 – 0
    fax: +49 611 55 – 12141
    E-mail: info(at)bka.de

    Using a fax machine is advisable. Write “organisierte Kriminalit├Ąt” in the subject heading.

  19. Tom says:

    I had issues today because of UCEPROTECT. They are a scam and nothing more They are worse than spammers since they will take money to “remove” you from the list. If they care about spam they would not take money at all – this shows they are just a scam.

    I got my ISP not to use UCEPROTECT. Someone should start a class action suit againt these scammers.

    I have contacted Bundeskriminalamt in Germany with a formal complaint.

  20. Maounique says:

    Contacting police wont help, I think, only educating ISPs and individual mail server operators to ditch such scams will help IMO.
    However, since last year things have changed there a bit, now they are explicitely warning users of their lists about what might happen and why. Perhaps because some legal problems they had, so I believe acting on the legal field is no longer productive now, they adapted to avoid prosecution.
    I think admins should be really dumb to use their list when they explicitely say “you will lose legitimate mail if you use our lists”.
    M

  21. Gavin says:

    I am a legitimate business, who has been listed by this bunch of idiots and this is causing a problem for my mails both in and out.
    Then I see that they want to charge $18 for a “whitelisting”
    Stuff them!!!!!!!
    What right do they have to stuff around with my legitimate IP.

    I think they are the criminals here and please someone who knows how, take legal action against this bunch of f….g idiots who are stuffing up my business.

  22. Out of 70 RBL UCprotect is the only 1 listing softlayer.com containing 550,000 ip addresses.

  23. These crooks are worse than Hitler and the Nazi’s. They have found a way to prey on the fear of spam and to black mail and extort money through this fear. But they can only be stopped if people like gmail and comcast.net stop blindly using them just because they claim to be an RBL. They are evil. For example that have over 550,000 ip addresses for softlayer blocked and since each of those could house 2-10 domains they can block 2 or 3 millions mail servers from these domains. This from about 1700 perceived spam emails. This is very irresponsible for major networks to blindly use an RBl that may be twisted and evil as hell. Why doesn’t a major ISP take action, sue them, report them? They are not protecting their customers or providing the service their customers paid for if they don’t. Black Lists are a unique form of evil. With black lists we don’t need laws or justice. Stand UP and be counted. Our of 70 RBLs UCEprotect is the only 1 listing softlayer.com containing 550,000 ip addresses.

  24. julian says:

    I had a problem today with UCEPROTECT, my mail server IP was listed in Level1.

    The page on their site stated that I’d been cought by a spamtrap (sic!) and they showed evidence of that indicating exact date/time of when that happened.

    Well, I spent two hours checking the server logs and I found no evidence of that! No email going out to spamtraps, not even one.

    They wanted 74 EUROS to remove my IP from their list.

    It’s very difficult to contact them, I tried from different networks but they all resulted Level3-blocked…

    I absolutely don’t agree with the terms of this commercial service, plus they are connected to that other commercial site whitelisted.org.

    [They make money with this stuff]

    From my point of view I just see this:
    – my IP was listed for no reason at att;
    – my logs showed no evidence of what they said;
    – they are very difficult to contact;
    – they ask for money to remove your IP;
    – they suggest you to pay to get removed plus to pay to be whitelisted.

    Well, my server doesn’t relay for anybody, has Reverse PTR, uses SPF and DKIM records, has a security model applied to it. And most important, my server doesn’t send spam…

    What can my conclusions be?

    Julian -France

  25. bfebrian says:

    @julian, sorry to hear that. i know how you feel, they still block me. there is nothing that we can do, as long as people still use their service, still pays money to them, they still exist. i just hope that people that use their services realize that actually they dealing with crooks.
    give money so we can listed in their white list? lol.

  26. PM says:

    It’s a similar issue I have with uceprotect.net. Our IP is not listed in any other Spams Blacklist, and they insist in keeping us in their lists… They’re sollution is for us to pay them… This is unaceptable behavior… even more from a entity that says is just trying to help… Why Isn’t any authority doing something about this? fortunatly it seems the only emails not being send caused by “they” blacklists is gmail. But I guess it’s just a matter of time gmail also sees what everyone is seeing… They are mostly just after your money… shamefully…

  27. Wouter van Eekelen says:

    UCEPROTECT is fine. They charge money for _express_ delisting, to avoid spammers from removing their IP instantly and continuing to SPAM. Otherwise it simply expires after 7 days and no harm is done.

    The comments on this blog are funny by the way:
    > “becouse its worker go to vacation and set autorespond about that.”
    Auto responders are horrible, especially if they reply to SPAM.
    E-Mail can be forged to be from ‘victim@domain.tld’, so you are effectively amplifying the attack and sending e-mails to innocent users who have nothing to do with it.

    – “due to an infected pc”
    How about taking security seriously? Your infected PC most likely sent out thousands of SPAM emails, and hence has been listed for 7 days. Seems equal to me.

    – “my provider had some ranges that were infected”
    So your provider has to block port 25, run anti-spam on their network (outgoing), educate their customers on security and terminate abusive ones.

    – “due to 1 or 2 user in our ip range get blacklisted.”
    How about taking security seriously? Your infected PC most likely sent out thousand of SPAM emails, and hence has been listed for 7 days. Seems equal to me.

    – “this from about 1700 perceived spam emails.”
    1700 SPAM emails and you find it odd they blacklist you for 7 days? Softlayer should take abuse seriously and act upon every single complaint they get.

    – “some dodgy African spammer hacked into one of my users accounts”
    How about taking security seriously? Your users account was most likely used to sent out thousands of SPAM emails, and hence has been listed for 7 days. Seems equal to me.

    Simply put: take security seriously, take abuse seriously and you won’t be listed on any blacklist whatsoever. Stop helping spammers send out SPAM and make this world a better place.

  28. bfebrian says:

    @Wouter van Eekelen: other dnsbl simply listed the one IP that sent out spam, but uceprotect listed the entire ISP.
    just because one criminal hide in my apartment building, the police can’t just blow up the entire building, that what uceprotect does, blow up the entire building.
    Personally, I try so hard to secure my system, my network and my servers, but just because one of the IP in my ISP send out spam, I also got the blame.
    for business that heavily rely on email, 7 days are too long for something that I didn’t do. Seven days can close the business down.
    We all trying to secure our network to make it better, but sh*t happen, even the biggest IT companies also got hacked.

  29. Wouter van Eekelen says:

    UCEPROTECT does not list an entire range just because of 1 abusive customer.
    There need to be 5 spammers in one /24 (255 users) to get a range listed.

    Your ISP should either start taking security/abuse seriously (as mentioned in my earlier comment), and if they don’t, you should switch to an ISP that does.

    1. admin says:

      Changing isp is not that easy, and in my country, my current isp is the best there is. Swicthing isp will be downgrade the connection.

  30. Phil Taylor says:

    @bfebrian @PM I guess that you work for UCEPROTECT?

    What in incredible patronizing attitude. We take security very seriously but unfortunately we have users that do not understand this. Once problems have been discovered, we swiftly correct them but by then the damage is already done. If a user accidentally discloses their password through a phishing attack, how are we supposed to know about this BEFORE the messages get sent out? We are an ISP with 1000s of users on our mailservers so your suggestion to switch to an ISP that takes security seriously is quite frankly ridiculous.

    We closely monitor our mailservers and have automated alerts if mailq lengths are unusually high but it is quite likely that in this situation 100-200 spam emails can get through before we detect it.

    We are absolutely NOT going to pay this extortion racket in order to be delisted. You appear to feel that you can defend the indefensible which suggests to me that you are a shill.

  31. Wouter van Eekelen says:

    @ Phil Taylor: You do not have to pay! The listings automatically expire once the SPAM stops for 7 days. Also, nothing is impossible. What about scanning outgoing mail for SPAM? What about enforcing safe passwords? What about locking an account if there have been 50 valid logins from the customers country (UK for example) and then suddenly one from Nigeria/Iran/Morocco? What about limiting a customer to 50 emails per day and raising this limit if you see they sent > 50 legitimate e-mails? Lots of options.

    @admin: Then that’s a choice you make. You stick to an ISP that doesn’t take security/anti-spam seriously, then you will end up getting blacklisted (on more than just uceprotect)..

  32. maounique says:

    Really… I do test every provider i get and I get many for many companies I offer services to.
    If they are only listed in UCE, there is no problem, I just tell them how to inform the admins of some mail servers that still use their list to whitelist them and also how to stop encouraging extorsion. If there are enough ppl that have to be whitelisted, using UCE is no longer an option for the admins, so they will switch to a legit list in the end. It is all about education, scams only work because ppl are not informed, once you know what to do, extortion is not working anymore.
    M

Leave a Reply