OVH being blacklisted by UCEPROTECT

Tuesday, July 25, 2023

Our main mail server, saffre-rumma.net, hosted at OVH, is currently blacklisted by UCEPROTECTL3. Which (according to mxtoolbox.com) means that our IP address “falls into a poor reputation range. The entire range of IP addresses is blocked because the provider (OVH in our case) also hosts spammers. UCEPROTECTL3 does not offer any form of manual request to delist. Our IP address will automatically expire from listing after some time.”

uceprotect.net says that “UCEPROTECT Level 3 is the highest possible escalation: complete Autonomus Systems (AS) get listed at Level 3 if there were too many impacts from IP’s listed in Level 1 originating from said AS within the last 7 days. OVH has 4,197,632 IP addresses and 609 of these have been level 1 listed abusers within the last 7 days.”

I was seriously considering to move away from OVH to another provider. But then I contacted them and submitted support request ticket 8121647 with the following text:

uceprotect.net recommends us to “send a complaint to your provider and request they fix this problem immediately. Think about this: You pay them so that you can use the Internet without problems; if they are ignoring your complaint or claiming they can’t do anything, you should consider changing your provider. There are currently about 105,000 providers worldwide, but only a few hundred make it to get listed into UCEPROTECT-Level 3.”

OVH answered to my support ticket as follows:

Since January 2021, UCE Protect has placed our ASN (AS16276) on their blacklist like many others.

You can see this by clicking on the following link: http://www.uceprotect.net/en/l3charts.php

Our Trust and Safety legal abuse team is unable to contact UCE Protect to rectify the situation. Indeed, any attempt to communicate with them requires a paid subscription, which OVHcloud does not wish to take out.

As a result, we have no idea why our ASN has been blacklisted.

To date, we have found that no e-mail provider uses UCE Protect in their spam filters.

If this affects you, we recommend the following:

1. Prioritize an IPv6 configuration for sending e-mail, as UCE Protect does not blacklist e-mails sent via IPv6. All our OVHcloud services come with at least one IPv6 address that you can configure. All major e-mail providers now support IPv6.

Below you’ll find documentation to help you configure your IPv6: https://help.ovhcloud.com/csm/fr-vps-configuring-ipv6?id=kb_article_view&sysparm_article=KB0047576

2. Ask the receiving party to contact their e-mail provider to stop using UCE Protect in their anti-spam filters.

We invite you to consult the following guide for best practices in sending your e-mails: https://docs.ovh.com/fr/dedicated/optimiser-envoi-emails/

OVHcloud is committed to an open and reliable Cloud. Thanks to the cooperation of users like you, we’ll be able to continually improve our service in the future.

Other observations:

• https://www.mail-tester.com/test-4bf413oij gives our email server a score of 9.50/10

• A discussion on reddit.com comes to a similar conclusion.

• We are not blacklisted on Spamhaus, only on UCEPROTECT.

  There are many other people who witness that uceprotect is a dubious scammer. For example Arno Wetzel or Programmer Bear

Related tickets:

• #3936 (167.114.229.225 has been blacklisted UCEPROTECTL3) (167.114.229.225 was the IP address of lino-framework.org from 2019-10-12) to 2021-03-14.

• #5088 (Client host 51.68.71.43 blocked by cbl.mailcore.net in reply to RCPT TO command)

Conclusion

My conclusion is that UCEPROTECT lives from asking Internet providers to pay money for being whitelisted. And OVH refuses to give in to this blackmailing. I honor OVH’s civil courage.

I can witness that OVH does monitor their IP addresses and blocks them successfully when they start spamming. One of our servers once got hacked and was being misused for spamming, and OVH blocked our server within minutes, informed us about the situation and provided an easy method for unblocking our IP address after having fixed our problem.

Only a minority of email providers still trust in the UCEPROTECT blacklist.

The following email providers still trust UCEPROTECT and thus I cannot send any email to direct or indirect users of these:

• MailCore (Denmark), the mail service provider behind addresses @hot.ee and @online.ee

• one.com (One.com Group AB in Sweden)

• hotmail.com (Microsoft) (Example error message: “host hotmail-com.olc.protection.outlook.com[104.47.56.161] said: 550 5.7.1 Unfortunately, messages from [51.68.71.43] weren’t sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [CO1NAM11FT107.eop-nam11.prod.protection.outlook.com 2024-01-28T19:45:45.245Z 08DC1F653F790B69] (in reply to MAIL FROM command)”

Last updated 2024-08-15