Blacklisted by UCEPROTECT – so what!

Tuesday, July 25, 2023

Our main mail server, saffre-rumma.net, is currently blacklisted by UCEPROTECTL3. Which (according to mxtoolbox.com) means that our IP address “falls into a poor reputation range. The entire range of IP addresses is blocked because the provider (OVH in our case) also hosts spammers. UCEPROTECTL3 does not offer any form of manual request to delist. Our IP address will automatically expire from listing after some time.”

uceprotect.net says that “UCEPROTECT Level 3 is the highest possible escalation: complete Autonomus Systems (AS) get listed at Level 3 if there were too many impacts from IP’s listed in Level 1 originating from said AS within the last 7 days. OVH has 4,197,632 IP addresses and 609 of these have been level 1 listed abusers within the last 7 days.”

I was seriously considering to move away from OVH to another provider. But then I contacted them and submitted support request ticket 8121647 with the following text:

uceprotect.net recommends us to “send a complaint to your provider and request they fix this problem immediately. Think about this: You pay them so that you can use the Internet without problems; if they are ignoring your complaint or claiming they can’t do anything, you should consider changing your provider. There are currently about 105,000 providers worldwide, but only a few hundred make it to get listed into UCEPROTECT-Level 3.”

They answered to my support ticket as follows:

Since January 2021, UCE Protect has placed our ASN (AS16276) on their blacklist like many others.

You can see this by clicking on the following link: http://www.uceprotect.net/en/l3charts.php

Our Trust and Safety legal abuse team is unable to contact UCE Protect to rectify the situation. Indeed, any attempt to communicate with them requires a paid subscription, which OVHcloud does not wish to take out.

As a result, we have no idea why our ASN has been blacklisted.

To date, we have found that no e-mail provider uses UCE Protect in their spam filters.

If this affects you, we recommend the following:

1. Prioritize an IPv6 configuration for sending e-mail, as UCE Protect does not blacklist e-mails sent via IPv6. All our OVHcloud services come with at least one IPv6 address that you can configure. All major e-mail providers now support IPv6.

Below you’ll find documentation to help you configure your IPv6: https://help.ovhcloud.com/csm/fr-vps-configuring-ipv6?id=kb_article_view&sysparm_article=KB0047576

2. Ask the receiving party to contact their e-mail provider to stop using UCE Protect in their anti-spam filters.

We invite you to consult the following guide for best practices in sending your e-mails: https://docs.ovh.com/fr/dedicated/optimiser-envoi-emails/

OVHcloud is committed to an open and reliable Cloud. Thanks to the cooperation of users like you, we’ll be able to continually improve our service in the future.

Other observations:

• https://www.mail-tester.com/test-4bf413oij gives our email server a score of 9.50/10

• I can witness that OVH does monitor their IP addresses and blocks them successfully when they start spamming. One of our servers once got hacked and was being misused for spamming, and OVH blocked our server within minutes, informed us about the situation and provided an easy method for unblocking our IP address after having fixed our problem.

Related tickets:

• #3936 (167.114.229.225 has been blacklisted UCEPROTECTL3) (167.114.229.225 was the IP address of lino-framework.org from 2019-10-12) to 2021-03-14.

• #5088 (Client host 51.68.71.43 blocked by cbl.mailcore.net in reply to RCPT TO command)

My summary

As of 2023-12-29, my summary is that UCEPROTECT lives from blackmailing Internet providers, asking them money for being delisted. OVH just refuses to give in. I honor their civil courage. Only a minority of email providers actually trust in the UCEPROTECT blacklist. The following email providers still trust UCEPROTECT (and thus I cannot send any email to users of these):

• mailcore.net (PDR Ltd. d/b/a PublicDomainRegistry.com in Bulgaria), the mail server behind addresses @hot.ee and @online.ee

• one.com (One.com Group AB in Sweden)

• hotmail.com (Microsoft) tell me that “host hotmail-com.olc.protection.outlook.com[104.47.56.161] said: 550 5.7.1 Unfortunately, messages from [51.68.71.43] weren’t sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [CO1NAM11FT107.eop-nam11.prod.protection.outlook.com 2024-01-28T19:45:45.245Z 08DC1F653F790B69] (in reply to MAIL FROM command) “