http://www.uceprotect.net/en/rblcheck.php

(example IP - 64.62.190.246)

Not sure if this is specific to Linode - or other providers on the same network space....

UCEProtect is an extortion racket. They serve no useful purpose. If your mail is getting blocked by this, the people you are mailing need a new provider.

_________________
/ Peter

Interesting, you have a bad experience with them?

Disclaimer I don't use them all I did was google and really I haven't discovered anything that would lend me to believe that they aren't legit.

It's a sad reality that due to Scum Spammers these services are a MUST. In a perfect world this scum would not exist, but hence life isn't perfect

If you're in their blacklist on level 1, you'll either have to wait 7 days for automatic expiry, or pay 50 Euros per IP address for immediate removal.
http://www.uceprotect.net/en/index.php?m=7&s=6

And on level 2, UCEPROTECT has this to say:
"Your provider didn't act fast enough to disconnect abusers, or has no clue how to install preventive measures against spammers."

On removal from level 2:

http://www.uceprotect.net/en/index.php?m=7&s=7

Regarding level 3:

http://www.uceprotect.net/en/index.php?m=7&s=8

In other words, if you manage to get listed in some way, and are able to block further spamming attempts, you'll be on the blocking list for at least 7 days, or pay up either 50 Euro for a single IP (as an end user) or 150 Euro for a netblock (as an ISP). If that's not extortion, I don't know what is.


Yes, but it's no reason for blacklists not being somewhat flexible in their removal policies.

First hit that isn't one of their own pages when I Google for uceprotect: OpenRBL Wiki.

NeonNero's post pretty much has it covered. I rest my case.

_________________
/ Peter

Whether we like or dislike UCEProtect's policies on listing and delisting is somewhat irrelevant here I think. Can we all agree that it is not a good thing to have your IP test positive on spam databases if you are planning on sending email from your linode?

I know one of the first things I did when I considered linode was to test a few of their ip's against spam databases. I subscribe to dnsstuff's RBLalert service, so I see whenever my ips get added to any blacklists. As of about a week ago, AS3595 (gnax, the whole atlanta datacenter) is listed on UCEProtect level three. Now I don't think that is the end of the world, but if I had seen that when I was choosing linode I might have kept looking. If they continue to get added to more lists, I will probably have to consider moving elsewhere, which would suck since linode is IMHO the best thing going.

As for UCEProtect:

If you are on the level 1 list, then your IP sent spam to their systems and YOU need to fix something. I don't think 7 days is an unreasonable time for them to wait to see if you've really fixed the problem.

The level 2 and 3 listings on UCEProtect are based on netblocks and ASNs, so they are not based on anything you have done, but simply indicate your neighbors have sent spam. I personally think anyone using these lists to filter email is going overboard just to make a point, but it is their server so they can reject us if they want.

The 7 day timeout might not be as bad, although more popular blocking lists like SpamCop.net and Spamhaus.org operate with much lower default timeout periods (24 hours for SpamCop.net, upwards from 48 hours for Spamhaus.org) if there are no new reports.

Problem is, extortionists like UCEProtect doesn't take into account short-term technical difficulties or single-user errors, and will charge you if you want the IP delisted immediately. SpamCop.net and Spamhaus.org doesn't charge anything for delisting if there's a valid reason for manual delisting.

Also, with level 2 listings, UCEProtect says that your ISP "didn't act fast enough" to stop the spam. They don't say what they define as "fast enough". For what we know, this could be anywhere from 30 minutes to 1 hour to 2 days to 3 weeks.

For those who spam for a living, a charge of 50 Euros for delisting is petty cash, as UCEProtect doesn't appear to bother checking if there's more spam coming from the IP address being delisted, they only say that the IP will be delisted as soon as the payment has been received.

This brings on the feeling that UCEProtect is more interested in making money on delisting IP addresses rather than actually solving the spam problem.

I also notice that their website is more or less riddled with bad English and "high-school level" informal language. Yes, they're German, but that still no excuse for proper grammar and spelling (or even basic formal language) when presenting information. To me, they present the image of high school kids (or the German equivalent) rather than actual business professionals.

Whether or not these thieves have taken part of the Internet hostage for their own ends or not should be irrelevant. No sensible provider takes them seriously and they will go the same way as SPEWS.

_________________
/ Peter

Granted a week to remove without paying is long, but bottom line is the reality of filth from Scum Spammers opens the door for people to charge for blocking them. And it takes money and resources to combat these low life's.

So bottom line is UCEProtect is a bad service, complain to the companies who use them. I myself outsource my email services and they have excellent anti-spam. Yes it cost's me more than other services and if I were to run my own email, but then again you get what you pay for

Yes, it takes money and resources in terms of man-hours for the ISPs. The only costs I'm aware of for many of these blocking lists boils down to hosting, marketing and maintenance, all of which are basically minor costs nowadays, especially judging by the image displayed by UCEProtect.

The problem with UCEProtect and similar systems is mainly the fact that as an ISP (or hosting provider), you'll not only pay for the man-hours to plug the hole used by spammers, but you'll also need to pay off somebody (which can basically be seen as a bribe) to continue regular e-mail traffic.

By charging money to remove an entry from your blocking list, rather than doing a proper job at maintaining it, you're basically stooping down to the level of those spammers.

And I repeat, those who are likely to pay off this type of - and let's be honest - bribe, are spammers and those who simply don't know any better.


Thankfully, I don't use UCEProtect myself, and I don't personally know of any systems (or sysadmins) using them.

It should be noted that we have an existing thread on the matter, when they threw the same AS# on their blacklist.

http://www.linode.com/forums/viewtopic.php?t=2863

As far as I can tell, we had the UCE "admin guy" (or one of them) post in that thread, explaining his... 'position.' Even a GNAX employee responded.

It's worth a read.

heh, that was rather comical

Yeah, they're blacklisting Verizon

So I guess they won't let uunet through since Verizon owns them eh?

These guy's are a joke

Sure, that is the ususal claim made by spammers.
Spammers lie.

It seems the problem is GNAX once again hosting lots of spammers.

Have a look at the IP's which are causing the problem and see what you get as PTR's:

http://www.uceprotect.net/en/rblcheck.php?asn=3595

Scroll down complete to see the IP's which got listed at Level 1 and so causing the problem.

So lets see some of the IP's and decide what it is:

63.247.64.65 mail1.awesomemktg.net
63.247.64.66 mail2.awesomemktg.net
and so on some hundrets more of that one..

Now lets look to whom you can say THANK YOU for being listed:

Domain Name: awesomemktg.net
Registrar: Name.com LLC

Expiration Date: 2009-04-28 00:00:00
Creation Date: 2008-04-28 16:06:07

Name Servers:
ns1.awesomemktg.net
ns2.awesomemktg.net

REGISTRANT CONTACT INFO
Inet Advertising
Domain Administrator
234 Morrell Rd.
Suite 160
Knoxville
TN
37919
US
Phone: +1.6155126750
Email Address: inetadvertising.admin@gmail.com

63.247.64.100

and let's see who is that:

Domain Name: differentmktg.net
Registrar: Name.com LLC

Expiration Date: 2009-04-28 00:00:00
Creation Date: 2008-04-28 16:06:08

Name Servers:
ns1.differentmktg.net
ns2.differentmktg.net

REGISTRANT CONTACT INFO
Inet Advertising
Domain Administrator
234 Morrell Rd.
Suite 160
Knoxville
TN
37919
US
Phone: +1.6155126750
Email Address: inetadvertising.admin@gmail.com

Lets pick another IP from that space ...

63.247.95.100 mail4.mailingsforconsumers.net

Domain Name: mailingsforconsumers.net
Registrar: Name.com LLC

Expiration Date: 2009-04-13 00:00:00
Creation Date: 2008-04-13 16:33:56

Name Servers:
ns2.mailingsforconsumers.net
ns1.mailingsforconsumers.net

REGISTRANT CONTACT INFO
Inet Advertising
Domain Administrator
234 Morrell Rd.
Suite 160
Knoxville
TN
37919
US
Phone: +1.6155126750
Email Address: inetadvertising.admin@gmail.com

I recommend that you youse your brain and investigate first before claiming others extortion racketeers, if you don't want to be called a spamsupporter.

If you will do the work and have a look to that list above then you will find that GNAX did lease some hundret IP's to a well known spammer.

Claiming they would not have known about that is futile.

The PTR's given should have been warning enough to know that it will be no brave customer.

All of the domains within the complete Listings were registered less than 3 month ago and for only one reason - spamming.

Spammers lie and so does GNAX.

GNAX wants YOUR money, but they also want spammers money.
They did exactly knew that they will end up in UCEPROTECT-Level 3 again if they will give complete /24 Networks to spammers again as they did it one year ago too.

It might be a good idea if Linode would for a better uplink instead.

Companies using our lists do exactly know why they are using UCEPROTECT and you will not get them to drop us, because UCEPROTECT works for them.

Have a look at AL IVERSON's independant staistics:

http://stats.dnsbl.com/uce3.html

That translates to: UCEPROTECT-Level 3 (which lists complete providers) has blocked about 40% spammails, but less than 0.3% false positives

Could that mean that those some hundret providers which manage to end up in Level 3 are responsible for 40% of the global spam, but less than 0,3% real mail came from their networks and ranges?

It's not just a usual claim from spammers, the extortion racket claim is also wide used among non-spammers, especially with regards to blocking lists who charge money to remove people from that list. ([i]No, you can't send your important e-mail message now. You'll have to wait a full week or pay me money to let it through.[i])


With the same logic I could claim that AT&T, Microsoft, Google, LiquidWeb and the majority of China are all supporting spammers by letting spammers host websites with them. How so? I've reported a wide share of IPs and websites via SpamCop.net to these, and via your logic, they must support spammers.

Problem is, all of these provide hosting space for cheap (or free), attracting spammers everywhere to use up trial offers and such.

Also, in terms of assigning a wider IP segment to the spammers, they will most likely get into legal trouble if they claim them to be spammers unless they can provide hard evidence of this themselves. Either that, or they don't know beforehand whether or not they are spammers.

The way you're fighting spam, can be compared to the US government fighting terrorism by releasing, say, Anthrax into the ventilation system of a random skyscraper, simply because they know there's a couple of terrorists in there, and then go in and charge money for immediate healtcare to the others who were affected. Just to throw a random example to the extremes.

Well-fed spammers won't think twice to pay for your express removal, even if it means he gets listed less than an hour after being delisted. SpamCop.net and Spamhaus.org require you to contact them and provide an explanation for the delisting rather than a payment. There's the difference between an extortion racket like yourself and legitimate blocking lists.

Also, saying that GNAX is a spammer's haven based on 300 IPs out of 92,000 (yes, ninety-thousand IP addresses) last year is a bit extreme, don't you think? And in the other thread, the IP mentioned was 64.62.190.246, which you follow up with a reference to GNAXNET ("AS3595"). The IP mentioned isn't even remotely near GNAX's network.

Frankly, as a non-customer with Linode, I don't know how you can find time in your workday to visit, read and write posts on a relatively small forum like this one.

UCEPROTECT runs on autopilot at 99,85%
That means no one has to lift a finger here to remove listings, they just expire if there is no abuse seen for 7 days.

That is the usual way UCEPROTECT works.

Oh i forgot, there are these very important persons which's lifes are depending on email-delivery.
If email would be so important for them, they would better think about security of their systems before they got hacked.

Oh and there are providers that give a shit to who are their new customers and it does not matter to them to abuse their other customers as human shields.

If those get listed and the whining starts about the bad guys at UCEPROTECT, there are always some dumbsters which think they must come up with the extortion storyand the even dumber claim that no one would use that lists.

Why do i say dumbster?

Because those can't think logic.

If no one would use our lists, then you wouldn't even get aware of our listings and wouldn't have to tell your even dumber story of extortion.

The facts are:

If people here have to do manual work to check if problems are really fixed and removing IP's manually it is something which costs the company money.

That is only in parts payed by the expressdelisting fees.

If you are willig to do the work of 8 employees 24/7 free of charge here to deal with athe spamfriendly providers and lusers which got hacked and were abused for spamming then no problem.

We would really preferre to have a genius as you doing their work free of charge, it would save us a lot of money.
If so we would no longer need to charge fees for expressdelistings.

So did you apply for that position here?

If not - simply shut up and blame the right persons for the listing - the sewers that caused the listings.

They did get listed 4 days ago, and what do you think?
Did they boot their massive spamming customer in the meantime?
You guess it - they did of course not.



SpamCop.Net does not inquire anything, you will be removed automatically whitin 24 hours after a spamrun from your machine ends. The fact you can contact them does not really mean you can hurry up things.



Spamhaus.org is a commercial system which charges users of their blocklists instead.

See here: http://www.spamhaus.org/datafeed/pricecalculator.lasso

Different to that UCEPROTECT-Blocklists can be used free of charge by anyone who wants to do so.

I guess even you should now see that you can't compare blocklist models which couldn't be more different in their concepts.



Sorry my fault, i didn't read the complete thread so let's talk about
64.62.128.0/17

It's not better at all, even more worse:

Lets see this:

http://www.uceprotect.net/en/rblcheck.php?asn=6939

How can a professional provider manage to get 200 spamming IP's within a /17 network within 7 days?

Yes one needs to be negligent to not notice their new customers are spammers.

Checking PTR'S for those 200 IP's and run whois for the domains you get there you will find that they are *WELL KNOWN* to everyone that ever had to deal with spam.



That is because my employer pays me to do public relations and Google is my friend too.
It is very easy to find threads as that one where dumbsters claim the story of extortion again and again.
Serious: If we would be racketers, then we would not even care about your writings.