-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: Last post by me on this thread Graeme.
On Fri, 2021-01-22 at 20:45 +, Gregory Heytings via mailop wrote:
> At the time we were discussing this 24 hours ago, there were about ~2400
> IPs in their network that were flagged. This number
I've been a steady user of UCEPROTECT for years now. I use their levels
1, 2, and 3 with postscreen rankings along side other popular RBLs. On
my systems a UCEPROTECT level 3 rating will reject, unless the IP is
listed in ips.whitelisted.org.
IOW, on your systems any mail coming from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, 2021-01-22 at 19:12 +0100, Alessandro Vesely via mailop wrote:
> On Thu 21/Jan/2021 19:09:04 +0100 Graeme Fowler via mailop wrote:
> > [Admin note]
> >
> > Unless you are a representative of UCEPROTECT, or you have something to
> >
On Thu 21/Jan/2021 19:09:04 +0100 Graeme Fowler via mailop wrote:
[Admin note]
Unless you are a representative of UCEPROTECT, or you have something to
actually add to the discussion rather than endlessly nitting on statistics etc,
please refrain from continuing this thread.
Jim has been on
On Thu 21/Jan/2021 16:24:03 +0100 Michael Peddemors via mailop wrote:
On 2021-01-21 6:03 a.m., Jim Popovitch via mailop wrote:
It's never been about the $$, it's always been about
identifying the responsible party.
Which is why I am always surprised, that some providers choose NOT to offer
On 2021-01-21 8:20 a.m., Gregory Heytings via mailop wrote:
One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent
a spam in the last 7 days according to uceprotect. That might seem like
a high number, but it's only 0.05% of the address space of that AS.
Because of this all
There is a lot of guessing in this discussion. Maybe have a look at your logs
for OVH networks and you will see something like "distributed spam delivery
system" every day. I show an example of another OVH network, which is currently
spamming German users:
This data is for one of my smaller
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 18:36 +0100, Vittorio Bertola via mailop wrote:
> > Il 21/01/2021 15:03 Jim Popovitch via mailop ha scritto:
> >
> > Neither of those situations describe the reality of what uceprotect is
> > doing. They are saying that if
[Admin note]
Unless you are a representative of UCEPROTECT, or you have something to
actually add to the discussion rather than endlessly nitting on statistics etc,
please refrain from continuing this thread.
Over the years we've all seen many threads on many mailing lists of the form
On Thu, 21 Jan 2021 at 18:16, Jim Popovitch via mailop
wrote:
> > Maybe you'll grasp the issue only when they will list Ramnode :-)
> > Or maybe you'll be happy to pay or to move to another ASN until they catch
> > up...
>
> You seem to be under the assumption that uceprotect is just looking for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 17:33 +, Gregory Heytings via mailop wrote:
> > > This make me think to the "First the came..." thing: saying that around
> > > 1 million OVH customers *chose* to operate in *shady area* is a strong
> > > statement.
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 17:23 +, Gregory Heytings via mailop wrote:
>
> I'm not advocating anything, and that's again orthogonal to the point at
> hand. The point is that when a website gets hacked and starts to send
> spam, all other IPs of
> Il 21/01/2021 15:03 Jim Popovitch via mailop ha scritto:
>
> Neither of those situations describe the reality of what uceprotect is
> doing. They are saying that if you choose to operate in a shady area,
The problem here is that they are defining on their own the criteria to
identify a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 17:07 +, Gregory Heytings via mailop wrote:
> > > One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent
> > > a spam in the last 7 days according to uceprotect. That might seem
> > > like a high number,
This make me think to the "First the came..." thing: saying that around
1 million OVH customers *chose* to operate in *shady area* is a strong
statement.
... and OVH cleaned up their act.
Yet they are (black)listed by uceprotect. OVH is AS16276, the one with
2327 of their 3583744 IPs
Apparently that's not a good strategy: their 509952 IPs are blocked by
uceprotect, too; 217 of these IPs (again 0.05%) sent spam in the last
seven days. And indeed what you suggest is not a solution for the
WordPress site of a honest customer that get hacked, for instance.
You keep
Dnia 21.01.2021 o godz. 11:44:30 Jim Popovitch via mailop pisze:
>
> Yes, I can think of 4 right now, and I'm sure there are many more. One
> of those 4 is in your short list above. The a few things that make
> those 4 providers good are 1) They act on abuse reports, 2) they block
> outbound
One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent
a spam in the last 7 days according to uceprotect. That might seem
like a high number, but it's only 0.05% of the address space of that
AS. Because of this all IPs of AS16276 are blacklisted.
2327 IPs from that ASN
On Thu, 21 Jan 2021 at 17:37, Mary via mailop wrote:
> Linode blocks port 25 on all new accounts/servers. You need to talk to them
> and explain who and what you are, before they open it manually for you.
But this was not enough to prevent them being listed in level-3:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 15:15 +0100, Stefano Bagnara via mailop wrote:
> On Thu, 21 Jan 2021 at 15:04, Jim Popovitch via mailop
> wrote:
> > > "Pay us for protection", when it really means "pay us or we'll [break
> > > your knees|set your house on
Yes, someone should give them kudo's for that, at least they made an
effort.. of course, someone occasionally gets around that.. saw last
week someone abusing their IP space, but in general reports from that
network are GREATLY reduced from historical levels.
-- Michael --
PS, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 16:44 +, Gregory Heytings via mailop wrote:
> > > How can a server provider do this? Apart from blocking port 25 of
> > > course, and forcing all emails of their customers to go through their
> > > SMTP server, in which
On Thu, 21 Jan 2021 at 15:04, Jim Popovitch via mailop
wrote:
> > "Pay us for protection", when it really means "pay us or we'll [break
> > your knees|set your house on fire|break your windows...]" isn't
> > insurance, and can get you arrested.
>
> Neither of those situations describe the
How can a server provider do this? Apart from blocking port 25 of
course, and forcing all emails of their customers to go through their
SMTP server, in which case they wouldn't be selling a bare machine
anymore. If it was "not even that difficult", I'd guess they would all
do it.
Linode
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 16:20 +, Gregory Heytings via mailop wrote:
> > First off, I'm subscribed to this list, there is no need to email me AND
> > the list.
> >
>
> Sorry, I was just honoring the "Reply-To:" header set by the list.
>
> > >
Linode blocks port 25 on all new accounts/servers. You need to talk to them and
explain who and what you are, before they open it manually for you.
On Thu, 21 Jan 2021 16:29:56 + Gregory Heytings via mailop
wrote:
> How can a server provider do this? Apart from blocking port 25 of
while it is feasible for ISPs to eradicate spam on their network, it is
impossible for server providers to do this:
Umm.. it's not impossible, and it's not even that difficult..
How can a server provider do this? Apart from blocking port 25 of course,
and forcing all emails of their
First off, I'm subscribed to this list, there is no need to email me AND
the list.
Sorry, I was just honoring the "Reply-To:" header set by the list.
It's what they themselves say: they changed their formula two days ago,
and because of this thousands IP addresses that were not listed
On 2021-01-21 6:01 a.m., Gregory Heytings via mailop wrote:
it is impossible for server providers to do this:
Umm.. it's not impossible, and it's not even that difficult..
It's a choice.. there are many service providers out there that do a
bang up job.. You'll have to explain why one
On 2021-01-21 6:03 a.m., Jim Popovitch via mailop wrote:
It's never been about the $$, it's always been about
identifying the responsible party.
Which is why I am always surprised, that some providers choose NOT to
offer 'rwhois' that shows the responsible party, and when they started
using
On 21/01/2021 14:38, Gregory Heytings via mailop wrote:
That's orthogonal to the point at hand. The point is that honest
customers can have their WordPress website hacked. This might indeed
happen because of apathy on the part of that customer, but a server
provider cannot do anything to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 14:38 +, Gregory Heytings wrote:
> > > > That's a fair point, there's no reason to not question their motives.
> > > > I just personally don't see that it's a profit center for them.
> > >
> > > Just do the math. They
That's a fair point, there's no reason to not question their motives.
I just personally don't see that it's a profit center for them.
Just do the math. They blocked at least 100K IPs, because 1% of these
IPs sent spam in the last 7 days. If 0.5% of those 100K IPs decide to
subscribe to
From their web site: WHITELISTING IS RECOMMENDED FOR IP
217.182.79.147. Registration is available for 1 Month (25 CHF), 6
Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes,
perhaps it's not extortion. We may call it demanding money with
menaces, exaction, extraction,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 14:01 +, Gregory Heytings wrote:
> > > > > From their web site: WHITELISTING IS RECOMMENDED FOR IP
> > > > > 217.182.79.147. Registration is available for 1 Month (25 CHF), 6
> > > > > Month (50 CHF), 12 Month (70 CHF),
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 08:54 -0500, Chris via mailop wrote:
> On 2021-01-21 07:26, Jim Popovitch via mailop wrote:
> > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
> > > So yes, perhaps it's not extortion. We may call it
On 2021-01-21 07:26, Jim Popovitch via mailop wrote:
On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
So yes, perhaps it's not extortion. We may call it demanding money with
menaces, exaction, extraction, blackmail...
Lot's of things in life require payment(s), or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 13:44 +0100, Alessandro Vesely via mailop wrote:
> On Thu 21/Jan/2021 13:26:43 +0100 Jim Popovitch via mailop wrote:
> > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
> > > On Wed 20/Jan/2021 14:25:10
On Thu 21/Jan/2021 13:26:43 +0100 Jim Popovitch via mailop wrote:
On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote:
On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
On 1/20/21 1:58 PM, Jim
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
> On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote:
> > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
> > > On 1/20/21 1:58 PM, Jim Popovitch
On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote:
On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote:
On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
New/current policy:
On 20 Jan 2021, at 11:27, Russell Clemings via mailop wrote:
I don't really understand why anybody would use UCEPROTECT3 anyway.
The first sentence of their web page says:
"This blacklist has been created for HARDLINERS. It can, and probably
will
cause collateral damage to innocent users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2021-01-20 at 08:27 -0800, Russell Clemings via mailop wrote:
> I don't really understand why anybody would use UCEPROTECT3 anyway.
>
> The first sentence of their web page says:
>
> "This blacklist has been created for HARDLINERS. It can,
My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have
to worry about deliverability? Their page tells me to ask my provider to fix
the issue, which I will do, but... it's OVH, so you know...
UCEPROTECT is among the worst blacklists in usefulness. They have a low
catch
I don't really understand why anybody would use UCEPROTECT3 anyway.
The first sentence of their web page says:
"This blacklist has been created for HARDLINERS. It can, and probably will
cause collateral damage to innocent users when used to block email."
On 2021-01-20 5:39 a.m., Vittorio Bertola via mailop wrote:
I could understand listing specific providers if they were clearly and openly
tolerant of spammers, but listing big chunks of the entire industry at once?
Personally, I think this is the year that you can expect to see more of
that,
On 2021-01-20 05:10, Hans-Martin Mosner via mailop wrote:
On one hand, UCEPROTECT is relatively aggressive, and their unlisting policy is
at least questionable. However, running
a blacklist incurs costs in terms of server time and admin time, so if they
provide access for free, how should
On Wed, Jan 20, 2021 at 3:45 AM Jaroslaw Rafa via mailop
wrote:
>
> Hello,
> just got an information from MxToolbox that my IP (actually not my IP in
> particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT
> level 3. Checking of my IP (217.182.79.147) at
>
> Il 20/01/2021 13:29 Hetzner Blacklist via mailop ha
> scritto:
>
> Looking back on my infrequent checking of UCEPROTECT, that means OVH
> will probably be permanently on level 3.
>
> In fact, a number of other large, well-known providers are now listed on
> level 3 as well.
I host my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
>
> On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote:
> > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
> >
> > > New/current policy:
On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote:
On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
New/current policy: http://www.uceprotect.net/en/index.php?m=3=5
You failed to mention this bit from that link:
"UCEPROTECT-Level 3 lists all IP's within an ASN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
>
> New/current policy: http://www.uceprotect.net/en/index.php?m=3=5
>
You failed to mention this bit from that link:
"UCEPROTECT-Level 3 lists all IP's within an ASN except
UCEPROTECT just recently changed their listing criteria for level 3
listings (blacklisting an entire ASN).
Direct source: http://www.uceprotect.net/en/index.php?m=12=0
What they don't make clear (for whatever reason) is the actual change.
Previously if 0.2% of a provider's IPs were blacklisted,
Renaud Allard)
>4. Re: Is it something to worry about? (Jim Popovitch)
>
>
> --
>
> Message: 1
> Date: Wed, 20 Jan 2021 10:40:57 +0100
> From: Jaroslaw Rafa
> To: mailop@mailop.org
> Subject: [mailop] Is it something to worry about?
> Message-I
On 20/01/2021 11:36, Martin Flygenring via mailop wrote:
As mentioned by Hans-Martin, you can pay them to be whitelisted, which
means that you will no longer appear in level 2 or 3 according to
http://www.whitelisted.org/. So if you have sent so much bad mail you
end up in their level 2 or
We were dealing with UCEPROTECT blocks roughly one year ago where we had
several IP's blacklisted in level 1. Based on the info they gave, it
wasn't always that easy to pinpoint the cause of the block, since they
provided a date and time and wrote "+/- 1 minute". Several times, i
checked our
On Wed, 20 Jan 2021 at 11:54, Jim Popovitch via mailop
wrote:
> For me, it's "appreciate never seeing those emails". I outright block
> level 2 and level 3, and high score level 1. I've been doing that for
> years now and have never seen a reject log message that wasn't already
> listed in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2021-01-20 at 11:21 +0100, Renaud Allard via mailop wrote:
>
> I agree with what you said. That said, those who use UCEPROTECT above
> level 1 to unconditionally block mails deserve to lose mails.
>
For me, it's "appreciate never seeing
On 1/20/21 11:10 AM, Hans-Martin Mosner via mailop wrote:
Am 20.01.21 um 10:40 schrieb Jaroslaw Rafa via mailop:
Hello,
just got an information from MxToolbox that my IP (actually not my IP in
particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT
level 3. Checking of my IP
Am 20.01.21 um 10:40 schrieb Jaroslaw Rafa via mailop:
> Hello,
> just got an information from MxToolbox that my IP (actually not my IP in
> particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT
> level 3. Checking of my IP (217.182.79.147) at
>
Hello,
just got an information from MxToolbox that my IP (actually not my IP in
particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT
level 3. Checking of my IP (217.182.79.147) at
http://www.uceprotect.net/en/rblcheck.php gives the info that it has been
listed because there
61 matches
Mail list logo