Outgoing Mail Rejected By UCEProtect - Level 3 FAQs

  Print

Outgoing Mail Rejected By UCEProtect - Level 3 FAQs


UCEProtect, a Real-time Blackhole List (RBL) service*, has recently added a wide range of our IP addresses to its Level 3 blacklist as it detected three of our IP addresses “impacting” in a short period of time.

*A Real-time Blackhole List (RBL) is a system to easily identify servers that have a reputation of sending spam. An RBL provides access to a list of 'Blacklisted' IPs that an email filter can reference when checking whether to accept an email. A spam filter will often reference several RBLs as part of these checks.

What is UCEProtect?

UCEProtect is a DNS block list service consisting of three block lists that block either a single IP (dnsbl-1 Level 1), a subnet (dnsbl-2 Level 2), or an ASN** (dnsbl-3 Level 3).
Level 1 - a single IP listing. These are the IPs that are sending mail to the UCEProtect spamtraps.
Level 2 - is per allocation. They’re not completely transparent about how they determine allocation.
Level 3 - automatically lists all IPs assigned to an Autonomous System** as soon as its SPAMSCORE is 50 or higher, and (to avoid mini providers being listed because of 1 or 2 spammers) at least 50 “impacts” of IPs which are assigned to the AS number have been listed in level 1 in the last 7 days. Definition of “impact” is yet to be determined.

**An Autonomous System is a group of IP networks operated by one or more network operator(s) that has a single and clearly defined external routing policy. Some examples of Autonomous Systems are Google or Telstra.

How are our customers affected?

Customers may be affected if they use our hosting services to send emails from a server using one of our IP addresses to a destination which uses the UCEProtect blacklisting Level 2/3 RBL. If the server IP is listed in the range specified by the RBL, normal emails may be falsely identified as spam.

Does this affect everyone?

Traditional email services can be impacted by these types of issues, however cloud based mail providers offer a lot more flexibility with regards to mail delivery and may not be affected.

What have we done?

As soon as we were made aware of this, we identified and suspended the customer services responsible for the blacklisting.

Do we have a permanent solution?

There is no permanent solution to this. As UCEProtect does not clearly mention the criteria for blacklisting an IP address, based on the limited information that we have, we are continuing to investigate our services for any further “impact”.
We are of the same opinion as other businesses, that UCEProtectL3 is overly aggressive in the way it escalates a small number of problem IPs into a wider issue which potentially affects good IP addresses.

Can a customer pay to be removed from the blacklist?

We DO NOT recommend paying UCEProtect to delist the IP address of your service. Paying a fee to delist does not stop UCEProtect from blacklisting the IP address in this way again.

Can a customer pay to be added to whitelist.org?

The UCEProtect site recommends adding the IP address to whitelist.org as that will exclude it from future UCEProtect Blacklist actions. The whitelist.org site is owned by the same company which runs UCEProtect, and there is no guarantee that paying the fee today will stop your IP address from being blacklisted in future. We DO NOT recommend paying to have your IP address whitelisted on this service.

What can I do as a customer?

If you are impacted by this, you can let the recipient know the issue is with UCEProtect and the recipient should be able to whitelist your IP address on their side. Given the aggressive approach of this RBL, recipients can also choose to stop their spam filter from checking the UCEProtect L3 RBL.


Thank you for your feedback on this article.

Related Articles

© Crucial