Outgoing Mail Rejected By UCEProtect - Level 3 FAQs
UCEProtect, a Real-time Blackhole List (RBL) service*, has recently
added a wide range of our IP addresses to its Level 3 blacklist as it
detected three of our IP addresses “impacting” in a short period of
*A Real-time Blackhole List (RBL) is a system to easily
identify servers that have a reputation of sending spam. An RBL provides
access to a list of 'Blacklisted' IPs that an email filter can
reference when checking whether to accept an email. A spam filter will
often reference several RBLs as part of these checks.
What is UCEProtect?
UCEProtect is a DNS block list service consisting of three block
lists that block either a single IP (dnsbl-1 Level 1), a subnet (dnsbl-2
Level 2), or an ASN** (dnsbl-3 Level 3).
Level 1 - a single IP listing. These are the IPs that are sending mail to the UCEProtect spamtraps.
Level 2 - is per allocation. They’re not completely transparent about how they determine allocation.
Level 3 - automatically lists all IPs assigned to an Autonomous
System** as soon as its SPAMSCORE is 50 or higher, and (to avoid mini
providers being listed because of 1 or 2 spammers) at least 50 “impacts”
of IPs which are assigned to the AS number have been listed in level 1
in the last 7 days. Definition of “impact” is yet to be determined.
**An Autonomous System is a group of IP networks operated by one
or more network operator(s) that has a single and clearly defined
external routing policy. Some examples of Autonomous Systems are Google
How are our customers affected?
Customers may be affected if they use our hosting services to send
emails from a server using one of our IP addresses to a destination
which uses the UCEProtect blacklisting Level 2/3 RBL. If the server IP
is listed in the range specified by the RBL, normal emails may be
falsely identified as spam.
Does this affect everyone?
Traditional email services can be impacted by these types of issues,
however cloud based mail providers offer a lot more flexibility with
regards to mail delivery and may not be affected.
What have we done?
As soon as we were made aware of this, we identified and suspended the customer services responsible for the blacklisting.
Do we have a permanent solution?
There is no permanent solution to this. As UCEProtect does not
clearly mention the criteria for blacklisting an IP address, based on
the limited information that we have, we are continuing to investigate
our services for any further “impact”.
We are of the same opinion as other businesses, that UCEProtectL3 is
overly aggressive in the way it escalates a small number of problem IPs
into a wider issue which potentially affects good IP addresses.
Can a customer pay to be removed from the blacklist?
We DO NOT recommend paying UCEProtect to delist the IP address of
your service. Paying a fee to delist does not stop UCEProtect from
blacklisting the IP address in this way again.
Can a customer pay to be added to whitelist.org?
The UCEProtect site recommends adding the IP address to whitelist.org
as that will exclude it from future UCEProtect Blacklist actions. The
whitelist.org site is owned by the same company which runs UCEProtect,
and there is no guarantee that paying the fee today will stop your IP
address from being blacklisted in future. We DO NOT recommend paying to
have your IP address whitelisted on this service.
What can I do as a customer?
If you are impacted by this, you can let the recipient know the issue
is with UCEProtect and the recipient should be able to whitelist your
IP address on their side. Given the aggressive approach of this RBL,
recipients can also choose to stop their spam filter from checking
the UCEProtect L3 RBL.
Did you find this article useful?