On Mon, 8 Jun 2020 at 16:37, Ewald Kessler | Webpower via mailop < mailop@mailop.org> wrote:
> Hello, > > One of our IP addresses (91.197.72.142) got blacklisted at > UCEPROTECT-Level1 with a "Last Impact" timestamp of 06.06.2020 16:57 CEST > +/- 1min. > > But the peculiar thing is, no mail was sent from that IP in at least the > 48 hours prior to their timestamp. Does this sound familiar? Am I missing > something? And if this is a false positive, does anyone know how to get > that info through to the people of UCEPROTECT? Since we don't really > qualify for any of the options given on their contact form... ( > http://www.uceprotect.net/en/contact.php) > > tl;dr: don't worry about UCEProtect, they won't help you and your energy is better spent elsewhere. Perhaps the listing was due to retry 421/45x NDR to a honeypot, backscatter or spoofed sender reply-to? Did it perhaps align with an expired 48/72 hour retry period? UCEProtect are alleged in the past to use their own systems to email addresses then list based on bounces/scatter (see /. article) I suspect people come across UCEPROTECT, quickly start using it (sometimes as their sole determining RBL) but gradually realise they cause as many problems as they solve. You're a large ESP so I'd expect more than one UCEProtect listing... If you're policing your customer base, and customer campaigns aren't using junk lists, there's not much else you can do. What's up with UCEP? In my personal opinion: - Opaque listing methodologies (perhaps acceptable in isolation). - Bizarre and unhelpful practices around delisting. - A history of fairly militant and scornful replies from the operators (see also their "cart00neys"). Not very professional. - Unhelpfully strict, narrow interpretations of their own rules around listing & classification irrespective of circumstance Of course they can run their private system as they wish, but I can't trust them as a judicious altruistic operator. Their hardline, broad-scope listings for some networks can be problematic. I don't like how they pitch paid expedited delisting amongst other things. I get everyone needs to make money, but that doesn't sit well with me. I don't think I'd bother worrying about UCEPROTECT - either using them or worrying about listings. I only occasionally check incoming emails against UCEP for information-only scoring comparisons with 'good' RBLs. I stopped wasting my time with UCEP in production long ago. https://tech.slashdot.org/story/12/12/25/0236223/ask-slashdot-dealing-with-anti-spam-service-extortion https://wordtothewise.com/2018/05/uceprotect-gdpr-fallout/ https://groups.google.com/forum/#!topic/news.admin.net-abuse.blocklisting/Tc6bSDj9ebo If an RBL is willing to block swathes of public provider ranges, ISP /24s and even half of Sendgrid with no nuance or moderation, it's worthless. I'm sure their own inboxes are blissfully free of emails. ("hooray, no spam here!") Worry about an SBL or SmartScreen listing :-) and encourage other admins to reconsider their reliance on UCEProtect, it's not cut out for serious use.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
