On 22Sep24, Bastian Blank via mailop apparently wrote: > > Ditto, they aggressively list Aussie Broadband's entire AS, > > https://www.uceprotect.net/en/rblcheck.php?ipr=144.6.86.210 > > UCEProtect lists this ip in Level 2. So this not about the single IP,
According to https://www.uceprotect.net/en/index.php?m=3&s=4 "We recommend the use of Level 2 blocking in cases where our Level 1 is not proving to be effective enough against spammers." "If you are a true BOFH you would logically block using all of our levels." So I'm not sure what ameliorating benefits there are to a "Level 2". That Aussie Broadband are one of the more responsible and well regarded ISPs in their market and that uceprotect offer a paid-for "whitelist" service all smells a bit "iffy" to me. Further, that uceprotect automatically roll up a retail CIDR to an AS also seems somewhat egregious. Finally, since uceprotect don't support ipv6, presumably Aussie Broadband's 2403:5800::/28 which maps to the same customers as 144.6.0.0/16 earns a "get out of jail free" card. For example, the aforementioned 144.6.86.210 which uceprotect claims is Level 2 is consequentially silent on 2403:5812:bcfe::2, which is the same system! That omission is hardly confidence inspiring. TLDR; uceprotect looks like it generates a lot of false positives on ipv4 and a lot of false negatives on ipv6, but otherwise it seems pretty solid. Mark. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
