UCEProtect Mail Blocking

[web12]

Hi Guys

Hoping someone else has noticed this and is able to shed some light on this.

It seems a lot of our servers have got listed with a spam BL called UCEProtect.net

Now this seemed like a bit of a scam to me at first as you have to wait 7 days to get removed, or can pay for instant removal. The scam part to me showed itself when I grepped my mail logs to see why they were blocking me. Below is an example:-

2006-12-05 15:56:29 H=(mail.bardwareonline.com) [59.94.254.18] sender verify fail for <[email protected]>: response to "RCPT TO:<[email protected]>" from asterix.muenchen.de [194.113.40.219] was: 571 UCEPROTECT-Policy Server decided: 571 (MSG-UCEP-0001) Listed at UCEPROTECT-Network Level 1. See http://www.uceprotect.net/rblcheck.php?ipr=11.22.333.44
2006-12-05 15:56:29 H=(mail.bardwareonline.com) [59.94.254.18] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed

Now this seems like theyve listed my servers because their mail was rejected... right?

Well, further looking into it it seems they dont like the use of sendercallouts, as written at http://www.uceprotect.net/en/index.php?m=4&s=0

Are callouts really such a bad thing? Ive not had any issues with any other BL because of this and it seems really unfair to list you because you are taking steps to protect your users from spam.

Also, are callouts still needed if you have other checks in place like Dictionary Attack checks and BL and virus scans?

Your thoughts are welcome, cus I certainly dont want to pay to get all my servers delisted from this BL.

 

[chirpy]

TBH, reading their site, it appears to be a litany of nonsense and why anyone would use them to protect themselves against spam is beyond me. IMO, you should never ever pay anyone to delist your site from an RBL and should refer the domain using the RBL to such a shoddy practice. Personally, I'd ignore them and explain to the affected user why you're ignoring them.

 

[ramorse]

My server was listed there as well. In fact, chripy, I just posted a support question to you related to this. I found their policies vigilante in nature and the idea of paying to get de-listed tantamount to blackmail.

However, it's clear that some admins are using their list. So, no matter what my opinion of their policy, it's affecting my clients' ability to send and receive email.

They claim my server has 'generic dns' and does 'backscatter', two terms that are new to me. So, somehow I need to deal with this.

BTW, they participate in a google group: http://groups.google.com/group/news.admin.net-abuse.blocklisting

lots of complaints and questions about their policies.

 

[zigzam]

Every server I have is listed there also. What a scam they are running.

 

[Branko]

Reading the site http://www.uceprotect.net and the newsgroups, backscatter apears to be everything that bounce to sender, including:
user excides mail quota
Sender verification
etc...

Also "too generic" ptr records will get you to the list, and as "too generic" they mean almost every ptr that major datacenters set to users.

So baesicly UCEProtect is trying to make us
1) disable Out of office auto responders to users
2) handle those bounces of users over quota on SMPT rcpt time (http://www.timj.co.uk/linux/rcpt-time-quota-maildir.php)
Other informations about backscatter http://spamlinks.net/prevent-secure-backscatter.htm

In some point it make sense, but one backscatter to cause blacklisting is IMHO not acceptable.

Sad thing is that I saw in my log retuned recipients from some remote mailserver about not delivering my mail because my mail server is listed at uceprotect because backscatter

The new problem is that many spambots are now aware of this policy, and now they use uceprotect spamtrap mails to blacklist servers. So it seams that solution is to disable sender verify, discourage users from using autoresponders.

Also it seams very unprofessional to charge 50€ for delisting, and receive payment only trough paypal and moneybookers.

As I saw on news thread the reason for billing the 50€ is damage your server has caused to other sysadmins wtf