Uceprotectl2 blacklist là gì

These answers are provided by our Community.

If you run into issues leave a comment, or add your own answer to help others.

Just as an update I see that my droplet IP is, as of now (August 2019), part of a new UCEPROTECT3 blacklist that covers a large piece of DO IP space.

Its nothing that Ive done wrong and nothing that anyone in the IP space close to me is guilty of, but the UCEPROTECT website claims that there are a lot of DO droplets sending spam at the moment.

Ive put a support ticket in to ask what DO are able to do about this - Id encourage others inconvenienced to do the same.

I am having the same problem at 2021 Can someone do something about it in Digital Ocean?

I got a very unhelpful response from Digital Ocean support below that sidesteps their responsibility as a cloud provider.

Like most here, I all of us here I dont send email directly from my server but through a mail relay service which isnt blacklisted and doesnt have any issues. The issue I AM seeing is that LOT of Digital Ocean IPs are listed in this BS UCE blacklist provider.

Digital Ocean needs to send its security team and or lawyers to talk to the peeps over at UCEPROTECTL3 and address the issues customers are facing.

I was using DigitalOCean VPS services from 4 years ago (web hosting) and never had issues. Servers here in DO are cheap and very reliable, never had a down time. But since some months ago we needed to host mail services, so now we manage mail servers in our Droplets.

Now, i can see reality about DO and their useless abuse team about spamming issues.

Start to use digitalocean services is really easy and fast, anyone can create an account and -10 min later have many 5 USD droplets working at same time, with gigabit speeds and not any restriction about networking outbound and inbound, so thats why many bad intention users come to DO and use their IPs and resources in possibly illegal actions, and DO abuse team is doing nothing about this to control or almost to try to decrease level of abuse that many users do on their accounts.

Now im moving to Vultr (tried to move on UpCloud, but they restrict use of 25 port, and didnt authorized me to open it up on my VPS), and i hope in a future, DO takes severe actions against spammers and abusers, and cares about safety on internet. Maybe i could return and open up my account again. Meanwhile, i leave.

My mail server has been affected by this for the last 3 days. This is a deal-breaker in terms of hosting. If Digital Ocean is not willing to do something about this, I would love to hear recommendations of better cloud service providers.

Same problem here, my clients without e-mail, just because this stupid UCEPROTECTL3 blacklist !!! Any solution? Or other hosting provider? IM HERE SINCE 2015 !!!

Same automatic and disappointing answer from support.

• Digitalocean is getting blocked completely by UCEPROTECT-Blacklist
• a new Droplet-IP wont resolve the problem
• Microsoft is using UCEPROTECT
• DO letting their users do what they want (Pirate-Policy)
• This is a problem for serious businesses using DO as hoster

UCEPROTECTL3 is often an entire range block, so its probably DO who are being blacklisted rather than you. However, there is no formal delisting process, so DO need to stop spam from ANY of the IPs in the blacklisted range, and keep the range clean for long enough for the IP to be automatically delisted. Thats not impossible, but its not easy and its definitely not quick. Even when its done, itll take a while for the IPs reputations to recover enough that Id consider them good enough to send mail through.

For you as a customer, that means youre not going to be able to get your IP whitelisted. Assuming youre not the problem (i.e. you KNOW youre not sending spam through your server - be sure of this before you proceed), then the quickest fix is to migrate to a different IP that isnt on any blacklists. I dont know if DO can change the public IP of your droplet, but even if they can, Id personally opt for a phased migration to a new droplet so you can manage the process yourself.

I need your help on how to get white-listed my IP in UCEPROTECTL3 Spam

Have you check uceprotect website?
You (DO) can delist the whole range by paying 449CHF - as they recommend, you (DO) can charge for this your users:

If you dont want your users to be affected until the free expiration, you can optionally order expedited express delisting if offered, which is charged a total of per ASN and we strongly recommend that you collect these charge from your abusers.

They also provide another way: if you go to https://www.uceprotect.net/en/rblcheck.php and type you mail server IP, you will see a nice red message:

This IP is NOT registered at ips.whitelisted.org. More Information about whitelisted.org can be found here.

As I see, you can go to http://www.whitelisted.org/ and register you IP for 25CHF/month.

I havent tried it, and yes, I see how nice is this business model (you are marked as a spammer, until you pay them), but if its a critical service for you, you may consider to pay.

UCEprotect is a pay-per-delist kind of service and hence many vendors wont consider UCEprotect as a genuine spam filter. Please read these articles which will provide good information about why we should not consider UCEprotect blacklisting seriously.

https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security

https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

If the emails are getting rejected, most possibly it is due to a different reason and You can identify that reason through an email delivery report.

we accepted information and IP of here spam , support team remove blacklist IP please

We are on UCEPROTECT-Level 3 as well with out servers.

This is very disturbing

In fact Digital Ocean is on 5th (!!!) place of all the ISPs for spam:

http://www.uceprotect.net/en/l3charts.php

This is still an issue for large blocks of Digital Ocean IP address space and it has not been fixed. UCEPROTECTL3 doesnt even seem to be a real UBE blacklist or even a legitimate organization. They list (on their website which looks like it was created in 1995 & doesnt ) that you have to PAY to have your remove an IP and PER IP address. That sure sounds like extortion to me.

Encountered the same problem, with us it was a problem with the PTR record. Make sure the Droplet or Kubernete name is resolvable through the DNS records such as myserver.mydomain.com to make sure it resolves.

Same problem here. This could be an absolute mess. My clients could have the same issue of getting their business-mails going to spamfolder only because we routed the A-Records to the corresponding droplets dealbreaker.

It is clearly the fault of UCEPROTECTL3 and anyone who chooses to use their poor service, not DO. The responsibility for the blacklistings lie solely with the reciever, not the sender.

We have the droplet with our ip in blacklist UCEPROTECTL3.

It is the second account in our organization that is affected by this same problem and we do not generate spam mail.

According to what DO says is that they have no way to solve the problem because it is something caused by having used the service to send emails. Your best solution is to create a new droplet. We have tried countless times starting from a snapshot but the IP assigned to the new droplet is on more black lists than our current project.

Now who can help us?

Same issue here! Will DO help us solve this, or do we need to move

The response we received from digital ocean is unacceptable.

We need your help with this issue. It is well known that it is not advisable to misuse mail, but when we are blacklisted due to a block originated by a malicious person who is in the same block, it is unfair.

Please help.

Here is an answer from a blacklist provider on a similar issue.

we are one of the blacklist providers that listed almost all DigitalOcean IP addresses. The reason is not any malware traffic or spam mails since this happens to all providers. We listed DOs networks because they do not care about or handle abuse reports.

Would really like Digital Ocean to do something about this ISP level block list, like possibly delisting the whole IP range by paying the 449CHF fee charged by the block-list maintainer.

I have an innocent/valid Mail IP address in DOs blacklisted range.

I havent been able to send email to Microsoft accounts since last friday.

DOs response to the issue is frankly unacceptable.

UCEPROTECTL3 looks unprofessional and more like a scam, they want to charge to whitelist you even knowing youre not a spammer, instead of allowing to verify your IP. I have no idea why Microsoft uses that list.

Its frustrating that all of this is affecting my business.

Wow. Just found this out today after diagnosing some odd deliverability problems with one of my customers. Ive been with DigitalOcean since my 2010 college startup days, but I guess Im moving to AWS. Looks like AWS Lightsail was created specifically for people jumping ship from DigitalOcean. Im also looking at possibly swapping droplets for EC2 instances.

So only solution is to move all our email servers out of DO? Seriously?

How come a provider can blacklist a whole range of IP addresses, just because some of them are spammers? And then demand money to mark you as safe

Both DO an UCEPROTECT should work this out

The same problem, DO refuses to do anything. Time to pack bags and leave.
UCEPROTECT is global scam, their operation model is blackmail. They ask for money to be removed but wont give any other info. My IP is not listed but DOs full subnet is, so

DigitalOcean is not a dedicated email host and does not have a postmaster to maintain our IP reputation. As a result, some DigitalOcean IP ranges are blacklisted. We do not recommend sending mail from our platform directly and we will not request delisting. We will not prevent you from sending mail, but you will be at the mercy of the IP reputation if you choose to do so. Here are some possible workarounds if you choose this route:

The problem is with receiving mail servers in some cases. If you do not send email from DO and instead use a relay service, there is absolutely no reason to be checking the DNS A record of the domain against a blacklist.

Use SPF, DKIM and anything else you can to improve deliverability and if you are responsible for spam filtering, check the IP the actual message came from.

Does someone has tried this link to unlock a specific IP? http://www.whitelisted.org/

Digital Ocean team:

As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP xxx.xxx.xxx.xxx was NOT part of abusive action, but you are the one that has freely chosen your provider.
By tolerating or ignoring that your provider doesnt care about abusers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldnt wonder about the consequences.

Please help us clients or we have to leave

I too must implore Digital Ocean to take repsonsibility for affecting the mail flow of customers whose website IPs were blacklisted through no fault of their own. Again we werent running a mail server in the droplet, just a website with a cgi form that forwards to a mail server. One DO IP address in our SPF record is enough to put us on the UCEProtect level 3 list and create bounces.

Users can only infer from this that DO has a laissez-faire attitude toward spam, which has increased despite the current clampdown during the Exchange vulerability exploit window.

When the only action the customer can take to fix this issue is leave the service for a different host with a better spam reputation in its IP ranges, that is a crisis in confidence and an indictment of DOs failure to remediate the problem.

Sure, many of us find UCEPROTECT to be overly zealous and avaricious, but they have a LOT of power. If Digital Ocean doesnt want to admit that this company can render their Service nearly unuseable by putting it on a level 3 blacklist, then maybe they should stop pretending that they have no responsibility for hosting known spammers with no consequences to the rest of us, then maybe they should get out of the hosting biz and advertise the Service for people who dont send mail at all through their DO-hosted domains.

Yes DO, should take a more meaningful stance against this, instead of saying they dont recommend people running mails servers on their service and that they wont broker with any blocklist. Weve been hosting zimbra mail servers on DO, for the past 5 years, never really had an issue. I do understand the UCEPROTECTL3 is a blacklist troll, but its highly affecting their client base. Have around 12 Droplets and 2 Database clusters that currently run on DO, thinking about moving everything onto AWS due to DOs lack of response.

Really? Nothing yet? Wtf This is nuts.

Goodbye DO. You guys are way too abnormal and unresponsive.
I dunno which is worse, the guys trying to get money from blocking DO or DO just ignoring the clients and taking their money.

Go figure

I just submitted a ticket for the same problem.
.
In my opinion, the approach is wrong.
Accusing all the owners of an entire range of ip addresses is illegal.
.
uceprotect refers me to www.whitelisted.org
where I can whitelist my IP address for only 25 CHF per month.
.
This is a criminal extortion scheme. The organization behind this is a criminal organization. I have asked in my thicket that DO will take legal action. Criminal charges must be brought to this organization. And in my opinion, DO should take them to court and demand a huge amount of money for the damage they have done.
.
Question is, what we can do. I am thinking about filing a complaint with the police. But with this kind of criminal activities it is hard to find the right police station. Any suggestions?

Sad thing yes. Gotta move some machines out of Digitalocean. Same thing happening to me.

In my case, web server is on Digitalocean, mail is on another provider. But still, the domain is blacklisted because of the digitalocean IP that is on the web server, which is hosted here.

We do not send email from DigitalOcean, we use an external provider for that, but as of today a number of our client cannot receive our email because our mx record for incoming email references a DigitalOcean IP address. So, not only can we not send email through DigitalOcean we should no longer receive email through DigitalOcean in order to avoid the UCEPROTECT3 blacklist.

I cannot tell clients not to use UCEPROTECT3, even though I question its value given that UCEPROTECT3 is willing to let me pay to not be on their blacklist.

I can find a way to fix this moving my inbound email processing to another hosting environment, but my frustration here is that this situation supports an ongoing battle with clients thinking our SaaS solution is somehow less professional because we are hosted on DigitalOcean. I like DigitalOcean a lot, but we really need their help in situations like this. Is hosting spammers more important that hosting legitimate SaaS solutions?

ya found this problem today. when a company rejected my job application because my email went to spam. any fix?

Same here. Very happy for years and now it seems I am obliged to move.
Very disappointing and unprofessional.

Digital Ocean is getting useless because of a dubious blacklisting company, and they do not do something against them? And why is using Microsoft and others this blacklisting scam? UCEPROTECT is the real spammer. They can exactly find out the IPs sending spam emails, why do they block a whole range? This is a fraud. Moving from DO does not help much, as also other ISP are blacklisted in the same way. Blocking UCEPROTECT forever, this will help.

I have a hosting business and it is at risk because companies like GlockApps, Mailook, MxToolBox (they do allow to ignore), and others, STILL consider RBL UCEPROTECT.

BUTfor all of us that are in pain here in this post, there is HOPE!! Look at what Marc Kranat (Sucuri Enterprise Firewall Supervisor) has to say: That being said, I strongly encourage website owners to ignore realtime blackhole listings where payment for removal is required. Many companies have already blocked the UCEPROTECT server globally, as they are renowned for their shady tactics and false positives.

Source (Sucuri Blog, Feb 12th, 2021): https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

PLEASE SHARE and DEMAND your provider to STOP considering RBL UCEPROTECT, thank you!

Same for me too. Any good news on this?
It seems DO doesnt really care.
Alternatively, can anyone knows a similar hosting service (except AWS) which acceptable like DO was? I really have to think about moving as this issue makes totally pointless using DO just like for everyone.

I have my droplet nowadays mainly as an email server actually. It had been working flawlessly for years, but a few days ago Gmail started refusing emails from my server. I have tried to fix it by adding DKIM and this and that and whatnot and in the end Ive got a excellent rating in all reputation services I have submitted it too except for the IP being in that blacklist.

This is a total deal breaker for me, so if its not fixed soon, which it seems it wont be, Ill be moving to a different place as soon as I have some spare time to do the migration.

The real problem here is UCEPROTECT running an extortion scam. There are no reason to block an entire range in this day and age of cloud computing, other than to get payed easily. People should stop respecting UCEPROTECT entirely and problem will be gone.

Hello all,

Mail providers should not check against UCEPROTECTs blacklist database and even if the IP address is listed there you should not have any issues with the mail delivery. The third-party will also charge for the IP removal from their site.

If you have any bounce back messages you can paste them here so we can check them. You can also reach out to our amazing support team and they can assist you as well.

Hope that this helps!
Regards,
Alex

This is one of the worst blacklist on the net. There are more and more like this one every year.
Unsupervised automatic blind systems like this junk are multiplicating over the net and even Microsoft is giving away its spam confidence to companies like these that are completely not understanding the harm they are doing to rightful companies.
EMail is a dying technology that Microsoft, Google, Yahoo and many others are slowly killing willingly.