You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by n....@gmail.com on 2010/04/22 14:53:41 UTC
UCEPROTECT
Hi All,
For reference the SORBS issue is still ongoing, my ISP (BT) is working
hard to resolve it.
I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
They seem to have taken entire netblocks and are demanding 20Euro's
per year to remove individual IP's
Does anyone have any information about this and in particular any law
enforcement involvement since this smacks of extortion to me.
TIA
Nigel
Re: UCEPROTECT
Posted by Per Jessen <pe...@computer.org>.
Michelle Konzack wrote:
> Hello Per,
>
> Am 2010-04-23 19:48:14, hacktest Du folgendes herunter:
>> It sounds like all you need to do is report them to the German
>> authorities. You know who they are, and you know that they are
>> spamming you, and you care about that - what else do you need? If
>> you can't be bothered with the police, tell the press.
>
> I was already thinking to write an article for "Spiegel Online" in
> the section "Netzwelt"...
You probably wouldn't even need to do that - it sounds like a juicy
story, especially if uceprotect is somehow in the mix, so any tech
journalist ought to be interested.
/Per Jessen, Zürich
Re: UCEPROTECT
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Per,
Am 2010-04-23 19:48:14, hacktest Du folgendes herunter:
> It sounds like all you need to do is report them to the German
> authorities. You know who they are, and you know that they are spamming
> you, and you care about that - what else do you need? If you can't be
> bothered with the police, tell the press.
I was already thinking to write an article for "Spiegel Online" in the
section "Netzwelt"... And if I see, how many spams I get from Microsoft
domains, Yahoo, Google and Co... and can not get them because the have
a very nice lobby created to protect them...
Geting 140 GByte spam per day is not realy funny... Exspecialy if the
customers want it, to get to check for false positives.
Oh, I pay 25 Euro per MBit bandwidth consumed, which mean 1MBit = ~320GB
per month = in total 4250 GByte = 330 Euro/month for receiving spam.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems@tdnet France itsystems@tdnet UG (haftungsbeschränkt)
Gesch. Michelle Konzack Gesch. Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle@jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: UCEPROTECT
Posted by Per Jessen <pe...@computer.org>.
Michelle Konzack wrote:
> My legitim server is also blocked and I can not reach more then
> 20 customers and manufacturers du to this problem.
>
> Some of them have already stoped using UCEPROTECT and I assume, you
> know WHO owns ths enterprise...
>
> I am spamed (more then 200.000 per month) by the owners of this
> Enterprise and even can not complain, because ANY mails to them are
> blocked.
>
> I am considering a lawsuite against the owners of UCEPROTECT.
It sounds like all you need to do is report them to the German
authorities. You know who they are, and you know that they are spamming
you, and you care about that - what else do you need? If you can't be
bothered with the police, tell the press.
/Per Jessen, Zürich
Re: UCEPROTECT
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hello Nigel,
Am 2010-04-22 13:53:41, hacktest Du folgendes herunter:
> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>
> They seem to have taken entire netblocks and are demanding 20Euro's
> per year to remove individual IP's
>
> Does anyone have any information about this and in particular any law
> enforcement involvement since this smacks of extortion to me.
My legitim server is also blocked and I can not reach more then 20
customers and manufacturers du to this problem.
Some of them have already stoped using UCEPROTECT and I assume, you know
WHO owns ths enterprise...
I am spamed (more then 200.000 per month) by the owners of this Enter-
prise and even can not complain, because ANY mails to them are blocked.
I am considering a lawsuite against the owners of UCEPROTECT.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems@tdnet France itsystems@tdnet UG (haftungsbeschränkt)
Gesch. Michelle Konzack Gesch. Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle@jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Re: UCEPROTECT
Posted by Ron Smith <po...@pmbx.net>.
UCProtect and backscatterrer.org are BOTH doing this. In my opinion they even could well be controlled by spammers and taking money on both ends of the this. I personally feel abused by them since they appear to be stroking their lists simply to make money.
Ron Smith
postmaster@pmbx.net
"Having an email problem is painful, but character-building."
On Apr 22, 2010, at 8:53 AM, n.frankcom@gmail.com wrote:
> Hi All,
>
> For reference the SORBS issue is still ongoing, my ISP (BT) is working
> hard to resolve it.
>
> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>
> They seem to have taken entire netblocks and are demanding 20Euro's
> per year to remove individual IP's
>
> Does anyone have any information about this and in particular any law
> enforcement involvement since this smacks of extortion to me.
>
> TIA
>
> Nigel
Re: UCEPROTECT
Posted by n....@gmail.com.
On Thu, 22 Apr 2010 10:44:53 -0400, Jared Hall <jh...@tbi.net> wrote:
>Nigel,
>
>It takes two to tango.
>
>1) If your recipient's Email server didn't use UCEPROTECT, you would not
>be having this issue.
>2) If your recipient's ISP ran their own local cached copy of the UCEPROTECT
>zone file(s), they could simply remove your IP address.
>3) If your recipient's ISP ran a local DNS Whitelist, they could simply add
>your IP address and you would be fine.
>4) If you run your mail operations off a dynamic IP address, that is just
>poor system administration.
>5) If the recipient's ISP doesn't have any control over blocking
>capability, they shouldn't be in the mail server business. Anybody using
>some externally controlled service, without local override capabilities,
>can expect Email delivery problems forever.
>6) If YOU used a decent ISP that gave a crap about you, you would not be
>having this problem.
>
>
>In terms of extortion, I don't see any liability whatever.
>Level 1 addresses auto-expire. If you want that expedited, you pay.
>Sounds fair to me.
>
>Level 2 and Level 3 addresses require intervention by the sender's ISP.
>A fee is charged, presumably to cover the cost of scanning netblocks to
>verify the problem has been resolved. Not altogether an easy thing to do,
>and a MAJOR cost factor, as also indicated at SORBS. Problems exists
>elsewhere, as well. RFC-Ignorant listings come to mind.
>
>Nobody is forced to use UCEPROTECT. For those that do, see 2,3, and 5
>above. Solutions abound. In your case, item 6 seems most appropriate.
>
>
>Jared Hall
>
>
>
>
>
>n.frankcom@gmail.com wrote:
>> Hi All,
>>
>> For reference the SORBS issue is still ongoing, my ISP (BT) is working
>> hard to resolve it.
>>
>> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>>
>> They seem to have taken entire netblocks and are demanding 20Euro's
>> per year to remove individual IP's
>>
>> Does anyone have any information about this and in particular any law
>> enforcement involvement since this smacks of extortion to me.
>>
>> TIA
>>
>> Nigel
Your points are taken and I agree ISP's could do more. But in terms of
payment for removal I don't see why that should happen. CBL seem to
cope well without it.
I agree anyone running off a dynamic IP has no business doing so,
however, the definition of a dynamic IP is a blurred one, this is an
issue I'm having to deal with currently.
In BT's defence, they do appear to be doing all they can. Sadly in
true large organisation fashion those that used to deal with these
issues are no longer there and the replacements don't know what their
full remit is. This is an issue I'm working with BT on now so that
their customers won't get as badly affected as they are currently. IMO
yelling at them solves little, working with them to resolve the
problem is a much better option.
In the years I've used BT as my ISP I've had issues certainly, but the
same can be said for any ISP. To date BT have resolved all of mine.
Thanks for your thoughts though. They do make some sense and have
given me a better idea of how UC operate. I still don't agree with
their operating procedures but I guess that's my issue.
Kind regards
Nigel
Re: UCEPROTECT
Posted by Per Jessen <pe...@computer.org>.
Mariusz Kruk wrote:
> First of all - anyone is free to use anything for policing their SMTP
> servers as long as he does it conforming to relevant RFC's.
Anyone is free to use anything for policing their SMTP servers, period.
> Been there, done that, got blacklisted for one mail. That's just plain
> wrong. I can understand low listing thresholds in case of deliberately
> set up spamtraps for which you feed address to harvesters by putting
> it on web pages or sending to usenet. But single mail to non-existent
> mailbox? Ridiculuous.
Yes, that doesn't sound right at all. Sending an email to one of my
spamtraps will get you listed immediately though.
/Per Jessen, Zürich
Re: UCEPROTECT
Posted by Mariusz Kruk <Ma...@epsilon.eu.org>.
On Thursday, 22 of April 2010, Jared Hall wrote:
> It takes two to tango.
But takes just one to spoil the fun. Trust me, I do ballroom dancing :-)
> 1) If your recipient's Email server didn't use UCEPROTECT, you would not
> In terms of extortion, I don't see any liability whatever.
> Level 1 addresses auto-expire. If you want that expedited, you pay.
> Sounds fair to me.
>
> Level 2 and Level 3 addresses require intervention by the sender's ISP.
> A fee is charged, presumably to cover the cost of scanning netblocks to
> verify the problem has been resolved. Not altogether an easy thing to do,
> and a MAJOR cost factor, as also indicated at SORBS. Problems exists
> elsewhere, as well. RFC-Ignorant listings come to mind.
>
> Nobody is forced to use UCEPROTECT. For those that do, see 2,3, and 5
> above. Solutions abound. In your case, item 6 seems most appropriate.
This is only part of the truth.
First of all - anyone is free to use anything for policing their SMTP servers
as long as he does it conforming to relevant RFC's. But anyone is free to have
his own views on that so I'm just stating my point of view.
First of all again ;-), UCEPROTECT adds IP's to their blacklists for as much
as one (I repeat - one, single) mail sent to, for example, non-existing
mailbox. (Mr. I-don't-make-typos-in-addresses anyone?). Been there, done that,
got blacklisted for one mail. That's just plain wrong. I can understand low
listing thresholds in case of deliberately set up spamtraps for which you feed
address to harvesters by putting it on web pages or sending to usenet. But
single mail to non-existent mailbox? Ridiculuous.
Secondly - they claim they don't manualy interfere with the listing and thus
the auto-expire. But if you ever express your disgust about how you've been
treated (like I did on NANAE), you're immediately getting the express-delist
option manually revoked. So much for no manual tampering with the lists.
Thirdly - Claus von Wolfhausen - the person who claims to be a Technical
Director of UCEPROTECT-network. You just can't argue with him. He just knows
better and you're a freaking spammer. Burn in hell, die die die!!! Sorry, but
you'd expect something more from a "Technical Director". Something a bit more
grown-up.
Fourthly - as Mr. Wolfhausen confirmed himself on NANAE - they don't have a
normal administrative stuff. Instead they have a bunch of students who race to
be the first one to delist if you make a payment because the one that does it
gets his share of the money. Very professional organization indeed.
Fifthly - They don't give a damn about how the network is really organized.
They just blacklist whole wide ranges (/14 in case of my network) regardless
of how the range is divided. (in my case there are many different networks in
that /14 segment, of which I own a /29 with my own whois entry and all - easy
distinguishable from the rest of the net).
Sixtly - Sometimes you just don't have a choice, you must use the only ISP in
your area. Even if you have your own own range and you're easily
distinguishable from the background noise, they don't care. They won't
whitelist you just because you're the good guy. No, they can whitelist you if
you give them money.
Therefore I advocate strongly against any use of UCEPROTECT. It's not
reliable, gives many false positives and looks like a scheme deliberately set
up to list wide ranges of IP's so that some people pay to get
delisted/whitelisted. Just as spammers send huge quantities of spam in hope
that some of them are profitable. It's the same mechanism just implemented
differently.
--
/\-\/\-\/\-\/\-\/\-\/\-\/\
\ Kruk@epsilon.eu.org /
/ http://epsilon.eu.org/ \
\/-/\/-/\/-/\/-/\/-/\/-/\/
Re: UCEPROTECT
Posted by Jared Hall <jh...@tbi.net>.
Nigel,
It takes two to tango.
1) If your recipient's Email server didn't use UCEPROTECT, you would not
be having this issue.
2) If your recipient's ISP ran their own local cached copy of the UCEPROTECT
zone file(s), they could simply remove your IP address.
3) If your recipient's ISP ran a local DNS Whitelist, they could simply add
your IP address and you would be fine.
4) If you run your mail operations off a dynamic IP address, that is just
poor system administration.
5) If the recipient's ISP doesn't have any control over blocking
capability, they shouldn't be in the mail server business. Anybody using
some externally controlled service, without local override capabilities,
can expect Email delivery problems forever.
6) If YOU used a decent ISP that gave a crap about you, you would not be
having this problem.
In terms of extortion, I don't see any liability whatever.
Level 1 addresses auto-expire. If you want that expedited, you pay.
Sounds fair to me.
Level 2 and Level 3 addresses require intervention by the sender's ISP.
A fee is charged, presumably to cover the cost of scanning netblocks to
verify the problem has been resolved. Not altogether an easy thing to do,
and a MAJOR cost factor, as also indicated at SORBS. Problems exists
elsewhere, as well. RFC-Ignorant listings come to mind.
Nobody is forced to use UCEPROTECT. For those that do, see 2,3, and 5
above. Solutions abound. In your case, item 6 seems most appropriate.
Jared Hall
n.frankcom@gmail.com wrote:
> Hi All,
>
> For reference the SORBS issue is still ongoing, my ISP (BT) is working
> hard to resolve it.
>
> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>
> They seem to have taken entire netblocks and are demanding 20Euro's
> per year to remove individual IP's
>
> Does anyone have any information about this and in particular any law
> enforcement involvement since this smacks of extortion to me.
>
> TIA
>
> Nigel
>
>
Re: UCEPROTECT
Posted by Per Jessen <pe...@computer.org>.
corpus.defero wrote:
> Uceprotect has some strange listing policies that have been questioned
> numerous times. But the crux of it is this, the people who use
> UCEProtect are well aware of it - and it's not widely used. Personally
> it's one of those lists I don't trust to block at an SMTP level, but
> will include a score shifter on a hit.
Same here. Wrt how widely UCEPROTECT is used, I'm not so sure. Any list
that pops up in discussion every so often must be used quite a bit.
After all, if nobody used it, no discussion.
/Per Jessen, Zürich
Re: UCEPROTECT
Posted by "corpus.defero" <co...@idnet.com>.
On Thu, 2010-04-22 at 13:53 +0100, n.frankcom@gmail.com wrote:
> Hi All,
>
> For reference the SORBS issue is still ongoing, my ISP (BT) is working
> hard to resolve it.
>
> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>
> They seem to have taken entire netblocks and are demanding 20Euro's
> per year to remove individual IP's
>
> Does anyone have any information about this and in particular any law
> enforcement involvement since this smacks of extortion to me.
>
> TIA
>
> Nigel
Uceprotect has some strange listing policies that have been questioned
numerous times. But the crux of it is this, the people who use
UCEProtect are well aware of it - and it's not widely used. Personally
it's one of those lists I don't trust to block at an SMTP level, but
will include a score shifter on a hit.
Listen Nigel, your main issue here is not SORBS or UCEProtect, but your
ISP. BT are - quite simply - pants. They are tardy, lazy and poor at
dealing with issues like this. If you don't want this hassle change
providers - or put up with the fallout that comes from using BT.
Honestly, it's probably the best advice you'll ever get. It's a few days
down the road since you came here and mentioned this issue and your
provider has still not dealt with it. That would be 'MAC CODE - GOODBYE'
in my book.
Re: UCEPROTECT
Posted by Per Jessen <pe...@computer.org>.
Matus UHLAR - fantomas wrote:
> On 22.04.10 13:53, n.frankcom@gmail.com wrote:
>> For reference the SORBS issue is still ongoing, my ISP (BT) is
>> working hard to resolve it.
>>
>> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>>
>> They seem to have taken entire netblocks and are demanding 20Euro's
>> per year to remove individual IP's
>
> UCEPROTECT has three levels of listing, from single IP (L1) to whole
> autonomous system (L3). L2 lists /24 and above (allocated) range.
> L2 and L3 are escalations based on % of spamming (L1-listed) IPs.
> While L2 and L3 should not be used at SMTP time, some people do it.
Which should really only be causing them more trouble than it is worth.
>> Does anyone have any information about this and in particular any law
>> enforcement involvement since this smacks of extortion to me.
>
> I guess it's quite hard to enforce a law here. Maybe if you'd prove
> that they provide false/fake informations, and they somehow advise
> people to block acording to that false informations.
Anyone is free to take them to court (e.g. ask for an injunction).
/Per Jessen, Zürich
Re: UCEPROTECT
Posted by Mariusz Kruk <Ma...@epsilon.eu.org>.
On Friday, 23 of April 2010, Per Jessen wrote:
> > Not to mention that they never provide any proof of any
> > abuse which is supposed to have caused the listing.
>
> Surely that is not unusual - do any of the many list providers provide
> such proof??
Honestly - I have no idea since I had not been listed in any DNSBL except RFC-
ignorant I knew of before. Rfc-ignorant was self explanatory since I made a
stupid typo in zone configuration.
I've received reports of spam on one of my servers and reacted on that,
so I there was no listing anywhere. But that's clearly not UCEPROTECT's
policy.
--
Kruk@ -\ |
}-> epsilon.eu.org |
http:// -/ |
|
Re: UCEPROTECT
Posted by Per Jessen <pe...@computer.org>.
Mariusz Kruk wrote:
> Not to mention that they never provide any proof of any
> abuse which is supposed to have caused the listing.
Surely that is not unusual - do any of the many list providers provide
such proof??
/Per Jessen, Zürich
Re: UCEPROTECT
Posted by Mariusz Kruk <Ma...@epsilon.eu.org>.
On Friday, 23 of April 2010, n.frankcom@gmail.com wrote:
> >> But I wouldn't count on that, and I think that if you have spammed,
> >> they'd have proof against you...
> >
> >Well... There is no way to contact them if you're listed. Even if it's not
> >level1. Not to mention that they never provide any proof of any abuse
> > which is supposed to have caused the listing.
>
> A bit of a catch 22 situation. How to know why you are in a list if
> nobody has reported abuse to you. For myself, every outgoing email
> from our mailserver has a URL embedded in the header from which abuse
> can be reported.
Whois record shows contact info. And usually abuse mailbox. But
UCEPROTECT is not interested in reporting. They are interested in
listing so maybe someone pays them.
Reporting could lead to actually solving the problems. Listing leads
only to demanding money.
--
Kruk@ -\ |
}-> epsilon.eu.org |
http:// -/ |
|
Re: UCEPROTECT
Posted by n....@gmail.com.
On Fri, 23 Apr 2010 12:58:02 +0200, Mariusz Kruk
<Ma...@epsilon.eu.org> wrote:
>On Friday, 23 of April 2010, Matus UHLAR - fantomas wrote:
>> This is now what ISPs should do - enforce no-spam policies, apparently
>> including blocking outgoing SMTP for non-MTAs. We (at my employer) are
>> doing this now, even because of UCEPROTECT but also because of different
>> reasons.
>
>Of course. But that's kinda ortogonal to the whole UCEPROTECT issue.
>
>> But I wouldn't count on that, and I think that if you have spammed, they'd
>> have proof against you...
>
>Well... There is no way to contact them if you're listed. Even if it's not
>level1. Not to mention that they never provide any proof of any abuse which is
>supposed to have caused the listing.
A bit of a catch 22 situation. How to know why you are in a list if
nobody has reported abuse to you. For myself, every outgoing email
from our mailserver has a URL embedded in the header from which abuse
can be reported.
I can't speak for others, but for our networks those reports are acted
on immediately.
Nigel
Re: UCEPROTECT
Posted by Mariusz Kruk <Ma...@epsilon.eu.org>.
On Friday, 23 of April 2010, Matus UHLAR - fantomas wrote:
> This is now what ISPs should do - enforce no-spam policies, apparently
> including blocking outgoing SMTP for non-MTAs. We (at my employer) are
> doing this now, even because of UCEPROTECT but also because of different
> reasons.
Of course. But that's kinda ortogonal to the whole UCEPROTECT issue.
> But I wouldn't count on that, and I think that if you have spammed, they'd
> have proof against you...
Well... There is no way to contact them if you're listed. Even if it's not
level1. Not to mention that they never provide any proof of any abuse which is
supposed to have caused the listing.
--
/\-\/\-\/\-\/\-\/\-\/\-\/\
\ Kruk@epsilon.eu.org /
/ http://epsilon.eu.org/ \
\/-/\/-/\/-/\/-/\/-/\/-/\/
Re: UCEPROTECT
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 22.04.10 13:53, n.frankcom@gmail.com wrote:
> For reference the SORBS issue is still ongoing, my ISP (BT) is working
> hard to resolve it.
>
> I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
>
> They seem to have taken entire netblocks and are demanding 20Euro's
> per year to remove individual IP's
UCEPROTECT has three levels of listing, from single IP (L1) to whole
autonomous system (L3). L2 lists /24 and above (allocated) range.
L2 and L3 are escalations based on % of spamming (L1-listed) IPs.
While L2 and L3 should not be used at SMTP time, some people do it.
However, they offer quick delisting if the problem disappeared, otherwise
they delist after 7 days (L1) and after problem disappears (L2/L3).
This is now what ISPs should do - enforce no-spam policies, apparently
including blocking outgoing SMTP for non-MTAs. We (at my employer) are doing
this now, even because of UCEPROTECT but also because of different reasons.
> Does anyone have any information about this and in particular any law
> enforcement involvement since this smacks of extortion to me.
I guess it's quite hard to enforce a law here.
Maybe if you'd prove that they provide false/fake informations, and they
somehow advise people to block acording to that false informations.
But I wouldn't count on that, and I think that if you have spammed, they'd
have proof against you...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm