View all posts
UCEPROTECT Real-Time Blacklist (RBL)
QuickHostUK receives many questions about the reliability of UCEPROTECT.
Here are some more details to help address any concerns as quickly as possible.
Background
Let’s start with the basics. Every internet-enabled device needs an IP address to get online. Every single IP address belongs to a larger range or network or subnet of IPs. Every subnet is routed using Autonomous System Numbers (ASNs). AS numbers are used to exchange routing information with other Internet Service Providers (ISPs). This is how many networks talk to each other to make the ‘Internet’ work.
Most data centres will have many, many ranges of IPs to provide to their customers.
Here is a basic example to help visualise the setup:
Ordinarily, if a website or mail account got hacked, or was actually being used by a spammer, the IP address of the sending user or device would get blacklisted. In extreme cases, the entire IP range might get listed. Then, anyone using a blacklist as a part of their antispam solution would be protected and not receive any mail from that sending IP.
How does UCEPROTECTL work?
By contrast, UCEPROTECTL will often block entire AS numbers and/or entire ranges of IPs, rather than the single offending IP.
As an example, as per the above visualisation, if user-2 on IP 1.1.1.3 knowingly or unknowingly sent spam, then AS 123 got listed, this would flag all 256 user IPs in each range 1.1.1.0, 2.2.2.0, and 3.3.3.0 and cause every single and unrelated customer to appear on the black list.
As you may or may not agree, this is extremely disruptive for all of the other customers that had nothing to do with the spam source. Furthermore, UCEPROTECTL requires payments and/or donations to delist them.
For this reason, the UCEPROTECTL blacklist is considered by many to be a form of blackmail, extortion, or a pay gate, as this goes against the very essence of a blacklist and a free and open Internet.
Currently, we are not aware of any companies actually using UCEPROTECTL to block mail, so this should not affect your email delivery at all. But it will flag up in some Blacklist Checkers.
If you do find that your IP is showing as LISTED in UCEPROTECT on a Blacklist Checker, such as MxToolbox, then the first thing you should do is search your IP in UCEPROTECT directly.
Check your IP
You can use this direct link to check your IP: https://www.uceprotect.net/en/rblcheck.php
In this example, we can see;
- The user’s IP is in fact NOT LISTED
- The /24 network (256 IPs) that the user’s IP belongs to is NOT LISTED
- The AS number where all the IPs are routed is LISTED
Bounce Backs
If you are receiving bounce back messages, you should read the message for the reason.
Here is an example:
Error Type: SMTP Remote server (104.47.73.161) issued an error.
hMailServer sent: MAIL FROM:<user@sender.com> Remote server replied:
550 5.7.1 Unfortunately, messages from [1.2.3.4] weren't sent.
Please contact your Internet service provider since part of their network is on our block list (S3140).
You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [MW2NAM04FT024.eop-NAM04.prod.protection.outlook.com]So as we can see here, the message was rejected as part of the senders IP network is on the Microsoft (live.com, hotmail.com, outlook.com) block list. This is completely unrelated to UCEPROTECTL. To resolve this issue, you should contact your ISP/Hosting Provider so they can request a delisting.
Summary
In the examples above, we can see that the AS was listed. However, the IP itself was not listed. Also, the wider network or IP range that the IP belongs to was not listed. This will potentially flag thousands of IPs, all of which are completely unrelated to the spam source that was reported.
You can safely ignore the UCEPROTECTL listing unless you see it printed in a bounce back, which is very unlikely.
Related Articles...
