Outgoing Mail Rejected By UCEProtect - Level 3 FAQs
UCEProtect, a Real-time Blackhole List (RBL) service*, has recently added a wide range of our IP addresses to its Level 3 blacklist as it detected three of our IP addresses “impacting” in a short period of time.
*A Real-time Blackhole List (RBL) is a system to easily identify servers that have a reputation of sending spam. An RBL provides access to a list of 'Blacklisted' IPs that an email filter can reference when checking whether to accept an email. A spam filter will often reference several RBLs as part of these checks.
What is UCEProtect?UCEProtect is a DNS block list service consisting of three block lists that block either a single IP (dnsbl-1 Level 1), a subnet (dnsbl-2 Level 2), or an ASN** (dnsbl-3 Level 3).
Level 1 - a single IP listing. These are the IPs that are sending mail to the UCEProtect spamtraps.
Level 2 - is per allocation. They’re not completely transparent about how they determine allocation.
Level 3 - automatically lists all IPs assigned to an Autonomous System** as soon as its SPAMSCORE is 50 or higher, and (to avoid mini providers being listed because of 1 or 2 spammers) at least 50 “impacts” of IPs which are assigned to the AS number have been listed in level 1 in the last 7 days. Definition of “impact” is yet to be determined.
**An Autonomous System is a group of IP networks operated by one or more network operator(s) that has a single and clearly defined external routing policy. Some examples of Autonomous Systems are Google or Telstra.
How are our customers affected?Customers may be affected if they use our hosting services to send emails from a server using one of our IP addresses to a destination which uses the UCEProtect blacklisting Level 2/3 RBL. If the server IP is listed in the range specified by the RBL, normal emails may be falsely identified as spam.
Does this affect everyone?Traditional email services can be impacted by these types of issues, however cloud based mail providers offer a lot more flexibility with regards to mail delivery and may not be affected.
What have we done?As soon as we were made aware of this, we identified and suspended the customer services responsible for the blacklisting.
Do we have a permanent solution?There is no permanent solution to this. As UCEProtect does not clearly mention the criteria for blacklisting an IP address, based on the limited information that we have, we are continuing to investigate our services for any further “impact”.
We are of the same opinion as other businesses, that UCEProtectL3 is overly aggressive in the way it escalates a small number of problem IPs into a wider issue which potentially affects good IP addresses.