11

Has anyone else seen a HUGE rise in the number of hosts being listed in UCEPROTECT uceprotect[.]net blacklist? I've had hosts in the last few months on a variety of major cloud providers that don't send email at all and are listed in this extortion like 'blacklist.' When I review the rest of the network block(s) it seems UCEPROTECT has simply listed the whole network indiscriminately.

Making matters worse they don't have a fair policy for removal. They require you PAY to get removed, even though you never sent a single spam message. Worse yet, payment is continual and not a one time thing. So even if you never sent spam this 'service' wants ongoing payment. Seems like an extortion scam less than a 'blacklist' service.

Anyone else seen this malarkey?

secops1
  • 113
  • 4
  • 2
    Yeah, it's a scam. Unless your email deliverability is actually being affected, I wouldn't get too worked up over it. – joeqwerty Feb 14 '21 at 20:05
  • 2
    100% agree that UCEPROTECT is scamy in nature. – secops1 Feb 16 '21 at 15:20
  • @joeqwerty nowadays Microsoft hotmail and possibly even Gmail do trust that list, so this scammer is making a good penny just by adding people to his black list effectively blocking them from being able to send email to Gmail or Hotmail that may account for 90% of the email address in use nowadays. – Fran Marzoa Jun 24 '21 at 06:46
  • If this is a pro big business thing that is aligned with IOT to take down all small business online - there is no response needed. I already know the internet is communist - WE HAVE THE RIGHT TO EXIST Report this company to IC3.gov for fraud, extortion and blackmail. – V Jean Smith Apr 18 '22 at 21:32

3 Answers3

10

Yep. A complete scam. Do NOT send them any money. Just purchase a non-blacklisted IP and you're good. If you send them money for their "whitelisting service" you're supporting them to extort innocent people.

And if you run an email service, please do not include them in the spam filter

guest
  • 116
  • 1
  • 3
5

Recently they are changing policy to be more strict.. including not only spammer IP, but including port-scanner and hacking attempt.. (which is absurd to me)

many ISP's ASN (if not all) in my country get blocked causing headache to mail admin and ISP.. their "extortion-like" method to delist is not welcome at all..

some recent reading: https://securityboulevard.com/2021/02/uceprotect-when-rbls-go-bad/

i hope as this get more attention, more mail admin to exclude UCEprotect RBL.

Arie L. Putra
  • 51
  • 4
  • Yeah, UCEPROTECT is nuts. Blindly adding entire net blocks of innocent non-spammers isn't a way to run an organization. Charging to get removed, when you never SPAM isn't acceptable. Port scanning isn't 'hacking' and doesn't do any harm. Do they plan to block Shodan/Censys or other services that do this 24/7. What to they qualify as 'hacking?' They seem like scam... – secops1 Feb 16 '21 at 15:18
  • We removed UCEPROTECTL from our checks, since they are meaningless and are 99.99% false flag. – Orphans May 11 '21 at 10:39
  • @secops1 it's not an organization, it's a crappy one-guy-company. Just check his webpage, it looks like what a amateur would have made back in the 90s using default graphics made with The Gimp that look like shit, but the contents are full of childish name calling "if you say this is scam you are an id*ot and stup*d" and thing like that. Is ludicrous that serious email services could give any credibility to this black list. – Fran Marzoa Jun 24 '21 at 06:50
3

Any RBL that includes entire netblocks for one offending IP and charges for 'Express' removal is not legitimate IMO.We have removed them from our checks.

dcol
  • 73
  • 4