On 2024-12-30 at 15:46 +0000, Serhii via mailop wrote: > Has anyone ever encountered ascams.com RBL, should I worry about > beinglisted there? > > I don't currently have an email server at IP listed, so can't judge > ifit is used in wild as I have found it at multirbl.valli.org when > doinginitial IP address reputation checks.
I had originally refrained from replying here, since I had written them the day before, and I wanted to give them some margin to react. Two weeks later, it now seems reasonable to share my experience with them. I had found this rbl the day before, from a multirbl checker mentioned here. According to it, $ dig -t txt 135.137.23.198.superblock.ascams.com;; ANSWER SECTION:135.137.23.198.superblock.ascams.com. 86400 IN TXT "198.23.137.135 set SA score 3-6/20. Please fix and notify https://info.ascams.com"; After doing the login dance, the internal portal states that the ip has "Status:Score 16" > Anyone can test any IP reputation score. removals are transparent, > fair, ethical and there are set rules, same for everyone. > No matter if you are a multinational trillion dollar company or sell > lemonade on your pavement - same rules. > > Removal requests from superblock.ascams.com is always subject to > ascams.com reputation score 6-7 or lower and is FREE. > Removal requests from block.ascams.com is always subject to > reputation score 9-10 or lower and is FREE. > dnsbl.ascams.com is a DROP List. Removals are possible and depends on > the current removal date, score reputation and admin required > > if your reputation score exceeds 9 - The resource does not qualify > for removal right now. Please improve your score, yourself, by > checking your resources, for example: > Check your reverse zones, spf, dkim, bulk email policies, removal > from other black lists, changing and publishing your AUP, try > actually applying your published AUP, actually having responsive and > working abuse-c or RR record EMAIL contacts in public whois, manage > and act on your resource abuse complaints, check email bounce > settings, bounce amplification prevention settings, email server > security, network provider reputation (abuse management) etc. etc. > etc. > AScams.com checks your resource daily and your current score is for > this 24 hour period. > > Members (us$48 per year) have additional options, multiple daily > requests, multiple score re-checks, support, server tests, reports, > assistance, advice, consultation, resource and server check settings > and more So, according to them, this IP address must be sending spam every other day, to have this bad score. Moreover, they claim on their blog that they do not have false positives. Accordingly, the interface does not show the remove option it would be supposed to hold. Except... that's simply not true. This host barely sends emails, and those are to fixed recipients that I know are unrelated to them: they cannot be receiving such emails because they don't exist. It might be an old block set years ago for some misbehavior from this IP (in which case they are not reevaluating them as claimed). A little more digging showed that they provide the same "<ip> set SA score 3-6/20. Please fix and notify https://info.ascams.com"; to every IP in that /24 (but not the neighbouring /24s), so it isn't even a problem of this single IP, but a range block (despite the misleading message). I also found some inconsistencies between their documented behavior and what they were doing, up to their claims related to what they consider a dnsbl and not, and rfc, but they are actually not listing 127.0.0.2 (per RFC 6471 section 3.3). After a good time browsing their webpage, I sent them an email to one of their email addresses explaining their "error" in the listing. An interesting point is that there is no contact form nor ticketing system. Even for their paid services, it simply asks you to send an email. After more than two weeks, there was no reply at all (and the listing is still in place). So either they didn't care, or don't even look at the email. So my conclusion is it contains false positives, with misleading information, and it is not actively managed. Perhaps someone might find it useful for scoring (in fact, it explicitly says to only use that for scoring since otherwise «100% guarantee you will drop legit mai», although blaming providers mixing bulk and transactional mail), but I'm not convinced it would be useful even for that. Best regards
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
