Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget

[lukn]

On 02.03.21 12:12, Esa Laitinen wrote:

Now, if RIPE should boycott UCEPROTECT because of this faux pass is
something we could discuss. 


RIPE shouldn't boycott uceprotect because of this faux pas. They should 
boycott uceprotect because the whole history of cartooneys is a huge 
concatenation of faux passes, hate speech, and GDPR violations.



I'd rather have someone contacting
UCEPROTECT team and get an attitude adjustment in place, but that's me.


Where trying to contact them leads to can be seen in their cartooney 
gallery.

Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget

[Alessandro Vesely]

On Tue 02/Mar/2021 12:12:33 +0100 Esa Laitinen wrote:


On 02.03.21 10:49, Vittorio Bertola via anti-abuse-wg wrote:
Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg 
 ha scritto: 


UCEPROTECT blacklists the whole range of IP addresses, including the full IP 
range of some autonomous systems:
I stress that the problem is not in blacklisting entire providers, something 
that may be justified if those providers are lenient in fighting abuse on 
their networks, but in blacklisting entire providers with very weak criteria 
(so weak that most big European hosters end up at least in the level 3 
blacklist) and then asking for money to remove them. This is actually 
prohibited by RFC 6471 (section 2.2.5) because indeed, especially when done 
at scale, it looks a lot like extortion.


They don't ask for money to be removed from the the list. The listing gets 
automatically removed after 7 days of taking care of the issue, without money 
changing hands. Please stop spreading lies.



Hm... perhaps they remove records after some time.  However, they ask money for 
whitelisting, which sorts out the same effect as delisting.


From whitelisted.org website:
Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month (70 
CHF), 24 Month (90 CHF) .



Best
Ale
--

Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget

[Kristijonas Lukas Bukauskas via anti-abuse-wg]

On 2021-03-02 13:12, Esa Laitinen wrote:

Now, if RIPE should boycott UCEPROTECT because of this faux pass is 
something we could discuss. I'd rather have someone contacting 
UCEPROTECT team and get an attitude adjustment in place, but that's me.


Is there a way to contact them that anybody is aware of?

On their website (http://www.uceprotect.net/en/index.php?m=2=0; Q17), 
they say:


A17: Spammers are criminal gangs. In 2004 and since, many other 
blacklists stopped after they were threatened or attacked.
We also got a package from Ukraine with a dead rat inside and a 
message: "You are next!"
For security reasons we moved to a new location and have chosen to 
continue our war against spammers.
Art 34 Abs 5 BayMeldeG (Bavarian Law) grants that only national 
authorities can find out about us.

Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget

[Esa Laitinen]

On 02.03.21 10:49, Vittorio Bertola via anti-abuse-wg wrote:
> Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg
>  ha scritto: 
>>
>> UCEPROTECT blacklists the whole range of IP addresses, including the
>> full IP range of some autonomous systems:
> I stress that the problem is not in blacklisting entire providers,
> something that may be justified if those providers are lenient in
> fighting abuse on their networks, but in blacklisting entire providers
> with very weak criteria (so weak that most big European hosters end up
> at least in the level 3 blacklist) and then asking for money to remove
> them. This is actually prohibited by RFC 6471 (section 2.2.5) because
> indeed, especially when done at scale, it looks a lot like extortion.

They don't ask for money to be removed from the the list. The listing
gets automatically removed after 7 days of taking care of the issue,
without money changing hands. Please stop spreading lies.

And yes, if they stick to they listing policy, this is ok. It is up to
users of the DNSBL to judge if they DO provide a useful service or not.
If course if your IP is listed, and you're part of collateral damage, it
is uncomfortable.


>
>>
>> UCEPROTECT states, '/Who is responsible for this listing? YOU ARE
>> NOT! Your IP was NOT directly involved in abuse but has a bad
>> neighborhood. Other customers within this range did not care about
>> their security and got hacked, started spamming, or were even
>> attacking others, while your provider has possibly not even noticed
>> that there is a serious problem. We are sorry for you, but you have
>> chosen a provider not acting fast enough on abusers'/)
>> [http://www.uceprotect.net/en/rblcheck.php
>> ].
>>
>> It asks for a fee if some individual IP address wants to be
>> whitelisted (http://www.whitelisted.org/ ),
Well, yes. The complaint from those who end up being collateral damage
is that "we didn't spam". The last time I checked (quite a while ago),
the DNSBLs that escalate listings (causing collateral damage) generally
don't let individual IPs out of the hook. I'm not sure which one is better.
>>
>> It abuses people who decide to challenge their blacklist by
>> publishing conversations in their so-called /Cart00ney/
>> (http://www.uceprotect.net/en/index.php?m=8=0
>> ;
>> http://www.uceprotect.org/cart00neys/index.html
>> ).

Thanks for reminding me of this, it was very entertaining. The point is
NOT retaliating those challenging them, point is making fun of those who
threatening with legal consequences without going thru with it (thus
cartooney). Threatening with lawyers is just pathetic. If you do that,
you should follow up with it, as well.

> They recently published a disgustingly sexist "ad feminam" to blame a
> person that dared to complain about their methods:
>
> http://www.uceprotect.org/cart00neys/2021-001.html
> 
>
> They start with the argument that since she is a woman she is stupid
> and "emotional rather than objective", because she is a woman, and so
> they quote her message in pink colour.
>
> This is completely unacceptable and I strongly recommend that RIPE
> distances itself as far as it can from these people - as a minimum,
> please stop using or referring to this blacklist in any way.

Yes, this was definitely bad form. I have no problem making fun of
cartooneys, but putting sexist spin on it is definitely not ok

Now, if RIPE should boycott UCEPROTECT because of this faux pass is
something we could discuss. I'd rather have someone contacting
UCEPROTECT team and get an attitude adjustment in place, but that's me.


-- 
Mr Esa Laitinen
IM: https://threema.id/2JP4Y33R  or
https://signal.org/install 
Skype: reunaesa
Mobile: +4178 838 57 77  

Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget

[Vittorio Bertola via anti-abuse-wg]

> Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg 
>  ha scritto:
> 
> 
> 
> Hello,
> 
> I noticed that RIPE NCC uses uceprotect-level1, uceprotect-level2 and 
> uceprotect-level3 in RIPEStat Anti Abuse Blacklist Entries widget.
> 
> There have been controversial positions about this blacklist recently:
> 
> 1) 
> https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security
>  
> https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security
> 2) https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html 
> https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html
> 
> 
> UCEPROTECT blacklists the whole range of IP addresses, including the full 
> IP range of some autonomous systems:
> 
I stress that the problem is not in blacklisting entire providers, something 
that may be justified if those providers are lenient in fighting abuse on their 
networks, but in blacklisting entire providers with very weak criteria (so weak 
that most big European hosters end up at least in the level 3 blacklist) and 
then asking for money to remove them. This is actually prohibited by RFC 6471 
(section 2.2.5) because indeed, especially when done at scale, it looks a lot 
like extortion.


> 
> UCEPROTECT states, 'Who is responsible for this listing? YOU ARE NOT! 
> Your IP was NOT directly involved in abuse but has a bad neighborhood. Other 
> customers within this range did not care about their security and got hacked, 
> started spamming, or were even attacking others, while your provider has 
> possibly not even noticed that there is a serious problem. We are sorry for 
> you, but you have chosen a provider not acting fast enough on abusers') 
> [http://www.uceprotect.net/en/rblcheck.php 
> http://www.uceprotect.net/en/rblcheck.php ].
> 
> It asks for a fee if some individual IP address wants to be whitelisted 
> (http://www.whitelisted.org/),
> 
> It abuses people who decide to challenge their blacklist by publishing 
> conversations in their so-called Cart00ney 
> (http://www.uceprotect.net/en/index.php?m=8=0 
> http://www.uceprotect.net/en/index.php?m=8=0 ; 
> http://www.uceprotect.org/cart00neys/index.html 
> http://www.uceprotect.org/cart00neys/index.html ).
> 
They recently published a disgustingly sexist "ad feminam" to blame a person 
that dared to complain about their methods:

http://www.uceprotect.org/cart00neys/2021-001.html

They start with the argument that since she is a woman she is stupid and 
"emotional rather than objective", because she is a woman, and so they quote 
her message in pink colour.

This is completely unacceptable and I strongly recommend that RIPE distances 
itself as far as it can from these people - as a minimum, please stop using or 
referring to this blacklist in any way.

Regards,

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bert...@open-xchange.com mailto:vittorio.bert...@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy