subject:"\[mailop\] UCEPROTECT L2 fact"

Re: [mailop] UCEPROTECT L2 fact

2023-05-23 Thread John Devine via mailop

OK removed, it was one of 5 DNSBL I have and only triggers if 3 of them report 
positive………

JD

> On 22 May 2023, at 23:07, Bill Cole via mailop  wrote:
> 
> On 2023-05-22 at 16:03:32 UTC-0400 (Mon, 22 May 2023 21:03:32 +0100)
> John Devine via mailop mailto:j...@johndevine.co.uk>>
> is rumored to have said:
> 
>> Hmmm I started using dnsbl-3.uceprotect.net  
>>  a few months ago, should I desist?
> 
> Only if you want to receive all of your legitimate mail.
> 
> If you would prefer to randomly reject legitimate messages from people who 
> will have no idea why and no way to fix the problem, you're good to go.
> 
>> 
>> JD
>> 
>>> On 22 May 2023, at 17:01, Jarland Donnell via mailop  
>>> wrote:
>>> 
>>> I have not personally run into anyone using L3 or L2 in my experiences thus 
>>> far. Their L1 list is what most, if anyone, would be subscribing to I would 
>>> think. Their L1 list is actually really, really good.
>>> 
>>> 
>>> 
>>> On 2023-05-14 05:47, Slavko via mailop wrote:
>>> 
 Hi,

 i read multiple times, from multiple sources about UCEPROTECT
 BL, how it is suspicious, etc...

 Recently i got notification from ShadowServer, that i am on
 blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
 blocks whole networks as anounced by ASN. Thus i was curious,
 what happens around me.

 Today UCEPROTECT reports 32 incidents for /22 net. We can
 discuss if 32 is enough for blocking whole network block or
 not, but OK -- 32 incidents is over their policy... But all these
 32 incidents was generated by 1 (one) IP! In other words,
 one IP is enough for UCEPROTECT to block whole /22 network.

 Now i really can know how wrong is this BL (and no, i never
 used it, i even removed it from my check script)...

 I am not very interested in that list, nor in how bad that RBL
 is, but i am curious: is someone (bigger than personal) using
 it? Or do you know someone who is using it? What is/can be
 the reason to use it?

 thanks
>>> 
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org
>>> https://list.mailop.org/listinfo/mailop
> 
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> 
> 
> -- 
> Bill Cole
> b...@scconsult.com  or billc...@apache.org 
> 
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Bill Cole via mailop


On 2023-05-22 at 16:03:32 UTC-0400 (Mon, 22 May 2023 21:03:32 +0100)
John Devine via mailop 
is rumored to have said:

Hmmm I started using dnsbl-3.uceprotect.net 
 a few months ago, should I desist?


Only if you want to receive all of your legitimate mail.

If you would prefer to randomly reject legitimate messages from people 
who will have no idea why and no way to fix the problem, you're good to 
go.




JD

On 22 May 2023, at 17:01, Jarland Donnell via mailop 
 wrote:


I have not personally run into anyone using L3 or L2 in my 
experiences thus far. Their L1 list is what most, if anyone, would be 
subscribing to I would think. Their L1 list is actually really, 
really good.




On 2023-05-14 05:47, Slavko via mailop wrote:


Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Jarland Donnell via mailop




I'm afraid what I have around it is anecdotal. However, if the topic is 
of interest I would highly recommend setting it up in SpamAssassin or 
something like that, with a 0 score. Use that to gather data on it. I 
don't think you'd find any false positives from doing so. I initially 
imported the L1 list to kickstart our RBL (mxrbl.com) and the only 
requests for removal of those initial IP sets were from people who were 
compromised and then fixed it, or from new IP owners reasonably denying 
connection to the previous owner (OVH cloud mostly).


Of the third parties I've brought in to augment my spam fighting, UCE L1 
probably generated the least complaints. Even spamrats generates more 
user complaints, despite being fairly sane.


On 2023-05-22 14:29, Bill Cole via mailop wrote:


On 2023-05-22 at 12:01:52 UTC-0400 (Mon, 22 May 2023 11:01:52 -0500)
Jarland Donnell via mailop 
is rumored to have said:

I have not personally run into anyone using L3 or L2 in my experiences 
thus far. Their L1 list is what most, if anyone, would be subscribing 
to I would think. Their L1 list is actually really, really good.


Do you have any hard numbers on this? E.g. on marginal improvement it 
provides?


My checking of it is very limited, as I only check what makes it to my 
eyeballs,  which is not influenced by UCEPROTECT. So when I check an 
IP, it's because multiple more trustworthy DNSBLs, SpamAssassin, and my 
own bespoke tactics have failed to identify spam. I see almost no 
matches.


On 2023-05-14 05:47, Slavko via mailop wrote:

Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Slavko via mailop

Dňa 22. mája 2023 19:15:00 UTC používateľ Jay Hennigan via mailop 
 napísal:
>On 5/14/23 03:47, Slavko via mailop wrote:

>> Today UCEPROTECT reports 32 incidents for /22 net. We can
>> discuss if 32 is enough for blocking whole network block or
>> not, but OK -- 32 incidents is over their policy... But all these
>> 32 incidents was generated by 1 (one) IP! In other words,
>> one IP is enough for UCEPROTECT to block whole /22 network.
>
>Over what length of time did these 32 incidents occur? Is that IP still 
>spamming? Have you taken action to stop the abuse?

I didn't remember that, i am not very interested as that IP does
not belong to me and it does not happen often. I subscribed to
shadowserver about year ago and this is first time of that report
and it is unblocked already, as my initial message was waiting
to approve about week (due UCEPROTECT word).

From time to time i check my IPs on multirbl.valli.org. Some
years (2-3) ago, i noticed the L2 incident too, and in that time
more IPs was involved... But that one IP can be reason to block
whole IP subnet is something surprising for me...

regards

-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Graeme Fowler via mailop


On 22 May 2023 21:50:54 Graeme Fowler via mailop  wrote:

Moderation note:

We have a permanent hold



Amusingly I got bitten by my own hold rule :)

Graeme
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Andreas Ziegler via mailop

uceprotect is (or was?) quite common around german municipalities and 
other governement agencies.


maybe some appliance they are/were using included this list by default?

Regards
Andreas


Slavko via mailop wrote on 14.05.23 12:47:

Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks



OpenPGP_signature
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Jarland Donnell via mailop




Definitely. They'll even tell you up front that this isn't your average 
list and will block legitimate email: 
https://www.uceprotect.net/en/index.php?m=3=5


On 2023-05-22 15:02, John Devine wrote:

Hmmm I started using dnsbl-3.uceprotect.net a few months ago, should I 
desist?


JD

On 22 May 2023, at 17:01, Jarland Donnell via mailop 
 wrote:


I have not personally run into anyone using L3 or L2 in my experiences 
thus far. Their L1 list is what most, if anyone, would be subscribing 
to I would think. Their L1 list is actually really, really good.


On 2023-05-14 05:47, Slavko via mailop wrote:
Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread John Devine via mailop

Hmmm I started using dnsbl-3.uceprotect.net  a 
few months ago, should I desist?

JD

> On 22 May 2023, at 17:01, Jarland Donnell via mailop  
> wrote:
> 
> I have not personally run into anyone using L3 or L2 in my experiences thus 
> far. Their L1 list is what most, if anyone, would be subscribing to I would 
> think. Their L1 list is actually really, really good.
> 
> 
> 
> On 2023-05-14 05:47, Slavko via mailop wrote:
> 
>> Hi,
>> 
>> i read multiple times, from multiple sources about UCEPROTECT
>> BL, how it is suspicious, etc...
>> 
>> Recently i got notification from ShadowServer, that i am on
>> blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
>> blocks whole networks as anounced by ASN. Thus i was curious,
>> what happens around me.
>> 
>> Today UCEPROTECT reports 32 incidents for /22 net. We can
>> discuss if 32 is enough for blocking whole network block or
>> not, but OK -- 32 incidents is over their policy... But all these
>> 32 incidents was generated by 1 (one) IP! In other words,
>> one IP is enough for UCEPROTECT to block whole /22 network.
>> 
>> Now i really can know how wrong is this BL (and no, i never
>> used it, i even removed it from my check script)...
>> 
>> I am not very interested in that list, nor in how bad that RBL
>> is, but i am curious: is someone (bigger than personal) using
>> it? Or do you know someone who is using it? What is/can be
>> the reason to use it?
>> 
>> thanks
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Jarland Donnell via mailop

and charges for delists...

This is a very commonly cited misconception. Delisting from their BL is
automated. If you are impatient and demand immediate intervention, you
can pay them to circumvent their automation and delist you early. This
is only beneficial if you have actually fixed the reason you were
listed, and are on your way to being delisted by their automation
anyway. Else, you'll simply be relisted and you'll have made a nice
donation to them for nothing.

On 2023-05-22 09:48, Steve Freegard via mailop wrote:

Don't get me started on this one.

I'm not aware of anyone other than zealots that use it. I can't
imagine that it's useful for anything other than scoring a very small
amount in something like SA/rspamd or for use in some meta/composite
rules, but IMHO it's a waste of DNS lookups.

It's so strict and badly run that it gives the rest of us a bad name
(and charges for delists...). Of all the DNSBLs that I wish would just
disappear, this would be at number one on my list.

Kind regards,
Steve.

On Mon, 22 May 2023 at 09:31, Slavko via mailop
wrote:

Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks

--
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Steve Freegard

Senior Product Owner

+44 7740 364348

abusix.com [1]

Book a meeting [2]

[3]

[4]

[5]

[6]

CONFIDENTIALITY This email and any attachments are confidential and may
also be privileged or otherwise protected from disclosure. If you are
not the named recipient, please notify the sender immediately and do
not disclose the contents to another person, use it for any purpose, or
store or copy the information in any medium.

You'll find further information about privacy here [7].

[8]

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Links:
--
[1]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDzZTf64_AIC7pyl-xmo2L5eYJtYu1PnTYrDUUBmQW-VxiqyfDuPS_3WZnIEFz1xocGdBhnxAEyhHhg3_G29KPX5gu0-0JxXoL3Lw4zV1rZI4zA5EgDWnGc90iUX1HRTDIs=
[2]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDzdypi6WPqhVkFKkuLiMX0pY_5fawxs7P25-lwfZUyr7w==
[3]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDyIo6EwBskR6pg3M12nuwEx_9G03qmurLHy8H_IjsK3cg==
[4]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDweOZAf2SFcCyyLHlLyd4j2GB_p_YWWJ_3WJxEqTQND2A==
[5]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDz5UNyOTEm_EvRFXdshn5-xBpkDGWEZYln2qrkxaFuQc-FVdHa5XQ8gkUA8UK9te-A=
[6]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDyEop3qI2i2HFrm2U65Sd5oxcB4tERwhAI5MzR-NKIKtw==
[7]
https://cloud.letsignit.com/collect/bc/5fc7cedc63ed1d1d78e45272?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDwp6TTQAR8uw54LR3mph76uODAm2MU0ep-sVltZqsar_A==
[8]
https://cloud.letsignit.com/collect/b/64527ce39279adc5fb539cbb?p=3QW9LKZRNsNLctpv2M4xw66qtjrDbFHkRfe_Jo_T8nLiDvwE1FDvAnv56cZf8gHOlGcXNTPUHN-wE0IIEJbWkBqUZ5n-wh878kG0mKc-TDzNwzD38Zsn2jhinwiDHXxKe3fLl79VhrrHHWopNbulGK8U-TmlvnN27_c7uQRHayw=___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Bill Cole via mailop


On 2023-05-22 at 12:01:52 UTC-0400 (Mon, 22 May 2023 11:01:52 -0500)
Jarland Donnell via mailop 
is rumored to have said:

I have not personally run into anyone using L3 or L2 in my experiences 
thus far. Their L1 list is what most, if anyone, would be subscribing 
to I would think. Their L1 list is actually really, really good.


Do you have any hard numbers on this? E.g. on marginal improvement it 
provides?


My checking of it is very limited, as I only check what makes it to my 
eyeballs,  which is not influenced by UCEPROTECT. So when I check an IP, 
it's because multiple more trustworthy DNSBLs, SpamAssassin, and my own 
bespoke tactics have failed to identify spam. I see almost no matches.




On 2023-05-14 05:47, Slavko via mailop wrote:


Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Jay Hennigan via mailop


On 5/14/23 03:47, Slavko via mailop wrote:

Hi,



Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.


Over what length of time did these 32 incidents occur? Is that IP still 
spamming? Have you taken action to stop the abuse?


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Graeme Fowler via mailop


Moderation note:

We have a permanent hold on any messages that mention this DNSBL, for 
reasons which are reasonably well known but just in case you're new here:


Whilst not exactly "the list of which nobody should speak", over the years 
the tone of threads discussing them has often fallen well below the 
standards expected of professional mail system operators. The archives 
contain most of it.
The industry knows that the way this DNSBL operates is controversial, but 
as with the Internet in general - their product, their rules.


The hold will stay in place so that each and every mention is scrutinised 
before release.


Stay calm, be nice to each other, tip your waitress, try the veal etc etc

Yours in mailopping

Graeme
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Jarland Donnell via mailop




I have not personally run into anyone using L3 or L2 in my experiences 
thus far. Their L1 list is what most, if anyone, would be subscribing to 
I would think. Their L1 list is actually really, really good.


On 2023-05-14 05:47, Slavko via mailop wrote:


Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Ken Simpson via mailop

Hi Slavko

The UCEPROTECT list has a large bark, but very little bite. We have never
seen serious problems relating to a listing on their service. It is,
however, widely seen as having major significance by ISPs, particularly
those located in Asia. I have no idea why this is the case.

Regards
Ken

On Mon, May 22, 2023 at 1:27 AM Slavko via mailop  wrote:

> Hi,
>
> i read multiple times, from multiple sources about UCEPROTECT
> BL, how it is suspicious, etc...
>
> Recently i got notification from ShadowServer, that i am on
> blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
> blocks whole networks as anounced by ASN. Thus i was curious,
> what happens around me.
>
> Today UCEPROTECT reports 32 incidents for /22 net. We can
> discuss if 32 is enough for blocking whole network block or
> not, but OK -- 32 incidents is over their policy... But all these
> 32 incidents was generated by 1 (one) IP! In other words,
> one IP is enough for UCEPROTECT to block whole /22 network.
>
> Now i really can know how wrong is this BL (and no, i never
> used it, i even removed it from my check script)...
>
> I am not very interested in that list, nor in how bad that RBL
> is, but i am curious: is someone (bigger than personal) using
> it? Or do you know someone who is using it? What is/can be
> the reason to use it?
>
> thanks
>
> --
> Slavko
> https://www.slavino.sk/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
-- 

Ken Simpson

CEO, MailChannels



Facebook   |  Twitter   |
LinkedIn  |  Help Center


Our latest case study video: watch here!

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

2023-05-22 Thread Steve Freegard via mailop

Don't get me started on this one.

I'm not aware of anyone other than zealots that use it.  I can't imagine
that it's useful for anything other than scoring a very small amount in
something like SA/rspamd or for use in some meta/composite rules, but IMHO
it's a waste of DNS lookups.

It's so strict and badly run that it gives the rest of us a bad name (and
charges for delists...).  Of all the DNSBLs that I wish would just
disappear, this would be at number one on my list.

Kind regards,
Steve.

On Mon, 22 May 2023 at 09:31, Slavko via mailop  wrote:

> Hi,
>
> i read multiple times, from multiple sources about UCEPROTECT
> BL, how it is suspicious, etc...
>
> Recently i got notification from ShadowServer, that i am on
> blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
> blocks whole networks as anounced by ASN. Thus i was curious,
> what happens around me.
>
> Today UCEPROTECT reports 32 incidents for /22 net. We can
> discuss if 32 is enough for blocking whole network block or
> not, but OK -- 32 incidents is over their policy... But all these
> 32 incidents was generated by 1 (one) IP! In other words,
> one IP is enough for UCEPROTECT to block whole /22 network.
>
> Now i really can know how wrong is this BL (and no, i never
> used it, i even removed it from my check script)...
>
> I am not very interested in that list, nor in how bad that RBL
> is, but i am curious: is someone (bigger than personal) using
> it? Or do you know someone who is using it? What is/can be
> the reason to use it?
>
> thanks
>
> --
> Slavko
> https://www.slavino.sk/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>

-- 

Steve Freegard

|

Senior Product Owner

T.

+44 7740 364348

abusix.com

Book a meeting

[image: My Logo]

CONFIDENTIALITY This email and any attachments are confidential and may
also be privileged or otherwise protected from disclosure. If you are not
the named recipient, please notify the sender immediately and do not
disclose the contents to another person, use it for any purpose, or store
or copy the information in any medium.

You’ll find further information about privacy here

.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] UCEPROTECT L2 fact

2023-05-22 Thread Slavko via mailop

Hi,

i read multiple times, from multiple sources about UCEPROTECT
BL, how it is suspicious, etc...

Recently i got notification from ShadowServer, that i am on
blacklist, in particular on UCEPROTECT-L2 BL, which AFAIK
blocks whole networks as anounced by ASN. Thus i was curious,
what happens around me.

Today UCEPROTECT reports 32 incidents for /22 net. We can
discuss if 32 is enough for blocking whole network block or
not, but OK -- 32 incidents is over their policy... But all these
32 incidents was generated by 1 (one) IP! In other words,
one IP is enough for UCEPROTECT to block whole /22 network.

Now i really can know how wrong is this BL (and no, i never
used it, i even removed it from my check script)...

I am not very interested in that list, nor in how bad that RBL
is, but i am curious: is someone (bigger than personal) using
it? Or do you know someone who is using it? What is/can be
the reason to use it?

thanks

-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

Re: [mailop] UCEPROTECT L2 fact

[mailop] UCEPROTECT L2 fact

16 matches

Site Navigation

Mail list logo

Footer information