Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: Last post by me on this thread Graeme. On Fri, 2021-01-22 at 20:45 +, Gregory Heytings via mailop wrote: > At the time we were discussing this 24 hours ago, there were about ~2400 > IPs in their network that were flagged. This number suddenly dropped to > zero (I'd guess that OVH paid something to that guy to clear their > history), but it is now raising again, at a rate of ~350-400 IPs/day (the > same rate as during the previous three days). Which means that, given > that the limit for OVH is 717 flagged IPs, in 24 hours the entire OVH > network will again be on UCEPROTECT® Level 3, unless of course OVH pays > something again (and again and again). See > http://www.uceprotect.net/en/rblcheck.php?asn=16276 . I just believe that you are thinking wrongly about this. The drop is most likely due to OVH being on top of their network, not paying money to UCEPROTECT. Rinse, repeat. There is no nefarious angle to either one's business. > > With that setup, I have yet to see people unable to send email to my > > systems. > > > > With that setup, you cannot send an email from one of your OVH servers to > your systems. While true, that would be for just the time that it takes to the cycle to rinse and repeat itself. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmALPaUACgkQPcxbabkK GJ8Anw//XqmkhHil6WlCGXoGQA4sZdX7+CO89neO7TPGIjGDkrHbKcrkc7cCT7CH baCUPewBNVPbfoaHHPdxCl7cp+O+L6D68+i/FEfTcR/FK4e+1cwLY9fCmiB8tApz HVBaIIoiFOJ2kURkvcnireO4IBMjbRDFjhrPdSzU6I7AGSadgo8RsI4o91d7Q+G/ PXcv+BCBQ1Zz7BzCT+MarT0yAKIvakZIgdTa+li0GQwuSlSI5yqscbGEmh1cd1f7 v2/V8KHwDi3L2C21idad5N9hDL2rGeZFL5npnME9e96Y6MN265RCh3XKtxq79SNA /PRIgPLe1bqylsQhVxkN9S77POgyVKbasWtbzyzMHM25Jm1fj/6QM4GpA9xsG/H5 9TBsExcmr0dRmEX1WeJ1nOJp6JILPuEi0YCe1vMcyWE13T/cAJXqmMIuw/9pSyWo iEuhaoN65Qnu2Sl79EtWTziZOYuqzlpx2VaoNOeMMaciNnU8fWPatwWt7DTmAE0x fG5+D7mg+0YyJqcMcjMKf0kafob0JT3OzCsepCrzBAENonJrvApXIXNKO38+HhCC 89XXuF+8eSYMJ96PW1xMcfjaylwvcfzzNSqqMGpCkM3hXEJEEjQtdwDBXkbV8AuM rrUUscw3Zh/eDbetPRKqTkha/PTDF8O/iTKr64j8S3rGqHAfXZk= =1mJY -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
I've been a steady user of UCEPROTECT for years now. I use their levels 1, 2, and 3 with postscreen rankings along side other popular RBLs. On my systems a UCEPROTECT level 3 rating will reject, unless the IP is listed in ips.whitelisted.org. IOW, on your systems any mail coming from an OVH server will be rejected, unless its admin has paid a fee to the guy who runs UCEPROTECT®. (I'm not saying that you aren't allowed to do that, but it contradicts what you seem to believe: that they are a non-shady provider.) At the time we were discussing this 24 hours ago, there were about ~2400 IPs in their network that were flagged. This number suddenly dropped to zero (I'd guess that OVH paid something to that guy to clear their history), but it is now raising again, at a rate of ~350-400 IPs/day (the same rate as during the previous three days). Which means that, given that the limit for OVH is 717 flagged IPs, in 24 hours the entire OVH network will again be on UCEPROTECT® Level 3, unless of course OVH pays something again (and again and again). See http://www.uceprotect.net/en/rblcheck.php?asn=16276 . With that setup, I have yet to see people unable to send email to my systems. With that setup, you cannot send an email from one of your OVH servers to your systems.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 2021-01-22 at 19:12 +0100, Alessandro Vesely via mailop wrote: > On Thu 21/Jan/2021 19:09:04 +0100 Graeme Fowler via mailop wrote: > > [Admin note] > > > > Unless you are a representative of UCEPROTECT, or you have something to > > actually add to the discussion rather than endlessly nitting on statistics > > etc, please refrain from continuing this thread. > > Jim has been on these lists for a long time, and is often a good poster. An > interesting question would be why he is playing public defender for OVH > (assuming he's not their representative). I'd like to not think of myself as an OVH or UCEPROTECT defender. Those 2 entities can stand on their own without my input. Disclaimer: I got a spam from 135.148.37.130 (OVH) this AM. It was a Drone spam, mostly due to that email being harvested from a recent FAA SolarWinds hack. I have no evidence that is the case, just theorizing. That email address was given to the FAA well over 4 years ago for a drone registration. I've been an odd OVH customer over the past few years, and I've seen their vetting process first hand. I don't know if they vet everyone they way the vetted me, but it was a pretty thorough process (ID scan, CC, waiting period, email back-n-forth, etc.) Of course, now that I'm in their system I can spin up hosts all day long without human review. But I'm satisfied that they take new sign ups seriously, and my honeypots rarely see any sign of them compared to other big entities. I've been a steady user of UCEPROTECT for years now. I use their levels 1, 2, and 3 with postscreen rankings along side other popular RBLs. On my systems a UCEPROTECT level 3 rating will reject, unless the IP is listed in ips.whitelisted.org. But even then just 1 RBL hit anywhere else would override the ips.whitelisted.org listing. With that setup, I have yet to see people unable to send email to my systems. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmALKC4ACgkQPcxbabkK GJ9MnA//bTgDba00sDCROufzL2HgRQ+7//IUQKwFiW3uh/oNAcy7xY6wW8WNPrYt ZotQynTc/Nv6rw/r0LMKj/Tei96FeH9Ex4d2X8N8Gcexou3jbTgXXBY7iWk3KCFU A5D96Y5TKaTLXImw/ZVaL6LA6L8X8Ek3eI96+oaCO3EVErPXHr7Cw7NdfL2oWlzK kOpfn8vDJ6uQvno75OEOZuQMVNKsiYYfa+TZ6+1175eRn9OjGupUikULjg7CwAOa APvev7ZLPuf20RxrLxX7661t3fPcR1RlWCqDM4jAIo2z9Mb1+uKE4EvA21stncti ciSublA+MqKPfPPyE/ZPYVNA08qUIhbwobX8InBe1BuzIFv8ijidDdSpGoSSBhKK 9jq/aNiwQh+Q/x1cvRWWUE43JvbbCXRlMn4Tf3qjCD46vWs+lQwlVXPVYIY5lVac TZfTUGuG2j6ygpZqYPN3HSyCLoJVUNrIpaha4UAdgM1pLrDWodVumLN++km3XKJg 0kfBK14lzlL/UNx8HGG0bUmVikpWmc2J8WTh5647mHttu6IlDrtSkVYSQZavUloX DckZot3wQvpNyb4TDKjCpnG7vaYRuGQA8RnsZm1YqMjQwbZTf1WYqbx9xmvug2WU 7Tch8fWhDai8ZWyfBgFryleitY+inQ4UXhqbN49g/mrf/nfRiaA= =hBam -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Thu 21/Jan/2021 19:09:04 +0100 Graeme Fowler via mailop wrote: [Admin note] Unless you are a representative of UCEPROTECT, or you have something to actually add to the discussion rather than endlessly nitting on statistics etc, please refrain from continuing this thread. Jim has been on these lists for a long time, and is often a good poster. An interesting question would be why he is playing public defender for OVH (assuming he's not their representative). Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Thu 21/Jan/2021 16:24:03 +0100 Michael Peddemors via mailop wrote: On 2021-01-21 6:03 a.m., Jim Popovitch via mailop wrote: It's never been about the $$, it's always been about identifying the responsible party. Which is why I am always surprised, that some providers choose NOT to offer 'rwhois' that shows the responsible party, and when they started using the IP Address. Some buy used domains, so the starting date is not a reliable indicator. Using GDPR as an excuse not to allow customers transparency when they want it, is just dumb.. This would allow that responsible party who happens to 'live' in a dangerous neighbourhood, still operate responsibly. It hit name resources only. RDAP on IP numbers works perfectly. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 2021-01-21 8:20 a.m., Gregory Heytings via mailop wrote: One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent a spam in the last 7 days according to uceprotect. That might seem like a high number, but it's only 0.05% of the address space of that AS. Because of this all IPs of AS16276 are blacklisted. Before we start on this thread.. (UCEPROTECT's criteria for blocking OVH) we should confirm that we want this discussion on this mailing list, it might get noisy ;) The last 7 days is what they show, that is only NEW traffic reported I am sure, and does say what the 30 day and year history really is. OVH might be the 'perfect example' though if we want to continue this thread.. And note, we should talk maybe percentage of 'active' IP(s) and not the theoretical size of the ASN.. And should things be discussed like: * Quality of the Abuse Department * Time to Takedown abuse * Obviousness of Abuse * Size of allocated ranges to customers and abuse 158.69.162.68 x105ip68.ip-158-69-162.net 158.69.162.69 x149ip69.ip-158-69-162.net 158.69.162.70 x207ip70.ip-158-69-162.net 158.69.162.71 x111ip71.ip-158-69-162.net 158.69.238.136 x54 ip136.ip-158-69-238.net 158.69.238.137 x53 ip137.ip-158-69-238.net 158.69.238.138 x111ip138.ip-158-69-238.net 158.69.238.139 x68 ip139.ip-158-69-238.net 158.69.238.140 x125ip140.ip-158-69-238.net 158.69.238.141 x77 ip141.ip-158-69-238.net 158.69.238.142 x129ip142.ip-158-69-238.net 51.222.131.216 x88 ip216.ip-51-222-131.net 51.222.131.217 x78 ip217.ip-51-222-131.net 51.222.131.218 x73 ip218.ip-51-222-131.net 51.222.131.219 x81 ip219.ip-51-222-131.net 51.222.131.220 x98 ip220.ip-51-222-131.net 51.222.131.221 x82 ip221.ip-51-222-131.net 51.222.131.222 x76 ip222.ip-51-222-131.net 51.222.131.223 x72 ip223.ip-51-222-131.net And remember, it isn't just spammers that we worry about. Think of things like AUTH attacks etc. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
There is a lot of guessing in this discussion. Maybe have a look at your logs for OVH networks and you will see something like "distributed spam delivery system" every day. I show an example of another OVH network, which is currently spamming German users: This data is for one of my smaller systems: IP Blocked / Hits Last Matched At 135.125.142.94 4 / 4 2021-01-21 135.125.141.247 4 / 4 2021-01-21 135.125.142.182 2 / 2 2021-01-21 135.125.142.106 2 / 2 2021-01-21 135.125.141.131 1 / 1 2021-01-21 135.125.139.67 1 / 1 2021-01-21 135.125.142.144 4 / 4 2021-01-21 135.125.139.140 2 / 2 2021-01-21 135.125.144.100 1 / 1 2021-01-21 135.125.142.152 1 / 1 2021-01-20 135.125.142.62 2 / 2 2021-01-20 135.125.144.18 2 / 2 2021-01-20 135.125.139.26 1 / 1 2021-01-20 135.125.139.50 2 / 2 2021-01-20 135.125.142.175 2 / 2 2021-01-19 135.125.142.90 1 / 1 2021-01-19 135.125.141.34 1 / 1 2021-01-19 135.125.139.84 1 / 2 2021-01-19 135.125.142.108 1 / 1 2021-01-19 135.125.139.73 2 / 2 2021-01-19 135.125.141.48 1 / 1 2021-01-19 135.125.142.27 2 / 2 2021-01-19 135.125.142.252 2 / 2 2021-01-19 135.125.144.249 1 / 1 2021-01-19 51.83.131.941 / 2 2021-01-21 51.83.203.234 1 / 2 2021-01-21 51.83.132.207 1 / 10 2021-01-20 51.83.177.6 1 / 3 2021-01-20 51.83.177.131 / 1 2021-01-20 51.83.193.117 1 / 1 2021-01-20 51.83.203.231 3 / 3 2021-01-19 51.83.213.138 3 / 7 2021-01-19 51.83.128.862 / 20 2021-01-19 51.195.77.194 1 / 2 2021-01-20 51.195.77.171 1 / 2 2021-01-20 51.195.57.921 / 1 2021-01-20 51.195.77.214 0 / 1 2021-01-19 51.195.57.107 0 / 1 2021-01-19 51.195.77.247 0 / 1 2021-01-19 As you can see they are using really a lot of different IPs and they are way more all over their locations: Poland, Germany, France, US. Background: I've built a service to analyse such traffic for my mail systems. I want to understand which companies, networks, IPs, etc. are valuable to my users/customers and which try to harm them. Based on the data I can see, that OVH is not the worst, but a really bad provider for email systems. I don't know how they get customers, but this customers are bad for their network reputation - specially for mail. @Jaroslaw try to find another/better provider for your email service. You can't fix OVH sales or customer acquisition. I hope I could give another view on this discussion which heads in really different directions Regards, Konstantin Am 21. Januar 2021 um 18:43:27, Jaroslaw Rafa via mailop (mailop@mailop.org) schrieb: Dnia 21.01.2021 o godz. 11:44:30 Jim Popovitch via mailop pisze: > > Yes, I can think of 4 right now, and I'm sure there are many more. One > of those 4 is in your short list above. The a few things that make > those 4 providers good are 1) They act on abuse reports, 2) they block > outbound port 25 by default, and 3) they require real ID. As for real ID, is there any hosting provider that doesn't require that? When I was buying my server at OVH, I needed to present them a photo or scan of my ID, so they know who I am. When you buy a hosting service, you are entering into a legal contract. Both parties of the contract must know who the other party is. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 18:36 +0100, Vittorio Bertola via mailop wrote: > > Il 21/01/2021 15:03 Jim Popovitch via mailop ha scritto: > > > > Neither of those situations describe the reality of what uceprotect is > > doing. They are saying that if you choose to operate in a shady area, > > The problem here is that they are defining on their own the criteria to > identify a shady area, Isn't that their right? If not, who gets to define what others think? > doing all of this in a way that maximizes their revenues, Do you have evidence of this? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJxOcACgkQPcxbabkK GJ8peg//Sks+WJxqqZCI5aoNzMQ6vodsb58Jlg65cLJLzde/d/mLz7V0+1sD+GMK zfqa7Fg0jv23XlnhS26y/NWiWVITLu0o3a24SRTE+dkrp3/Qb+5V+0D1UGWlra6r nWdsnWKrKyXO8SehV21sC3JEAij+zX8RB1IRhpjJFW8hu8dN+XQLwlsf20g1HjtV ljmf8V4ozLm7noY6a95ZWmMCa6kv0OQjt+wz34PKN++xeaOKvlyy5RKPgz9K7EHX n74XoF2zmLwWaLntWql5a30UqJg0ZM03VQyoQBMgqeTnLeXxakdObbBz8xw9Lz8P 7PDaIReyk/KBHwHHyl5+FFrlOXoDbUdjiebGHbheZOU1Zmj5PisR7VCyrE5Ue3ZB v7cm0NhLdn1h8NBrI38nZsiOXMqWhO3HEc0OtyyE7xOa2NQtO4DldRRj6wnk4NzK oVQVxJrWa15P/wGaHQTjlkyOCklgnff2TYGboSt1JvRmNnXRIW4qSCkSUFDvxzAk xSOD860szZIiw8q37GQ95xzSH6SvS/yJtA7VVg2HnW8WAgf49q6kVHpSG6y1Xv+e cKIi740PU1JOm/zHh1/hzrL23mJdLz36TOAk8vLa5pVhbWbEnWNTy93oQ8nvZeER Kfglzsx9TH2tNr7p4J93Y66pJV8F95DPmVJfXwD9rB4fWK5+zsI= =nBUw -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
[Admin note] Unless you are a representative of UCEPROTECT, or you have something to actually add to the discussion rather than endlessly nitting on statistics etc, please refrain from continuing this thread. Over the years we've all seen many threads on many mailing lists of the form "$dnsbl_operator has practices I don't agree with and they've listed me". I can think of no threads that resulted in a change of operational policy on behalf of $dnsbl_operator. As mentioned up thread, many messages ago, using UCEPROTECT Level 3 to block outright is (to quote): > recommended only if you are a HARDLINER and you want to cause service > providers > and carriers that have spammer / abusive clients to be quickly and > effectively blocked > and it does not matter to you if regular email is also occasionally rejected. ^ Ethics aside, they are *very* clear about their policies in all regards. You may now resume normal service. Graeme (not in any way involved in, related to, knowing of or in fact a user of the aforementioned DNSBL provider) [/Admin note] ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Thu, 21 Jan 2021 at 18:16, Jim Popovitch via mailop wrote: > > Maybe you'll grasp the issue only when they will list Ramnode :-) > > Or maybe you'll be happy to pay or to move to another ASN until they catch > > up... > > You seem to be under the assumption that uceprotect is just looking for > providers to list. I think, and I know, that Ramnode is a responsible > hosting provider. They take abuse report seriously, and act swiftly. > If you read the details about the ASNs that uceprotect list, it's clear > that those ASNs do not. No assumptions here: http://www.uceprotect.net/en/rblcheck.php?asn=3842 "ATTENTION Increased Listingrisk" OVH was in "ATTENTION Increassed Listingrisk" until UCEPROTECT lowered 10 fold their thresholds, so I wouldn't bet you are safe there. Let's say you chose an almost shady provider :-) Stefano ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 17:33 +, Gregory Heytings via mailop wrote: > > > This make me think to the "First the came..." thing: saying that around > > > 1 million OVH customers *chose* to operate in *shady area* is a strong > > > statement. > > > > ... and OVH cleaned up their act. > > > > Yet they are (black)listed by uceprotect. OVH is AS16276, the one with > 2327 of their 3583744 IPs that have sent spam in the last seven days... As someone else said "honest customers". Look, listing happen for reasons, and there are consequences. > > > Maybe you'll grasp the issue only when they will list Ramnode :-) > > > Or maybe you'll be happy to pay or to move to another ASN until they > > > catch up... > > > > You seem to be under the assumption that uceprotect is just looking for > > providers to list. I think, and I know, that Ramnode is a responsible > > hosting provider. They take abuse report seriously, and act swiftly. If > > you read the details about the ASNs that uceprotect list, it's clear > > that those ASNs do not. > > > > According to uceprotect 3 of their 42240 IP addresses have sent spam in > the last seven days. That's only 0.01%, which is not that far from 0.05%. > A few more hacked servers, and Ramnode will be listed, too... Are you sure they were hacked? What if those were spammers that rented servers to spam, wouldn't you want the responsible party blocked if they failed to act? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJwIAACgkQPcxbabkK GJ9IKg//dGhFsZGt7J/YK/hmC3OxWMNrGGyAEUpopUriw5ulxd6MjckhTmAi61+W krY8zgriRXT4ayPDwplHZdeN6LdqLKLhGPORlY17Cec6+yKqifI+mdoqIwkbnYat 4Mr8G/X+aSaG8X4DZeK7oHn+xUMHSPiPzF/IQ0j+BFl1KOlrq4wPaGt8Lx/QA3FZ 8kmGUpU/3h2KabUJFHdrCpZYpDcpqogoqVW4jeqrsvpQ+mie4D/gXTLz3kNJ6hI6 j0S4vL/dxiN1Zj1rWndnV+l8WzCnTJAiJTJKbYGYTd/mQ+P+r7vRY48NJvPdS3bT zImYqd1t0YgNhiTcoiJWn4dKCn8kSMfQbo7eOcVSZhuzLu3Qn7vQzCPfH+i0we9i ONnyq2O4cmJuGXfAXSyqHECB1IGaZUz3zWz6wF0fTskMuOk/sbZt3azwc6OT7dUJ KnyEe4gjl7ZpfhckMFTbbJOPhSwbSw0aZIaDs6ruUvz4g5ERmdABgUKmLjzYeW3r /XxQ+jPgEbdd1Cm3GGtOcv6rzm7erp4mbvo8h62ic3aEXX3kmZGclVtD+wFRYYTx MFc2fpcyE4X3jOc6z+wwq+AmTq/QUdvUrA6eXlfy8L9gJ/Og273DpJpOJaTLuAYH pVdo/2Y+3gx+peqEKbGKVq61Af0Ihjn/7LlKwUJyGMSnQSRAquU= =oRMP -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 17:23 +, Gregory Heytings via mailop wrote: > > I'm not advocating anything, and that's again orthogonal to the point at > hand. The point is that when a website gets hacked and starts to send > spam, all other IPs of the server provider get flagged. You conveniently left out the span of time between "a website gets hacked" and "all other IPs of the server provider get flagged". At what point in time, do you think it's appropriate for me to start blocking email from "all other IPs of the server provider" once "a website gets hacked" ? 1 hour, 1 day, 1 week, 1 month, 1 year, ??? how long? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJv1oACgkQPcxbabkK GJ/ezhAAkwL35a0s6rvjGPTj96cQT7blSaKyOH0kIkAU9CL6mK+BIGBw4Gs2ZRRV 4dLZ3JJWXOhp3sRt0WIWsHVu3LGDAELvMLfFC0p7fy0IVupq6K/frOCCuWOPcoxi 3tPuXhclGE9DE/rt2UukImVwQTo03E08IbEmnm/JSqNHBHpKU1imYFlFFuAhCqNf 0HYhd6Ew3AwKIsWR4WtTAJf9E0YKUFxqzNO6FIpwwU5nmrmGIQx5qF8ivq40LdJn EbhPVWsM0AgoywY6BbovSVfdPw5E4OcOr+XSXDT2IWdj6CxQpDeozVFSX2UIqu+C aHqsLJ463zBUy51fprHLO97QfMOkGF5eQkIkR8lKDdL0ge4BTULf5ZFkKapcShCj Mbrp5N95C5eB2L/jn5RJFNdZSWL0G8m3FZrrxJkJyETFFpjRkhu3+2RQCdk2ihob m0/3RZi0xeRoZnTX/MFz2DyIxGdckKDevaduRnSUpOzKJvXVEK+OZpsOuUzeDwk4 ha04ShmOxqzDNMlJHroSjsYYjcOjVvyBtwl0LVL1XFX4yfe7ukE2PzDgfE9sspVN ZMmFamMgANj75ATLsD/Ih3utvBMW+Q5zIHP40tznXAr96YVhlF+PwrJSxsTk5QYQ AZ5EqUx1OnNmyxLY8klbAy0IbK9tf286i5E5II18kg7INB04t6M= =mR4D -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
> Il 21/01/2021 15:03 Jim Popovitch via mailop ha scritto: > > Neither of those situations describe the reality of what uceprotect is > doing. They are saying that if you choose to operate in a shady area, The problem here is that they are defining on their own the criteria to identify a shady area, in a way that is different from everyone else's (there are no other blocklists listing these IPs all at once, and these providers abide by all applicable laws and are normally considered cheap but reputable, not "shady" at all), and then deciding on their own that this is worth listing all their customers, and doing all of this in a way that maximizes their revenues, by blocking millions of IPs that no one else is blocking and then asking for substantial money to each of their users. This creates such a big conflict of interest that voids the credibility of their work. It's not by chance that this behaviour is explicitly forbidden in RFC 6471. > Il 21/01/2021 15:56 Paul Smith via mailop ha scritto: > > I suspect some hosting providers aren't as diligent (possibly because > they charge so little that they can't afford staff to handle it, > possibly because they don't care as long as they are paid) My experience with my current VPS provider (Contabo) is that they are very responsive, much more than one would expect given how little I pay them. I never spammed or had my server cracked so I do not know how well they behave in that case, but I have a hard time to think that "they don't care". These statements should be supported with facts, not just by setting an arbitrarily low threshold of listed IPs to claim that the entire ISP is bad (and maybe, when revenues are lower than desired, lower the threshold again and so on). -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bert...@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 17:07 +, Gregory Heytings via mailop wrote: > > > One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent > > > a spam in the last 7 days according to uceprotect. That might seem > > > like a high number, but it's only 0.05% of the address space of that > > > AS. Because of this all IPs of AS16276 are blacklisted. > > > > 2327 IPs from that ASN sent spam in 7 days, and you are hear arguing > > that is OK?!? > > > > 2327 out of 3583744. Are you saying that only 0% is okay? We do not live > in a perfect world, errors happen, that's unavoidable. I don't look at the 3583744, I look at the 2327. How many emails can those 2327 IPs send in 1 hour? That's a lot of spam. > > > The a few things that make those 4 providers good are 1) They act on > > abuse reports, 2) they block outbound port 25 by default, and 3) they > > require real ID. > > > > As I said, none of these things are enough. You can act on abuse reports, > block outbound port 25, and require real ids, and yet see honest customers > being hacked. But that is not enough. If you have honest customers getting hacked then you have an obligation to all other ASNs to promptly and swiftly disengage and deactivate those honest customers. What level 3 uceprotect is saying is that AS16276 did not act swiftly and promptly and festered for days culminating in 2327 honest customer IPs sending spam. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJu0wACgkQPcxbabkK GJ8g3Q//ezt/4/AXRlFIl+DHmaiKz8QbkSOtsow9ktZXZuif10/7NOVW8CQvByng JzNRz9KWnKlAT2xiyd1uAuHJ3tMKN35xwpOvDzdIUUJ+9pLYu8XTC8xWEn6ybMor mwPfe4FqRcGiX5FOIdGAzL6KI9i55Aro5baoSmrEXH07ii4C3FFiY+/I4z3kU14d DHCpErrrAW5Mg8PmAYg0KbCPYKpO+GZg0dFqPyWp9X2fuC2R9w0gjloojvyaKJko VSTrrymdJbu5MAEV2WyCYyauQVsvqXpSKqbn5FAwYRFLq0bCzeWFvMIPuTqrhGJV Hu9ZEsRiZjkWMtOmfBj7N9IM20pQvV3zm6dfj6IDgRP8bl5+PzeoS5u6mrBgM6hU uTGYMOp6tIcovnUpXV6PNyPhJ7u2bDLQ5Q/0nR3vP9EE3gSN7FMxKICRQg3HE/d9 eC6Jh8mlPUFu2Z4avA5Dondh2NhPmP7iWdEUNKoYafAVzHP3rK9eehoR9mIm8W6C 3sdlcImk7yIBpNfJGQhdJ2xMY+2nKy3llgwKq1T2NZ1vCKIhHO+thUYTSP5n1zxJ m5iCYk4+e+QPFCmfefhnFQ5UgqiM4KDcFiEy5e044FOq0U/msr+CV7l6CQ7tkgax Vm17GFcq9jwnMuo9XzmMde9i3xXNLXkh3Spsf3U4iXZ5AVgI1PY= =TmFe -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
This make me think to the "First the came..." thing: saying that around 1 million OVH customers *chose* to operate in *shady area* is a strong statement. ... and OVH cleaned up their act. Yet they are (black)listed by uceprotect. OVH is AS16276, the one with 2327 of their 3583744 IPs that have sent spam in the last seven days... Maybe you'll grasp the issue only when they will list Ramnode :-) Or maybe you'll be happy to pay or to move to another ASN until they catch up... You seem to be under the assumption that uceprotect is just looking for providers to list. I think, and I know, that Ramnode is a responsible hosting provider. They take abuse report seriously, and act swiftly. If you read the details about the ASNs that uceprotect list, it's clear that those ASNs do not. According to uceprotect 3 of their 42240 IP addresses have sent spam in the last seven days. That's only 0.01%, which is not that far from 0.05%. A few more hacked servers, and Ramnode will be listed, too... ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
Apparently that's not a good strategy: their 509952 IPs are blocked by uceprotect, too; 217 of these IPs (again 0.05%) sent spam in the last seven days. And indeed what you suggest is not a solution for the WordPress site of a honest customer that get hacked, for instance. You keep bringing up wordpress, a web application. It's just an example, because it's a common web application with (too many) security vulnerabilities. There is nothing being listed by uceprotect that would prohibit a honest (or even dishonest) customer from running a wordpress site. Sending email from a wordpress site is much easier to do through a MX provider than to self host, so why are you even advocating for self hosted wordpress sites to host their own email? I'm not advocating anything, and that's again orthogonal to the point at hand. The point is that when a website gets hacked and starts to send spam, all other IPs of the server provider get flagged. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
Dnia 21.01.2021 o godz. 11:44:30 Jim Popovitch via mailop pisze: > > Yes, I can think of 4 right now, and I'm sure there are many more. One > of those 4 is in your short list above. The a few things that make > those 4 providers good are 1) They act on abuse reports, 2) they block > outbound port 25 by default, and 3) they require real ID. As for real ID, is there any hosting provider that doesn't require that? When I was buying my server at OVH, I needed to present them a photo or scan of my ID, so they know who I am. When you buy a hosting service, you are entering into a legal contract. Both parties of the contract must know who the other party is. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent a spam in the last 7 days according to uceprotect. That might seem like a high number, but it's only 0.05% of the address space of that AS. Because of this all IPs of AS16276 are blacklisted. 2327 IPs from that ASN sent spam in 7 days, and you are hear arguing that is OK?!? 2327 out of 3583744. Are you saying that only 0% is okay? We do not live in a perfect world, errors happen, that's unavoidable. The a few things that make those 4 providers good are 1) They act on abuse reports, 2) they block outbound port 25 by default, and 3) they require real ID. As I said, none of these things are enough. You can act on abuse reports, block outbound port 25, and require real ids, and yet see honest customers being hacked. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Thu, 21 Jan 2021 at 17:37, Mary via mailop wrote: > Linode blocks port 25 on all new accounts/servers. You need to talk to them > and explain who and what you are, before they open it manually for you. But this was not enough to prevent them being listed in level-3: http://www.uceprotect.net/en/rblcheck.php?asn=63949 217 level-1 in the last 7 days on 510.000 IPs. I see Oracle is in level-3 too: http://www.uceprotect.net/en/rblcheck.php?asn=31898 267 level-1 in the last 7 days on 1.2 millions IPs. I guess most small ASN are not in level-3 just because of the "at least 10 level-1" requirement. Stefano ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 15:15 +0100, Stefano Bagnara via mailop wrote: > On Thu, 21 Jan 2021 at 15:04, Jim Popovitch via mailop > wrote: > > > "Pay us for protection", when it really means "pay us or we'll [break > > > your knees|set your house on fire|break your windows...]" isn't > > > insurance, and can get you arrested. > > > > Neither of those situations describe the reality of what uceprotect is > > doing. They are saying that if you choose to operate in a shady area, > > they will, for a payment, whitelist your address so that you can send > > email. Historically, email delivery was always tied to knowing who the > > sender was. This has been going on for decades, even with folks like > > Barracuda. It's never been about the $$, it's always been about > > identifying the responsible party. > > This make me think to the "First the came..." thing: saying that around 1 > million OVH customers *chose* to operate in *shady area* is a strong > statement. ... and OVH cleaned up their act. > Maybe you'll grasp the issue only when they will list Ramnode :-) > Or maybe you'll be happy to pay or to move to another ASN until they catch > up... You seem to be under the assumption that uceprotect is just looking for providers to list. I think, and I know, that Ramnode is a responsible hosting provider. They take abuse report seriously, and act swiftly. If you read the details about the ASNs that uceprotect list, it's clear that those ASNs do not. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJs88ACgkQPcxbabkK GJ8SCA//d0h9EzFSFDffJlntPa490qWxFtncCypS51qsNNcpv3bj1pn4qf+d8FzT qdW/lFI4sLtbImfAVyIF6EnWR85BiPnZZ4q4juBNdRi2nyRbNUVM5XSrCV4exiTN xOTbqbiVZJqkLle3STYSPhpAK6Lg753qbJx59EHFgSdfX8+1PjfG7TiDIcbS6Y9r 0pmMiWerrPd2admS8PcOdWUAAiKlYlxO6ELGFgGzHL+90HPterSGdoh3s05bfrSG qIYwSrHJwX+gY4TkrVcrI4Rs/kWzy3PuRnd0NhqVFeDSX4/yH5n6oSSeRx1vvhZW QFwnryi2emqZeIXULfeLHDkOOyLIlImIS9rgaGlpAxD37J+sEOsfAWYPh6TNMZOT sRNhCkz00bpvqEed3LNkmYdfPNcyofJJNcyOJRvp5l7xjN48DkuflJTElaJgaLFc HVOCSbxKQ2/jM3l/GlcWXYczGXxtSoXa2QhMOvkv6hTDyOX/uBRbrXDk1yWQrJJd s8p2xVofmqA+H098SSsHQSwH+15pdVUeGWJSjVxjeKz94WHS6HAXiSjvuhZKQlz7 utZeAtBsHiaz5dmyG86HpLJYpvPfoNcNGyhQBniCcTmDD7mX1fa4g/Wh0K78TYn6 1yCXXu2noFOqFb1E2baGlKlYj7uvrj6sBycH14DxWoIwMC0o9rs= =cQ/c -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
Yes, someone should give them kudo's for that, at least they made an effort.. of course, someone occasionally gets around that.. saw last week someone abusing their IP space, but in general reports from that network are GREATLY reduced from historical levels. -- Michael -- PS, the 'hardest' part for a hosting provider is those that explain they are a legitimate bulk emailer and playing police for those that really aren't.. which is why making 'them' the responsible party via a clear 'rwhois' entry is essential for those cases. And a good abuse department that can address reports of abuse. On 2021-01-21 8:36 a.m., Mary via mailop wrote: Linode blocks port 25 on all new accounts/servers. You need to talk to them and explain who and what you are, before they open it manually for you. On Thu, 21 Jan 2021 16:29:56 + Gregory Heytings via mailop wrote: How can a server provider do this? Apart from blocking port 25 of course, and forcing all emails of their customers to go through their SMTP server, in which case they wouldn't be selling a bare machine anymore. If it was "not even that difficult", I'd guess they would all do it. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 16:44 +, Gregory Heytings via mailop wrote: > > > How can a server provider do this? Apart from blocking port 25 of > > > course, and forcing all emails of their customers to go through their > > > SMTP server, in which case they wouldn't be selling a bare machine > > > anymore. If it was "not even that difficult", I'd guess they would all > > > do it. > > > > Linode blocks port 25 on all new accounts/servers. You need to talk to > > them and explain who and what you are, before they open it manually for > > you. > > > > Apparently that's not a good strategy: their 509952 IPs are blocked by > uceprotect, too; 217 of these IPs (again 0.05%) sent spam in the last > seven days. And indeed what you suggest is not a solution for the > WordPress site of a honest customer that get hacked, for instance. You keep bringing up wordpress, a web application. There is nothing being listed by uceprotect that would prohibit a honest (or even dishonest) customer from running a wordpress site. Sending email from a wordpress site is much easier to do through a MX provider than to self host, so why are you even advocating for self hosted wordpress sites to host their own email? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJsdgACgkQPcxbabkK GJ8HWA//fyw9PtQpyBEuyj9OTLSlexrESusenEzdLr08G/hZjzMECDF6uaJlflqV aQ+cIVkJEEVvOZvFjjkw7kbQeRCRTqxBuOA4OH5ntkpmrp/1rI+6BAMTz+8y/cdc iOZjo0TnsP6/ddwJh48PsNyYDi/zzqCIdFKQUnBTJJILi5TAJAK1xtdnyqaqA1vP QXT3jnuSzzzdW96r/H74YC/GUZSUDBputeBsX/JV69oBVqkEyGV5dVmvYO9IZsTF ZujjdXF0kglfk2P+3naO1Gw5F7ypVWWs4FtNXtRgUTzbOjbHLbSlzi9TV8ExPGw6 ByuUff6C1KEbKTBsOvzaO9ZGSuDBPKwgkv4lCJHN69NtWxWs0gW0tG9eQGF308oD GwBFY0Xwok+J39vek3ylpellJHHal20vzxWV8P0wk51F9EM4flXZnzDm3RTkNXcJ twX9z5UIcDYtN/GRxOZNmt+6RvpzGowDYbA+W+9JdfIaNYYaQ++U9p35efDY3r7M wV9XPzJZ2p+kglh7kps7ZKtxRxAxbK8m5EGnAMsvxZdmRIxBscO+NQTUokIirjfZ nRb+VlzmTxwUAqZVSsF2VBAQZOBBGW5owPJUPIe7OxOvJkwTpI5w3SKrdHrCy8WM 74G8LIqUZQPKC2zH1Nv9HUZ+O9TF7sve+o6BJ+h0JpcBchAoGBg= =MzhH -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Thu, 21 Jan 2021 at 15:04, Jim Popovitch via mailop wrote: > > "Pay us for protection", when it really means "pay us or we'll [break > > your knees|set your house on fire|break your windows...]" isn't > > insurance, and can get you arrested. > > Neither of those situations describe the reality of what uceprotect is > doing. They are saying that if you choose to operate in a shady area, > they will, for a payment, whitelist your address so that you can send > email. Historically, email delivery was always tied to knowing who the > sender was. This has been going on for decades, even with folks like > Barracuda. It's never been about the $$, it's always been about > identifying the responsible party. > This make me think to the "First the came..." thing: saying that around 1 million OVH customers *chose* to operate in *shady area* is a strong statement. Maybe you'll grasp the issue only when they will list Ramnode :-) Or maybe you'll be happy to pay or to move to another ASN until they catch up... Stefano ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
How can a server provider do this? Apart from blocking port 25 of course, and forcing all emails of their customers to go through their SMTP server, in which case they wouldn't be selling a bare machine anymore. If it was "not even that difficult", I'd guess they would all do it. Linode blocks port 25 on all new accounts/servers. You need to talk to them and explain who and what you are, before they open it manually for you. Apparently that's not a good strategy: their 509952 IPs are blocked by uceprotect, too; 217 of these IPs (again 0.05%) sent spam in the last seven days. And indeed what you suggest is not a solution for the WordPress site of a honest customer that get hacked, for instance. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 16:20 +, Gregory Heytings via mailop wrote: > > First off, I'm subscribed to this list, there is no need to email me AND > > the list. > > > > Sorry, I was just honoring the "Reply-To:" header set by the list. > > > > It's what they themselves say: they changed their formula two days ago, > > > and because of this thousands IP addresses that were not listed are now > > > listed. See http://www.uceprotect.net/en/index.php?m=12=0 . > > > > I know they did that change, I support it just like I thing the PBL is a > > good thing. Are you saying they should be prohibited from making that > > change? > > > > The point is not whether they should be prohibited from doing this, the > point is whether it's a right thing to do. And yes, I do think it is > wrong to blacklist tens of thousands of IPs because a few of them (less > than 1%) misbehaved, and to ask the other 99% to pay to be whitelisted. The PBL does just that. But I think you are wrong to use the term "blacklist", it's just a list. You could use that list as a whitelist if you wanted to. I highly encourage you to do so. :) > One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent a > spam in the last 7 days according to uceprotect. That might seem like a > high number, but it's only 0.05% of the address space of that AS. > Because of this all IPs of AS16276 are blacklisted. 2327 IPs from that ASN sent spam in 7 days, and you are hear arguing that is OK?!? > (By the way, the numbers I gave in a previous email were a too low > estimation: they actually blocked millions of IPs (see above). If only > 0.1% of these blocked IPs paid their whitelist fee, that would mean an > income of at least 250,000 USD/year...) Why does 0.1% of those IPs need to send email? Do you know that even 10 of those 0.1% need to send email? > > > That's orthogonal to the point at hand. The point is that honest > > > customers can have their WordPress website hacked. This might indeed > > > happen because of apathy on the part of that customer, but a server > > > provider cannot do anything to detect customers that do not upgrade > > > their website regularly enough. The product they sell is a bare > > > machine in a datacenter. > > > > That is the problem, and it should not be a business model without > > consequences. It's not a stretch to say those bare metal machines are > > munitions, should they be allowed open access? Be careful what you ask > > for. > > > > AFAICS that business model, which is the one pretty much everyone uses > (Amazon, OVH, Hetzner, ...) is the only way for smaller and medium-sized > businesses to run a server. > > What other business model would you suggest? Are there existing providers > that use the better business model you have in mind? Yes, I can think of 4 right now, and I'm sure there are many more. One of those 4 is in your short list above. The a few things that make those 4 providers good are 1) They act on abuse reports, 2) they block outbound port 25 by default, and 3) they require real ID. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJr24ACgkQPcxbabkK GJ+LZA/+L8wS/Kr0wlN7Ul8d8LkttbOAgGQrl3mfAh4yeBIa5PBhdTzIBwOAzH0y 1XXg4mfHQwzVMuxsAinmqF39/IOQKsU/1kC6z/UqzE834kBwVhMxEvN3O1uw9cI1 VSnTZpynBZd/Zq9H5bnViBULCiFgHUy6EcRz0iD7JK9joM44+TDyKy3oVaTC8M6t A9LHlV/9plzWlH1wvpiOGxIDc5aSYMb1FQXeyUPyS2JYCJRN7QkDJI6rFDyxbYgM tbb25pB/njfqfBGXM7XUOSsgarAYz3zgPaiIvrOGQOyavA6nLOg8BE27iskYnpwv eWinQnrnWHo2zF4Ejk+lyleFSgnDG0nC83u5IL983wV4H1nXxKabfrE/syTowCPr bIErTuLtfHYa7mQSksq0vfLb3L9zEteXdryPBQNewiUJwB1KFNgGQsiysE7Zjcre rwl5ENhGmGTjquuJkLRATI3oLJF3PJML5ezJQLUhgLgS0Jb70Wa9Tk3oQsWR7e1i PcvQf27SVpYOyL+ytGyAvhSiD/Nv0aeQQml8c09jhwdVgu9EAp7g7Ux3iLmWcMb+ v9tBHOjUFK9S1JRljc8Wr5xr7jwI0lQoueVEi8r8Lk3MsvryfkV8ZXkRMAOr5B6h 36+iZpj6rtk3l5LnX2jT2s75YgK8atAAWFuncTgNccg5jt4A4yM= =wYZq -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
Linode blocks port 25 on all new accounts/servers. You need to talk to them and explain who and what you are, before they open it manually for you. On Thu, 21 Jan 2021 16:29:56 + Gregory Heytings via mailop wrote: > How can a server provider do this? Apart from blocking port 25 of course, > and forcing all emails of their customers to go through their SMTP server, > in which case they wouldn't be selling a bare machine anymore. If it was > "not even that difficult", I'd guess they would all do it. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
while it is feasible for ISPs to eradicate spam on their network, it is impossible for server providers to do this: Umm.. it's not impossible, and it's not even that difficult.. How can a server provider do this? Apart from blocking port 25 of course, and forcing all emails of their customers to go through their SMTP server, in which case they wouldn't be selling a bare machine anymore. If it was "not even that difficult", I'd guess they would all do it. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
First off, I'm subscribed to this list, there is no need to email me AND the list. Sorry, I was just honoring the "Reply-To:" header set by the list. It's what they themselves say: they changed their formula two days ago, and because of this thousands IP addresses that were not listed are now listed. See http://www.uceprotect.net/en/index.php?m=12=0 . I know they did that change, I support it just like I thing the PBL is a good thing. Are you saying they should be prohibited from making that change? The point is not whether they should be prohibited from doing this, the point is whether it's a right thing to do. And yes, I do think it is wrong to blacklist tens of thousands of IPs because a few of them (less than 1%) misbehaved, and to ask the other 99% to pay to be whitelisted. One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent a spam in the last 7 days according to uceprotect. That might seem like a high number, but it's only 0.05% of the address space of that AS. Because of this all IPs of AS16276 are blacklisted. (By the way, the numbers I gave in a previous email were a too low estimation: they actually blocked millions of IPs (see above). If only 0.1% of these blocked IPs paid their whitelist fee, that would mean an income of at least 250,000 USD/year...) That's orthogonal to the point at hand. The point is that honest customers can have their WordPress website hacked. This might indeed happen because of apathy on the part of that customer, but a server provider cannot do anything to detect customers that do not upgrade their website regularly enough. The product they sell is a bare machine in a datacenter. That is the problem, and it should not be a business model without consequences. It's not a stretch to say those bare metal machines are munitions, should they be allowed open access? Be careful what you ask for. AFAICS that business model, which is the one pretty much everyone uses (Amazon, OVH, Hetzner, ...) is the only way for smaller and medium-sized businesses to run a server. What other business model would you suggest? Are there existing providers that use the better business model you have in mind? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 2021-01-21 6:01 a.m., Gregory Heytings via mailop wrote: it is impossible for server providers to do this: Umm.. it's not impossible, and it's not even that difficult.. It's a choice.. there are many service providers out there that do a bang up job.. You'll have to explain why one service provider has 1000x reports per ip than another.. Maybe we need to do more about pointing out who is doing a responsible job in the industry, and recommend them more, than just calling out the bad guys.. There is a germ of an idea in there, maybe a public web page that various infosec and rbl operators can communally contribute to that shows which hosting companies have the most and least reports over a given month, totals and percentages of their IP space. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 2021-01-21 6:03 a.m., Jim Popovitch via mailop wrote: It's never been about the $$, it's always been about identifying the responsible party. Which is why I am always surprised, that some providers choose NOT to offer 'rwhois' that shows the responsible party, and when they started using the IP Address. Using GDPR as an excuse not to allow customers transparency when they want it, is just dumb.. This would allow that responsible party who happens to 'live' in a dangerous neighbourhood, still operate responsibly. IMHO, if your hosting provider won't provide you with either SWIP or 'rwhois', move to a provider that will. ( and yes, it may cost you a few pennies more, you get what you pay for, but it costs WAY more to deal with a reputation problem, than to prevent it in the first place ) -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 21/01/2021 14:38, Gregory Heytings via mailop wrote: That's orthogonal to the point at hand. The point is that honest customers can have their WordPress website hacked. This might indeed happen because of apathy on the part of that customer, but a server provider cannot do anything to detect customers that do not upgrade their website regularly enough. The product they sell is a bare machine in a datacenter. Indeed. But when we've had abuse reports against our data centre IP addresses, we've immediately had an email from our hosting provider demanding to know why. If they don't get a quick response to that, they're on the phone to us. I suspect some hosting providers aren't as diligent (possibly because they charge so little that they can't afford staff to handle it, possibly because they don't care as long as they are paid) Either option is valid for the hosting provider, but the apathetic hosting providers shouldn't be surprised when their reputation is tarnished, and the customers should possibly be more careful about which hosting providers they choose to use if they care about their server's reputation (as they need to if trying to send email) -- Paul Paul Smith Computer Services supp...@pscs.co.uk - 01484 855800 -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 14:38 +, Gregory Heytings wrote: > > > > That's a fair point, there's no reason to not question their motives. > > > > I just personally don't see that it's a profit center for them. > > > > > > Just do the math. They blocked at least 100K IPs, because 1% of these > > > IPs sent spam in the last 7 days. If 0.5% of those 100K IPs decide to > > > subscribe to their whitelist, that's at least 5 CHF / 24 months. > > > Which is I guess a rather comfortable income that largely exceeds their > > > costs. > > > > How do you know that's not the same situation as the PBL? Who says that > > it was uceprotect's decision alone to list 100K IPs? > > First off, I'm subscribed to this list, there is no need to email me AND the list. > It's what they themselves say: they changed their formula two days ago, > and because of this thousands IP addresses that were not listed are now > listed. See http://www.uceprotect.net/en/index.php?m=12=0 . I know they did that change, I support it just like I thing the PBL is a good thing. Are you saying they should be prohibited from making that change? > > > Also, they seem to ignore that, while it is feasible for ISPs to > > > eradicate spam on their network, it is impossible for server providers > > > to do this: > > > > That sounds a lot like apathy. Even the banks are required to KYC. > > > > So what? If you use the bank analogy, it would mean pestering 1000 > customers because 1 customer got robbed. And then explain that they got > robbed because of apathy, because they did not install an alarm. But if customers keep getting robbbed, over and over in that neighborhood, then the right thing to do is...? > > > "If big providers like DTAG and Microsoft can so effectively prevent > > > that their customers are sending spam, why can your provider not also > > > do so? The simple answer is: The Abuse Departements of providers NOT > > > listed in our Level 3 are doing an excellent job, while those listed do > > > not. If your provider really wants to stop the excessive spam coming > > > from their ranges they would simply install some preventive measures." > > > > > > Honest customers can have their WordPress website hacked. > > > > Most don't, case studies have shown that it's apathy that causes most > > wordpress hacks. > > > > That's orthogonal to the point at hand. The point is that honest > customers can have their WordPress website hacked. This might indeed > happen because of apathy on the part of that customer, but a server > provider cannot do anything to detect customers that do not upgrade their > website regularly enough. The product they sell is a bare machine in a > datacenter. That is the problem, and it should not be a business model without consequences. It's not a stretch to say those bare metal machines are munitions, should they be allowed open access? Be careful what you ask for. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJkyUACgkQPcxbabkK GJ/Ouw//Urjf/dL0ERAruBba/muU1NanH2LgeAlUqMVPhc92klY+FT4xjZAA590a AgTDoNddF4W8eZGy6q12DMjIMS9oS1PuMnFQIMv6vAJ844Tmyu/3u7eBdUQTAhKd VLbA2Lm9VyBx+tuRHif4E40O5h41CY7GM/Cd49wXknWGPBHGOm6cB5mAvX1o0r9W cY4cEDtfweNWPS+cEtn/s3xiqXg/MsErbuE6rDt0+KLmOMmKmhO3Ty0nxFW5nuYg w9emH9Gv86VnYTgEkl4rieiC6Mtw0iOIBoHw0L75eHaY8aGKnCvxKsNjIpF2iMFi IsXcd4B2IRZA9+9XNffkRt5zvkQWSZT/7cCPIniNorNRQRIBj+sj7A0NvS+XrKkA ZG2GBL4PG4vd6qOoRnIBD5KuySA9Ec1AkiWpjlJeiWLJgcbP+OUmqXNCNsUTYFFM LxE9DBJGl18VFnjZjSzsr9y8mRXtCfaPKIfi0ocuepFcxr2/v16aT+H2oVfGXUBi sU5lR/xm4HXGWkYfNccFR8FnXIhj+SztkifXJxfh734PC2bEN80dwNNhd3nqQ//W 6j/SrVcuAeZbCP7JRh5sSvuIY8wxE97tSKzA1mgvNGFAZgaxxwDqLIub1mjpgJjx zMzvpDKf6vPJofxjeymaUQKH9aWf3L0wjsnTo6ihIbzphnIwbMs= =pG7g -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
That's a fair point, there's no reason to not question their motives. I just personally don't see that it's a profit center for them. Just do the math. They blocked at least 100K IPs, because 1% of these IPs sent spam in the last 7 days. If 0.5% of those 100K IPs decide to subscribe to their whitelist, that's at least 5 CHF / 24 months. Which is I guess a rather comfortable income that largely exceeds their costs. How do you know that's not the same situation as the PBL? Who says that it was uceprotect's decision alone to list 100K IPs? It's what they themselves say: they changed their formula two days ago, and because of this thousands IP addresses that were not listed are now listed. See http://www.uceprotect.net/en/index.php?m=12=0 . Also, they seem to ignore that, while it is feasible for ISPs to eradicate spam on their network, it is impossible for server providers to do this: That sounds a lot like apathy. Even the banks are required to KYC. So what? If you use the bank analogy, it would mean pestering 1000 customers because 1 customer got robbed. And then explain that they got robbed because of apathy, because they did not install an alarm. "If big providers like DTAG and Microsoft can so effectively prevent that their customers are sending spam, why can your provider not also do so? The simple answer is: The Abuse Departements of providers NOT listed in our Level 3 are doing an excellent job, while those listed do not. If your provider really wants to stop the excessive spam coming from their ranges they would simply install some preventive measures." Honest customers can have their WordPress website hacked. Most don't, case studies have shown that it's apathy that causes most wordpress hacks. That's orthogonal to the point at hand. The point is that honest customers can have their WordPress website hacked. This might indeed happen because of apathy on the part of that customer, but a server provider cannot do anything to detect customers that do not upgrade their website regularly enough. The product they sell is a bare machine in a datacenter. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
From their web site: WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes, perhaps it's not extortion. We may call it demanding money with menaces, exaction, extraction, blackmail... Lot's of things in life require payment(s), or purchase of addon equipment, depending on your circumstances in life, your living arrangements, or your location. If you are in a high-crime area your mortgage insurance will probably require you to purchase an alarm, or if your home is prone to house fires, a smoke detector. Then there are taxes, fees, licenses, etc. Life is self is pay-to-play, whether you realize it or not. Yeah, and when they'll need more beer they can just update their formula so as to blacklist a whole AS on the first spam, or maybe the whole RIR. That's a fair point, there's no reason to not question their motives. I just personally don't see that it's a profit center for them. Just do the math. They blocked at least 100K IPs, because 1% of these IPs sent spam in the last 7 days. If 0.5% of those 100K IPs decide to subscribe to their whitelist, that's at least 5 CHF / 24 months. Which is I guess a rather comfortable income that largely exceeds their costs. Also, they seem to ignore that, while it is feasible for ISPs to eradicate spam on their network, it is impossible for server providers to do this: "If big providers like DTAG and Microsoft can so effectively prevent that their customers are sending spam, why can your provider not also do so? The simple answer is: The Abuse Departements of providers NOT listed in our Level 3 are doing an excellent job, while those listed do not. If your provider really wants to stop the excessive spam coming from their ranges they would simply install some preventive measures." Honest customers can have their WordPress website hacked. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 14:01 +, Gregory Heytings wrote: > > > > > From their web site: WHITELISTING IS RECOMMENDED FOR IP > > > > > 217.182.79.147. Registration is available for 1 Month (25 CHF), 6 > > > > > Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes, > > > > > perhaps it's not extortion. We may call it demanding money with > > > > > menaces, exaction, extraction, blackmail... > > > > > > > > Lot's of things in life require payment(s), or purchase of addon > > > > equipment, depending on your circumstances in life, your living > > > > arrangements, or your location. If you are in a high-crime area your > > > > mortgage insurance will probably require you to purchase an alarm, or > > > > if your home is prone to house fires, a smoke detector. Then there > > > > are taxes, fees, licenses, etc. Life is self is pay-to-play, whether > > > > you realize it or not. > > > > > > Yeah, and when they'll need more beer they can just update their > > > formula so as to blacklist a whole AS on the first spam, or maybe the > > > whole RIR. > > > > That's a fair point, there's no reason to not question their motives. I > > just personally don't see that it's a profit center for them. > > > > Just do the math. They blocked at least 100K IPs, because 1% of these IPs > sent spam in the last 7 days. If 0.5% of those 100K IPs decide to > subscribe to their whitelist, that's at least 5 CHF / 24 months. > Which is I guess a rather comfortable income that largely exceeds their > costs. How do you know that's not the same situation as the PBL? Who says that it was uceprotect's decision alone to list 100K IPs? > Also, they seem to ignore that, while it is feasible for ISPs to eradicate > spam on their network, it is impossible for server providers to do this: That sounds a lot like apathy. Even the banks are required to KYC. > > "If big providers like DTAG and Microsoft can so effectively prevent that > their customers are sending spam, why can your provider not also do so? > The simple answer is: The Abuse Departements of providers NOT listed in > our Level 3 are doing an excellent job, while those listed do not. If your > provider really wants to stop the excessive spam coming from their ranges > they would simply install some preventive measures." > > Honest customers can have their WordPress website hacked. Most don't, case studies have shown that it's apathy that causes most wordpress hacks. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJirUACgkQPcxbabkK GJ/jMQ//Rz6ksQNBXDOja83J6D0bGY9YEejL5tvPjOKMEbb8N5kQnmz6acDMZmAl 9lHkKUMAGy0nGwggXxFaE8pyFg6ClGeOSz+6yQsxOvzz2KszprsV/xEENQRAUrrh VuqpTThAGC2Ltg4gbe9VUF0PNfpvw7KiuUpaeHssO2fch8ePJ6GRmwR3LUBH16Bh wYmxhWS2OGP87WcqcYQJzPgK67pvbi7u/LXgf+3Brw3trgXnI7HUVKr3ulMlpKot RkzfaoCmsPGKNi0Upa7PwgRMSZ+/JpO6E5g5FoYtVq6UCZmEXth3dT9pLFUvzhus voUNPUkRsaQtyRi1j5B3GpL+PwHPKVQW2cITnjG45a8T8ShxZMIAMEvKHEDqxk4m q6nApxtLvSA211o/LrpGYYYTcFv1Q836E8Rkt2LEZ8Di6WvRIdQkhceR/glMWdEX 3WgpMXPyJQj93/boiTF+S9trie4CI4n++mWBL1WYMONd9qWkJhHzpPqEBYMrc8aA +UP0Xvfggty/IxPw+wdQVvT+aDi4V0Tw5Qwnt0mFVoMMX1Nc2Ny3cv+muICoAeWL RuyJwVac/c4J6SrD5BCKLbbuUi2AsDCSR71XAomLfNKTbICe1Z3UMRHjPlGc9Cuj FoHnxIVUckRf0s0M+nH95UzB8RbD/fg7eMkRGcsej7o6TzC07+E= =73Hx -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 08:54 -0500, Chris via mailop wrote: > On 2021-01-21 07:26, Jim Popovitch via mailop wrote: > > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: > > > So yes, perhaps it's not extortion. We may call it demanding money with > > > menaces, exaction, extraction, blackmail... > > > > Lot's of things in life require payment(s), or purchase of addon > > equipment, depending on your circumstances in life, your living > > arrangements, or your location. If you are in a high-crime area your > > mortgage insurance will probably require you to purchase an alarm, or if > > your home is prone to house fires, a smoke detector. Then there are > > taxes, fees, licenses, etc. Life is self is pay-to-play, whether you > > realize it or not. > > Demanding a payment to protect someone from a threat, that you > *yourself* create is called a "protection racket" - classic extortion. > > "Pay us for protection", when it really means "pay us or we'll [break > your knees|set your house on fire|break your windows...]" isn't > insurance, and can get you arrested. Neither of those situations describe the reality of what uceprotect is doing. They are saying that if you choose to operate in a shady area, they will, for a payment, whitelist your address so that you can send email. Historically, email delivery was always tied to knowing who the sender was. This has been going on for decades, even with folks like Barracuda. It's never been about the $$, it's always been about identifying the responsible party. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJicoACgkQPcxbabkK GJ9J4RAAgy/aqivPvN9uyjzYmz0AvhKhddxa92DLEoh4FGmDYocWGHIvXTPsbhGV fYsbU4byKEx+UkrBhXACKTU3cmpe+2TmGBRlZKDATXS8zuYujlmDm9VCt9gL5nsR nMBnZ4lIkx/is57n4cnxPnFFISrNnrLvfnkiCc9Ob5JWI9Fe1uTM3LMxFKSbwGqs PMIv6HDNKmsDAaiyHDpho1BcUvzC1t7YWEWZApmpk7wl8n281ZUqmyirYgRqmUq0 tVkd0BnyDGMZqF5dDOn0Av34x9z51+iDmaMPnMiAQIFfoDfQ7+9TRz4GpXtKlONU azDEeoWMCXtzXTjvhc/FbPdMPtSLSozq3qmfYMtCu8uubdVaJvJYE3siztAWewBM mHN9AtMSlQY/LKtG/xlLo2h7kzM12VpbYlZLv4iLDMOLt0ih2MN0hDu+cNMOI6/Y AzVXjTW1tUxBoyCfOWqXsLpbt1cY+QyScuE201sGcr1pe8wGrXCdvcmTMo446ogA idmVFqjywYq6G4Op2ZBeiaUU0y/MVQt2oFk9DYN67mNvTpOJOHy4OL3oPxFTiA8m AtBvEBhKLW3FC84Weehxrxl3LeymNV1ElWtknpAQXCk8ZEF54bF6PG46DhEy897i fzEiRa68pFr4br7nimhNuMou5eZ4f2ssMPZh56cmtlgcJlGRu10= =LKhQ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 2021-01-21 07:26, Jim Popovitch via mailop wrote: On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: So yes, perhaps it's not extortion. We may call it demanding money with menaces, exaction, extraction, blackmail... Lot's of things in life require payment(s), or purchase of addon equipment, depending on your circumstances in life, your living arrangements, or your location. If you are in a high-crime area your mortgage insurance will probably require you to purchase an alarm, or if your home is prone to house fires, a smoke detector. Then there are taxes, fees, licenses, etc. Life is self is pay-to-play, whether you realize it or not. Demanding a payment to protect someone from a threat, that you *yourself* create is called a "protection racket" - classic extortion. "Pay us for protection", when it really means "pay us or we'll [break your knees|set your house on fire|break your windows...]" isn't insurance, and can get you arrested. Your example of addons isn't really relevant, it's just part of the fee or a fee modifier of an insurance policy. Until the insurer is the source of the threat as well - then it just becomes more extortion. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 13:44 +0100, Alessandro Vesely via mailop wrote: > On Thu 21/Jan/2021 13:26:43 +0100 Jim Popovitch via mailop wrote: > > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: > > > On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote: > > > > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: > > > > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: > > > > > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop > > > > > > wrote: > > > > > > > > > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > > > > > > > > > > > > You failed to mention this bit from that link: > > > > > > > > > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those > > > > > > approved > > > > > > and clean IP's that are registered at ips.whitelisted.org" > > > > > > > > > > Isn't that exactly what is called as extortion/blackmail? > > > > > > > > No, no it's not. I'll leave it to your legal dept to explain that to > > > > you. > > > From their web site: > > > WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. > > > Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 > > > Month (70 > > > CHF), 24 Month (90 CHF) . > > > So yes, perhaps it's not extortion. We may call it demanding money with > > > menaces, exaction, extraction, blackmail... > > > > Lot's of things in life require payment(s), or purchase of addon > > equipment, depending on your circumstances in life, your living > > arrangements, or your location. If you are in a high-crime area your > > mortgage insurance will probably require you to purchase an alarm, or if > > your home is prone to house fires, a smoke detector. Then there are > > taxes, fees, licenses, etc. Life is self is pay-to-play, whether you > > realize it or not. > > Yeah, and when they'll need more beer they can just update their formula so > as > to blacklist a whole AS on the first spam, or maybe the whole RIR. That's a fair point, there's no reason to not question their motives. I just personally don't see that it's a profit center for them. > Even taxes are being payed for better reasons. As an American tax payer I strongly disagree. :) - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJfsEACgkQPcxbabkK GJ+IMQ/8DfhbxscxTt7Rc68AGxsUKw80YTz8AoZm54q+h/Sr16bH8R+G6WvSR2PO uTzVwkNiYz3/XtdpNXfjS0D3G/2yACFj0EcATKLp6k47kJY7dRWQknOCZVHb4gpn ig+5IEDrxIE8G0qkE9dE1A2avfEU8WIOpqKFAmjUNE8A+D7OJVnGJNc/qm8Mc+ed c/vDLxlMT/NYxKxrWXq31ghzm5ieAp4Fks9bvjuJO4wzQniK46kpYTrw82p2zMyo +joMWrW94F+iF15bRh0fCxU+E2V09n7+URWexDwnlaJ3f331J9ReopoWn5E//fGI Rtxld65wRDDE2yqQ0b1w49MCmen7+4N2KUisrgOGOwFua/Oon3y7COLho5pX8N4C jKndZZ9835xuiVnr/93OZJa//ogqwywRA2Zz69wXptRum85O+tiXEZ2XcFuMWYsP 1/VUf1HnNCCDr7cPRQrmmnsWOsxV+SGMzw7FWDJVD47A32onLwp6nK9Jv3bWJzNF Xx7Z1IHCOq0XAJuXS87o9crFJnEt4PUR2JBeYHGzgIhSe+jDmsIBPa2LcAd8HXyE JFjAZ5EzEMBOZlSGsM/C8C5YkiFWnulHn4T2HyLpGtwx4AOY0HTcextl+pLtSA7w jQpzzDGofT06hCE/V7Is9qrHJNZQKSQAyBkrY5YP8H/OXbZ/vQ8= =0KAd -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Thu 21/Jan/2021 13:26:43 +0100 Jim Popovitch via mailop wrote: On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote: On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 You failed to mention this bit from that link: "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org" Isn't that exactly what is called as extortion/blackmail? No, no it's not. I'll leave it to your legal dept to explain that to you. From their web site: WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes, perhaps it's not extortion. We may call it demanding money with menaces, exaction, extraction, blackmail... Lot's of things in life require payment(s), or purchase of addon equipment, depending on your circumstances in life, your living arrangements, or your location. If you are in a high-crime area your mortgage insurance will probably require you to purchase an alarm, or if your home is prone to house fires, a smoke detector. Then there are taxes, fees, licenses, etc. Life is self is pay-to-play, whether you realize it or not. Yeah, and when they'll need more beer they can just update their formula so as to blacklist a whole AS on the first spam, or maybe the whole RIR. Even taxes are being payed for better reasons. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: > On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote: > > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: > > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: > > > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: > > > > > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > > > > > > > > You failed to mention this bit from that link: > > > > > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved > > > > and clean IP's that are registered at ips.whitelisted.org" > > > > > > Isn't that exactly what is called as extortion/blackmail? > > > > No, no it's not. I'll leave it to your legal dept to explain that to > > you. > > From their web site: > > WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. > > Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month > (70 > CHF), 24 Month (90 CHF) . > > > So yes, perhaps it's not extortion. We may call it demanding money with > menaces, exaction, extraction, blackmail... Lot's of things in life require payment(s), or purchase of addon equipment, depending on your circumstances in life, your living arrangements, or your location. If you are in a high-crime area your mortgage insurance will probably require you to purchase an alarm, or if your home is prone to house fires, a smoke detector. Then there are taxes, fees, licenses, etc. Life is self is pay-to-play, whether you realize it or not. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJcwMACgkQPcxbabkK GJ9Vlg/+J/7GiIC17+cMuT8b2O7+JI7YxSP2WQ3rEaLtLlL+eNSmyqCxoll5A07o RCneiBzyTKejnS5YJHNksUtq4avI4LSE4e17OsKMW1QWCozBMzfEqLtdiBBLItnf 2s2MpE6WIF504CGrwpsUf9DgVgC1Eg8mFxy3f+XQQsj3kMFZaYyoMAHQamxssz8t ZVT/5AudYnO4wXRVzyxZ1XgmfUL57lEGtlFhSGTWEbmoAyM+0KCxBF6i3qTONDSv LSVImbPFnyy/tZHR0QsHhB+fFPxV23hGoFwMahSJR4T/nK2YFC4JJvFjF54/QtB6 i+mbWZBA9nSuCFGhPXJBUtyOmC2WtwEuOIXR3S+mclbeIqFz/yGDODXXBsvWS0l5 qiMP+gxGy3xxbJ/DB7Hh+jY8OsPkuY4BbdfB0bZj43BJVbNVD87JwtRua61OG2oj uXFnNBDYyd7/Imp0qiLISb0TX58DLtYupkVcihlbLy5yQkC6S6CXT/5ruQ9bs7Ml VccejPk1GSxepFLjGeG1uFqr0SDuCKQR1JSayahR8ObAtLPNpYQ/h8+a+/AHMTF4 fsb3QYn3J6btVzOZAQWKztqmIBq9xxubgg0YjVVx0ddQSdYoqir7HbZMJoZSWGu6 EmEBDBGEwGRQGztqfkDDT5lI37PeJTsvY4Fu3NyPYAwmLs6CBdo= =0Lyp -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote: On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 You failed to mention this bit from that link: "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org" Isn't that exactly what is called as extortion/blackmail? No, no it's not. I'll leave it to your legal dept to explain that to you. From their web site: WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes, perhaps it's not extortion. We may call it demanding money with menaces, exaction, extraction, blackmail... Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 20 Jan 2021, at 11:27, Russell Clemings via mailop wrote: I don't really understand why anybody would use UCEPROTECT3 anyway. The first sentence of their web page says: "This blacklist has been created for HARDLINERS. It can, and probably will cause collateral damage to innocent users when used to block email." http://www.uceprotect.net/en/index.php?m=3=5 People do very dumb things with their mail systems. For 17 years I've run a strictly private blocklist which has for all of that time answered unauthorized queries to the DNSBL interface to the blocklist with either silence or hazardous garbage. The only way to know the base zone name would be to see a rejection message due to it (or guessing, which admittedly isn't hard.) The online documentation of the blocklist includes the current contents in a hard-to-parse but human-readable format and direct clear warnings that it is not available to the public as a DNSBL and that trying to use it in any form without my active assistance and approval would be extremely unwise and violent to normal email. Literally no one anywhere uses my blocklist as an absolute rejection criteria, as no one should. Every week, thousands of resolvers spread across hundreds of unique /24 nets ask for records in that DNSBL zone. The ones that get blocked from port 53 at my firewall for a week at a time consistently come back after their banishments within 12 hours and re-earn their blocking. No one doing those queries can possibly be getting any utility from them. At best, they get more than a UDP reply's worth of long-TTL records for whatever IPs they happen to query in their weekly paroles. The number of miscreants and volume of their queries has steadily grown over the past decade. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 08:27 -0800, Russell Clemings via mailop wrote: > I don't really understand why anybody would use UCEPROTECT3 anyway. > > The first sentence of their web page says: > > "This blacklist has been created for HARDLINERS. It can, and probably will > cause collateral damage to innocent users when used to block email." But the line right before that says: "Level 3 lists IP Space of the worst ASN's." Your server, your rules... - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAIb4QACgkQPcxbabkK GJ/hAg//S1eaUC0rPNcN3GYMJlVh0twQOwCeiqx8YEN19Vnv/3Oma4iF7C9wwCQ0 qTIIX8Z+3GqiK5cms/IfnqUOZjWCEXDsB++v5/XulpYx1MkM3j8v8qlRGi6JsR56 ANHZkfDdMvA1Y8KKGLo5KS8vS8QHkU7Pwv3tW7yVH3Chb3aAQUXk+96Zh5a+FGyA miKbaW0Iu6gWz9Lkklt20ElOGsGCWQ4gQrImEo6MCzPn1wUU6msx/W2NU+blkPM3 lLXkhV/bzzl+PJSJZSbBFQmxMJ7KXsZWVviRDIRRn+iOVdXWhYMEysk0bSmKiIPI j+cDqFLCvvO8UaiMf1NR9azkC5uggPucQPAGJ98HUHWwdoYz+kzv0iEWWw53L82n /eXxXtsYewKx1XJegDuvWCHrhYdmIfpmOPT5zoGXyjgKT7kNr4/Z6jG/wlR9i1te dpxrQAdsFvmGG8oNtol5XL2+wPnfiV1mGBLkmXUSidMczl4ovqACgwh6MxgI6yOj 1R3imW3/FNgLOpvw97PJaBhmqYmFMoVZL90a4hifJOjnzJBQzvBouiHOtanQg+de FthIAaXOpaYcFIme88IMdCBTnWqW7qLkI2HpezjI1TdpOL8ULDpfIk9yrRAl+WHX Uq2kzyOhVG8FPBBOnVXQBYErRrHpL1pGyhz999U4GbICg2Rp0TQ= =LYYZ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have to worry about deliverability? Their page tells me to ask my provider to fix the issue, which I will do, but... it's OVH, so you know... UCEPROTECT is among the worst blacklists in usefulness. They have a low catch rate (sits in the 25%-30% range most months) and a fairly high false positive count. People who use UCEPROTECT are wasting their bandwidth with the lookups. Based on years of testing, the "good" IP reputation services are: Proofpoint (not SORBS) Trend ERS Spamhaus Zen Cisco Senderbase All catch more than 50% of the spam, consistently month-to-month, and have vanishingly low false positive counts. All of the free IP reputation services have decayed significantly over the past few years; the best free service (Barracuda) is still worse than the worst paid service (Spamhaus), although the gap between those two is only a few percentage points most months. It is unfortunate that Proofpoint and Cisco don't sell their service standalone the way that Trend & Spamhaus do. On the other hand, the email business has changed so much over the past few years that it's actually a bit surprising that there's still this much choice out there. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
I don't really understand why anybody would use UCEPROTECT3 anyway.
The first sentence of their web page says:
"This blacklist has been created for HARDLINERS. It can, and probably will
cause collateral damage to innocent users when used to block email."
http://www.uceprotect.net/en/index.php?m=3=5
On Wed, Jan 20, 2021 at 7:43 AM Chris via mailop wrote:
> On 2021-01-20 05:10, Hans-Martin Mosner via mailop wrote:
>
> > On one hand, UCEPROTECT is relatively aggressive, and their unlisting
> policy is at least questionable. However, running
> > a blacklist incurs costs in terms of server time and admin time, so if
> they provide access for free, how should they
> > recover their costs?
>
> On that note, let me tell you all a story:
>
> I (with assistance of others) wrote RFC6471 ("Overview of Best Email
> DNS-Based List (DNSBL) Operational Practices") way back in 2012. It has
> a section called "conflict of interest" where delisting for a fee (for
> charity or otherwise) was considered a MUST NOT - due to its appearance
> of extortion.
>
> At the time, only SORBS and UCEPROTECT were doing "fees", in SORBS case,
> the fees went to charities. I was told directly by UCEPROTECT that the
> fees were "beer money" for the volunteers, and NOT to recover costs.
>
> RFC6471 was in its final stages of discussion within the ASRG before
> pushing upwards for IETF final editting and approval. UCEPROTECT took
> great exception and attempted to extort me (and another author who
> wasn't active at all at the time) personally to take that section out.
> They turned off UCEPROTECT removals entirely, directed listees to
> complain to me (and the co-author) personally, and everyone went away
> for the weekend.
>
> The uproar was in the ASRG, and people like John Levine will remember it
> well. The UCEPROTECT spokesperson was quite gleeful about the impending
> mailbomb.
>
> I told them that if they didn't stop doing this by the Monday, I'd have
> to report it to my Corporate Security and Legal departments as an attack
> upon the company.
>
> There was a mad scramble on their side and they finally got it stopped.
>
> UCEPROTECT's customer base seems fairly small, most of it in Germany
> where apparently they have secured some commercial contracts under some
> sort of "buy German" doctrine.
>
> As a FYI, SORBS was also present in the conversation and acted entirely
> professionally throughout the whole thing. A few months later SORBS
> informed me that they had dropped their charitable donation request.
>
> And, oh, the mailbomb? Precisely 4 angry emails, of which every one of
> which, once I explained the situation, encouraged to not give in to
> UCEPROTECT.
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
--
===
Russell Clemings
===
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 2021-01-20 5:39 a.m., Vittorio Bertola via mailop wrote: I could understand listing specific providers if they were clearly and openly tolerant of spammers, but listing big chunks of the entire industry at once? Personally, I think this is the year that you can expect to see more of that, as discussed in an earlier thread. It isn't only about being openly tolerant, it is about whether the company is monitoring their own networks, performing take downs in a timely manner, and preventing new sign-ups from obvious miscreants.. You can understand that if every day a new set of spammers can set up shop on a network, and that keeps happening for months and years on end, that company is going to have more people, whether quietly on their own, or in a very public manner, start simply rejecting traffic from those networks, and accept a little collatoral damage. This is the year for network operators to become more responsible for the activity on their own networks. If you are unfortunately one of those that are in that collatoral damage, then you probably will move to a network that has a better repututation for not allowing miscreants on the network. And remember, it isn't always just spammers, often those miscreants are a lot lot worse. "because there were 1868 spamming IPs from within this ASN last 7 days" You do have to question once an ISP gets to the point where 1000's of IPs are involved in spamming, especially when they get to that size, are they doing everything they can to stop spammers? Don't get me wrong, at scale it's easy to have say 100's of compromised wordpress servers, or any other software that isn't updated and maintained regularly by the owner.. but the ISPs CAN do things to detect/stop that. So before whining about the block list operator, (albeit, yeah removal fees is a bit of a sticky point, don't think that is the best way to cover costs of operating an RBL) you might like to examine why you are on there in the first place.. Just follow the infosec twitter feeds, and ask your self the question, why are so many of these bots on the same networks every time. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 2021-01-20 05:10, Hans-Martin Mosner via mailop wrote:
On one hand, UCEPROTECT is relatively aggressive, and their unlisting policy is
at least questionable. However, running
a blacklist incurs costs in terms of server time and admin time, so if they
provide access for free, how should they
recover their costs?
On that note, let me tell you all a story:
I (with assistance of others) wrote RFC6471 ("Overview of Best Email
DNS-Based List (DNSBL) Operational Practices") way back in 2012. It has
a section called "conflict of interest" where delisting for a fee (for
charity or otherwise) was considered a MUST NOT - due to its appearance
of extortion.
At the time, only SORBS and UCEPROTECT were doing "fees", in SORBS case,
the fees went to charities. I was told directly by UCEPROTECT that the
fees were "beer money" for the volunteers, and NOT to recover costs.
RFC6471 was in its final stages of discussion within the ASRG before
pushing upwards for IETF final editting and approval. UCEPROTECT took
great exception and attempted to extort me (and another author who
wasn't active at all at the time) personally to take that section out.
They turned off UCEPROTECT removals entirely, directed listees to
complain to me (and the co-author) personally, and everyone went away
for the weekend.
The uproar was in the ASRG, and people like John Levine will remember it
well. The UCEPROTECT spokesperson was quite gleeful about the impending
mailbomb.
I told them that if they didn't stop doing this by the Monday, I'd have
to report it to my Corporate Security and Legal departments as an attack
upon the company.
There was a mad scramble on their side and they finally got it stopped.
UCEPROTECT's customer base seems fairly small, most of it in Germany
where apparently they have secured some commercial contracts under some
sort of "buy German" doctrine.
As a FYI, SORBS was also present in the conversation and acted entirely
professionally throughout the whole thing. A few months later SORBS
informed me that they had dropped their charitable donation request.
And, oh, the mailbomb? Precisely 4 angry emails, of which every one of
which, once I explained the situation, encouraged to not give in to
UCEPROTECT.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On Wed, Jan 20, 2021 at 3:45 AM Jaroslaw Rafa via mailop wrote: > > Hello, > just got an information from MxToolbox that my IP (actually not my IP in > particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT > level 3. Checking of my IP (217.182.79.147) at > http://www.uceprotect.net/en/rblcheck.php gives the info that it has been > listed because there were 1868 spamming IPs from within this ASN last 7 > days while their threshold for level 3 listing is 717. > > My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have > to worry about deliverability? Their page tells me to ask my provider to fix > the issue, which I will do, but... it's OVH, so you know... I guess we will find out together, because my servers at HostUS just got listed on UCEPROTECT Level 3 as well. It feels like something perhaps changed yesterday and they decided to list a bunch of ISPs on UCEPROTECT Level 3. I suspect the listing impact will be very small. No big ISP will use level 3 for any filtering purposes. But some small hobbyists might use it. It would be unwise of them to do so, I think, but they likely will not value our opinion about it. There is a fine line between "granular reputation" to directly punish spammers or block spam without collateral damage and "block the whole ISP to get all their customers to revolt and leave." UCEPROTECT has always been somewhat zealous at driving collateral damage via level 2 and level 3 listings, in my opinion. Cheers, Al -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
> Il 20/01/2021 13:29 Hetzner Blacklist via mailop ha > scritto: > > Looking back on my infrequent checking of UCEPROTECT, that means OVH > will probably be permanently on level 3. > > In fact, a number of other large, well-known providers are now listed on > level 3 as well. I host my personal email server on a VPS at Contabo and, as of today, my IP is now also listed on level 3 - so I guess that Contabo is another provider that got suddenly listed in its entirety. Personally speaking, an operation that lists the entire IP address space of several big VPS providers in Europe at the same time, then asks for money to delist them, does look to me like an extortion scheme. I could understand listing specific providers if they were clearly and openly tolerant of spammers, but listing big chunks of the entire industry at once? Ciao, -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bert...@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > > > > You failed to mention this bit from that link: > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved > > and clean IP's that are registered at ips.whitelisted.org" > > > > > > Isn't that exactly what is called as extortion/blackmail? No, no it's not. I'll leave it to your legal dept to explain that to you. > Anyway, your network, your rules, don't complain if you are using > UCEPROTECT above level 1 and rejecting perfectly valid emails. As I previously said, in the past 10 years I haven't rejected any legitimate email from senders in uceprotect level 2 or 3 (nor even level 1). - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAILzYACgkQPcxbabkK GJ9rUQ//elMv/hFjq+Ic4qh4kw8fX9BWzJtwM1/V2lL9qxU405aCIIUEo4nz6cJO jec4/Noua4xQ4IcAPCBtqFG39lTWhGheB93GUKAcBev0Mn9I+Y7F1bxePlsbSBus cXOl8L55R+FvEESFnonyJGIlXNFmaqUeHqnZ9kJhpnB1i23IeuYb7RAG3vCDcN/l vvlBLNCpVVRZYDutOXPfGM9UbIj1Eyoew2sgzbMUrOzhVZVVRx1NdZPIC2bPFE2W 5XeRWy+oDwULivfolctjQchuJx6HYfASrUzY2ov1IDViSpA9imd8IPCwD1jjiUip BArihCn3pJ/iULkNI2tsgrPHe6VbLZa3ypAk6Vw1yDx7TRGXNtmwKB8C+o152VCa F07Oba0oXsNkvw/R/CS4KY8TGJgLTWajqPgVbY/FZ2DJFJ5VVop1JJgA9tVUHGwV i2y6eQ1vafxI6DAWrznbYFJbtlf9qpZhBBwp6hfNf6pexw2k6JwbN3okh0x7t14u 0hedn30xSw7+FtyrxAhzLD8yFmCmYHhp35hcSCoxvaM1L6QqKhDvT87wzI4fDLlj TBiolK6s9/ApBiYpEUAeXOSSEkX9yZfBU0uz+RZxAC++HRLcOqu/KdpdpDKCpi5Q +KjiXptrI7lLMFo9R1duaDBqVwjZZmQModgCLZbm+zlnDeBwWP8= =0O2S -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 You failed to mention this bit from that link: "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org" Isn't that exactly what is called as extortion/blackmail? Anyway, your network, your rules, don't complain if you are using UCEPROTECT above level 1 and rejecting perfectly valid emails. smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > You failed to mention this bit from that link: "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org" - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAIKQYACgkQPcxbabkK GJ+Q7g/+NlwaU7H/ZzrWbgEOXtCg29Ve0PYOCaovmmG4hVPazhGneKr70BhA7ZGu 0UzcWNluHnxgrs+aadoiZ8X+u0PchjDw7ZVlJ0DCGpNR431RkN0ta03EgK7oPvtX 6oHKnoGJZ+ZuI3yt8fV9+u0oY9iB2aOuxk8RVUkpqQOn91DKXlkXD8dvHpDwRHKO kOUizjpXm7Xpg/eV+aD9OXa6HEXgJStExIAW5wiyT/5efWv+EcunwFET+/ktOuim TmEJHQHKSh3Be8eVAKRzo/7YvCBwnV9r8nCB9geWOaoCPh/3reB92Vy2HTsN4h+V tHoNghmM5OQ5OFJP0dUI+dh4va+R35NGcwNpODHMxPXOOZ6cwqlGvh76oYxR0jG3 XJAhn7PgU73+yZXezfK/8/OnStuzbK064DXWWwnRvf4ov84u69BgmbufOz02gRUO sycSGmLZqkpsItZts2IuWiMTYps6xLPFmTpSLksnWS3x7dPoC78Tl1m3Xa0tV/f7 vNAXABoeAWPUMQMH4TQkCwld5h0EiPeo7XxOWKFnQbMJzOyl/JjtZJWGJZXW+6Jp 3pjyuatlp8Mi1kfqLz4ARladWgt2uBvy6QeOUYSc2qwuCazldNMRWe3lc6HWdLyh /+TYMqU2CqDYdlVLq54Ep6gFdZ7XjYlUVmq5GzozYG6hYMbCCOk= =0+9X -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
UCEPROTECT just recently changed their listing criteria for level 3 listings (blacklisting an entire ASN). Direct source: http://www.uceprotect.net/en/index.php?m=12=0 What they don't make clear (for whatever reason) is the actual change. Previously if 0.2% of a provider's IPs were blacklisted, then the entire provider ASN would be listed on level 3. Now it is 0.02%. Old policy: https://web.archive.org/web/20200304061553/http://www.uceprotect.net/en/index.php?m=3=5 New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 This means a provider like OVH "only" requires 716 blacklisted IPs to get their entire ASN on level 3, rather than 7,167 previously (based on the amount of IPs they currently have). Looking back on my infrequent checking of UCEPROTECT, that means OVH will probably be permanently on level 3. In fact, a number of other large, well-known providers are now listed on level 3 as well. Kind regards Bastiaan Am 20.01.2021 um 12:00 schrieb mailop-requ...@mailop.org: > Hello, > just got an information from MxToolbox that my IP (actually not my IP in > particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT > level 3. Checking of my IP (217.182.79.147) at > http://www.uceprotect.net/en/rblcheck.php gives the info that it has been > listed because there were 1868 spamming IPs from within this ASN last 7 > days while their threshold for level 3 listing is 717. > > My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have > to worry about deliverability? Their page tells me to ask my provider to fix > the issue, which I will do, but... it's OVH, so you know... > > I also find it quite impudent that the people who run UCEPROTECT offer > the whitelisting option (ips.whitelisted.org), but request payment for it... > If you provide access to blacklist for free, you should whitelist for free > as well. > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 20/01/2021 11:36, Martin Flygenring via mailop wrote: As mentioned by Hans-Martin, you can pay them to be whitelisted, which means that you will no longer appear in level 2 or 3 according to http://www.whitelisted.org/. So if you have sent so much bad mail you end up in their level 2 or 3, you can just pay them and then you can keep sending all the spam you want without a care in the world. Not really. You would still be in level 1 if you were sending spam, so paying for whitelisting wouldn't help. If you're in level 2 & 3, but not level 1, it basically means that you've made a bad choice of hosting/service provider. You've probably bought a cheap VM from a company that doesn't care that their VMs are used a lot by spammers. So, you can pay the whitelisting fee to get around that (an alternative would be to move to a decent hosting company that cares about abuse, so isn't in L2/L3) I wouldn't block outright based on just an L2/L3 listing, but it does give a leg-up to the spam scoring. -- Paul Paul Smith Computer Services supp...@pscs.co.uk - 01484 855800 -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
We were dealing with UCEPROTECT blocks roughly one year ago where we had several IP's blacklisted in level 1. Based on the info they gave, it wasn't always that easy to pinpoint the cause of the block, since they provided a date and time and wrote "+/- 1 minute". Several times, i checked our logs for that time +/- 5-10 minutes, and that IP had sent 0 mails. After a while, i started digging deeper into them as a blacklist... First of all, a lot of posts i found while googling was referring to them as scammers, extortion/blackmail blacklist, and so on. As mentioned by Hans-Martin, you can pay them to be whitelisted, which means that you will no longer appear in level 2 or 3 according to http://www.whitelisted.org/. So if you have sent so much bad mail you end up in their level 2 or 3, you can just pay them and then you can keep sending all the spam you want without a care in the world. You can also pay them for monitoring so you're alerted when something happens to the IPs you're managing. Do note that they don't accept Paypal any longer, due to: http://www.uceprotect.net/en/index.php?m=12=0 News from 18.02.2019: > Payment service provider Paypal really believe that they can treat long-standing customers like shit and withhold their money for no reason, but with all kinds of tricky excuses from their Terms and Conditions for some days, weeks, or even months. > In our opinion, they are clearly asking to boycott them. > That's the reason why we do no longer accept Paypal, and why we recommend, that every owner of a Paypal account, who does not want to come into the same situation, should remove any money from their Paypal account immediately, and to close the account, after the balance is Zero and all money was removed successfully. I guess people got tired of UCEPROTECT's blackmail scheme, and Paypal decided to agree and withhold their money? Also, looking at the bottom of their website, it shows that it is copyrighted by http://www.uceprotect.org/ Looking at that website, aside from the obvious "WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!", following the "For public amusement we have published stupidsters sending cart00neys here"-link gave this nice explanation from them: > People with a brain would simply fix their systems after getting listed for abuse. > Stupid losers are different. > They wrongly believe that the Internet was made for spamming and therfore they try to get listings removed by announcing legal action. > Writing such cart00neys one becomes subject of public ridicule and deserves to be banned from the Internet forever. > We recommend to firewall those lamerz on sight. So basically, you can pay to get whitelisted and send all the spam you want. Why care about quality when you can get paid. Getting delisted takes 7 days, or requires you to pay 89 CHF. Additionally, their website sounds like it's been written by the usual hacker style script-kiddie. In my opinion, it doesn't exactly provide you with a sense of professionalism from their side. It was honestly very hard to take them serious after all of that, and i'd really wish people would stop using them, since it just seems like some sort of cash-grab. On 1/20/21 11:10 AM, Hans-Martin Mosner via mailop wrote: Am 20.01.21 um 10:40 schrieb Jaroslaw Rafa via mailop: Hello, just got an information from MxToolbox that my IP (actually not my IP in particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT level 3. Checking of my IP (217.182.79.147) at http://www.uceprotect.net/en/rblcheck.php gives the info that it has been listed because there were 1868 spamming IPs from within this ASN last 7 days while their threshold for level 3 listing is 717. My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have to worry about deliverability? Their page tells me to ask my provider to fix the issue, which I will do, but... it's OVH, so you know... I also find it quite impudent that the people who run UCEPROTECT offer the whitelisting option (ips.whitelisted.org), but request payment for it... If you provide access to blacklist for free, you should whitelist for free as well. On one hand, UCEPROTECT is relatively aggressive, and their unlisting policy is at least questionable. However, running a blacklist incurs costs in terms of server time and admin time, so if they provide access for free, how should they recover their costs? On the other hand - this is OVH! They are huge, and they don't seem to have a working abuse desk (at least I never got any reaction to abuse reports I sent there, and I've most likely send hundreds). This means they are an attractive spammer haven, and the number of persistent spammers in their network is significant. In light of this, UCEPROTECT taking whitelisting fees from users of cheap providers that cut their costs by not paying an abuse team or by making a profit from
Re: [mailop] Is it something to worry about?
On Wed, 20 Jan 2021 at 11:54, Jim Popovitch via mailop wrote: > For me, it's "appreciate never seeing those emails". I outright block > level 2 and level 3, and high score level 1. I've been doing that for > years now and have never seen a reject log message that wasn't already > listed in Zen, Sorbs, or Psbl. > If this was true then it would be pointless to use UCEPROTECT if you already use Zen, Sorbs, Psbl ;-) E.g: OVH is currently in UCEPROTECT level-3, I have a few IPs there, none of them is in Zen, Sorbs, Psbl, but, of course, are in UCE L3 right now. Stefano ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 11:21 +0100, Renaud Allard via mailop wrote: > > I agree with what you said. That said, those who use UCEPROTECT above > level 1 to unconditionally block mails deserve to lose mails. > For me, it's "appreciate never seeing those emails". I outright block level 2 and level 3, and high score level 1. I've been doing that for years now and have never seen a reject log message that wasn't already listed in Zen, Sorbs, or Psbl. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAICcUACgkQPcxbabkK GJ9TyxAAoyrSMOuuEOss2Rmv37XdCV1ptlVs/gSevk2Fipdrla50K3AH5onnHFmI Bv7F/RYIsI6ubJcKrOqk5deKUumK9TpOBgucRRjvVMDovL/DNBzUVl8gBbR+HVLe rIliqVd1v/cK0QGC/D5c/SRjLIimKmYeVxwUo1gt9y1g3yQNwnNrjRG3b9kEU/bS /yFwaHNN5HMBszhl/W1op4900KMlemnMOEAiUIZznFyWHKJgRk1XvHhU1UDGkZAQ xnomauf/TwR7XY7NkRNoJsYLdI7oPJGhOIZujOeA9/KAKyDMee4YWfaIYZn3IpQq mKmQRtT4QuT1JNwKPjiE7kAwgqnkdxpYbVwKkbBJd3TkK0H2NO+gn4VNkteeRicy zeM2dVjGCV4JNoiW+em+IKGYPTGUt/BaAnFrGFcAd7hN8RlXzUO4rscF6cBaoQdA CxfgE/G+5AzbBRlgnMW9DXzVyEwxq/wZYqD+j6XMzWYjNANhQMKp6JTmn7eDeV/x iGHXk+iQu7YWhmMeVSlcgOxfN4r3GEC14w0m7slF9sqxRfq7kJHhj0bEEaITFWo0 sZh0PYsl5WsPYYw42RdNCotztcWDEB91AWuTyxhONXFQVURmxWdlR+pE1+MwfEHc D9glzzfaCnXO8tFaLG1dYlFYwdiJcBGsBLttN5d01f9uI5XhvuY= =mcMZ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
On 1/20/21 11:10 AM, Hans-Martin Mosner via mailop wrote: Am 20.01.21 um 10:40 schrieb Jaroslaw Rafa via mailop: Hello, just got an information from MxToolbox that my IP (actually not my IP in particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT level 3. Checking of my IP (217.182.79.147) at http://www.uceprotect.net/en/rblcheck.php gives the info that it has been listed because there were 1868 spamming IPs from within this ASN last 7 days while their threshold for level 3 listing is 717. My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have to worry about deliverability? Their page tells me to ask my provider to fix the issue, which I will do, but... it's OVH, so you know... I also find it quite impudent that the people who run UCEPROTECT offer the whitelisting option (ips.whitelisted.org), but request payment for it... If you provide access to blacklist for free, you should whitelist for free as well. On one hand, UCEPROTECT is relatively aggressive, and their unlisting policy is at least questionable. However, running a blacklist incurs costs in terms of server time and admin time, so if they provide access for free, how should they recover their costs? On the other hand - this is OVH! They are huge, and they don't seem to have a working abuse desk (at least I never got any reaction to abuse reports I sent there, and I've most likely send hundreds). This means they are an attractive spammer haven, and the number of persistent spammers in their network is significant. In light of this, UCEPROTECT taking whitelisting fees from users of cheap providers that cut their costs by not paying an abuse team or by making a profit from spammer hosting looks not so unreasonable after all. I do not condone their practice, though. On the mail systems that I run, mails from this AS would be rejected with a temporary error code until I see sufficient reason to whitelist the IP, which may take a day or more. There's a saying in german "Billig muss man sich leisten können" - "You have to be able to afford buying cheaply". I agree with what you said. That said, those who use UCEPROTECT above level 1 to unconditionally block mails deserve to lose mails. smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
Am 20.01.21 um 10:40 schrieb Jaroslaw Rafa via mailop: > Hello, > just got an information from MxToolbox that my IP (actually not my IP in > particular, but the ASN it belongs to) has been blacklisted at UCEPROTECT > level 3. Checking of my IP (217.182.79.147) at > http://www.uceprotect.net/en/rblcheck.php gives the info that it has been > listed because there were 1868 spamming IPs from within this ASN last 7 > days while their threshold for level 3 listing is 717. > > My question is: how widely is this BL (UCEPROTECT level 3) used? Do I have > to worry about deliverability? Their page tells me to ask my provider to fix > the issue, which I will do, but... it's OVH, so you know... > > I also find it quite impudent that the people who run UCEPROTECT offer > the whitelisting option (ips.whitelisted.org), but request payment for it... > If you provide access to blacklist for free, you should whitelist for free > as well. On one hand, UCEPROTECT is relatively aggressive, and their unlisting policy is at least questionable. However, running a blacklist incurs costs in terms of server time and admin time, so if they provide access for free, how should they recover their costs? On the other hand - this is OVH! They are huge, and they don't seem to have a working abuse desk (at least I never got any reaction to abuse reports I sent there, and I've most likely send hundreds). This means they are an attractive spammer haven, and the number of persistent spammers in their network is significant. In light of this, UCEPROTECT taking whitelisting fees from users of cheap providers that cut their costs by not paying an abuse team or by making a profit from spammer hosting looks not so unreasonable after all. I do not condone their practice, though. On the mail systems that I run, mails from this AS would be rejected with a temporary error code until I see sufficient reason to whitelist the IP, which may take a day or more. There's a saying in german "Billig muss man sich leisten können" - "You have to be able to afford buying cheaply". Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
