Discussion:
UCEPROTECT is the Biggest Spammer on the Internet -- The UCEPROTECT RBL Extortion Racket and Spam Scam
(too old to reply)
Anonymous
2024-02-15 16:24:55 UTC
Permalink
On Thu, 15 Feb 2024 08:44:45 +0100
Another good thing about that is that if spammers harvest addresses and
send mail to that address, they will be listed at uceprotect. I use
their level 1 dnsbl in sendmail and that means those spammers will
rather unlikely be able to deliver their junk to my real inbox.
It also means that countless (millions) of totally innocent non-spammers will not be able to deliver email unless they pay an extortion fee to UCEPROTECT. The UCEPROTECT grifters add millions of innocent IP addresses to their blacklist to extort money from the victims by a pay-to-delist scam. UCEPROTECT is the biggest spammer on the Internet. They atomatically spam millions of victims with their pay-to-mail scheme via their phony blacklist. Using the blocklist from spammer extortionists is like inviting Cosa Nostra to protect your cash register.

I find it puzzling that anyone would utilize this fake and malicious RBL. UCEPROTECT is obviously an extortion racket. By gratuitously adding millions of innocent IP addresses to its blocklist, UCEPROTECT is the perpetrator that is actually spamming every mail exchange on the internet with its fraudulent blacklist. In a twist of hypocrisy, it is obvious that UCEPROTECT is the Internet's largest extortion spammer while pretending to 'fight' spam. UCEPROTECT probably extorts more money in a year than all Nigerian prince scammers have in Internet history. How many certain key administrators in a few big tech companies are getting kickbacks from UCEPROTECT to keep their blacklist racket alive? Hacktivists should be investigating this.

UCEPROTECT Scam: When RBLs Go Bad
https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

Email Service Providers – It’s Time to Stop Using UCEPROTECT
https://programmerbear.com/email-service-providers-its-time-to-stop-using-uceprotect/

UCEPROTECT Extortion Service: All Your Mails Are Belong To Us!
https://www.aaroncake.net/misc/showthought.asp?thought=57

UCEPROTECT Blacklist Scheme
https://kontech.net/uceprotect-blacklist-scheme-2020/

Recent Spikes on UCEPROTECT Level 3
https://blog.mxtoolbox.com/2021/02/12/recent-spikes-on-uce-protect-level-3/

Warning - Ignore Pay for De-Listing Blacklist Service
"Many countries have already blocked the UCEProtect server globally, this means the email servers can’t use it."
https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/

Beware: UCEPROTECT RBL Email Scam
https://www.inmotionhosting.com/support/news/uceprotect-rbl-scam/

Opinions on UCEProtect-Network: Scam?
Nobody legitimate uses that blacklist. Ignore it.
https://www.reddit.com/r/cpanel/comments/uyebez/opinions_on_uceprotectnetwork_scam/

UCEPROTECT Blacklist Scam
https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
Ivo Gandolfo
2024-02-15 17:53:44 UTC
Permalink
Post by Anonymous
On Thu, 15 Feb 2024 08:44:45 +0100
Another good thing about that is that if spammers harvest addresses and
send mail to that address, they will be listed at uceprotect. I use
their level 1 dnsbl in sendmail and that means those spammers will
rather unlikely be able to deliver their junk to my real inbox.
It also means that countless (millions) of totally innocent non-spammers will not be able to deliver email unless they pay an extortion fee to UCEPROTECT. The UCEPROTECT grifters add millions of innocent IP addresses to their blacklist to extort money from the victims by a pay-to-delist scam. UCEPROTECT is the biggest spammer on the Internet. They atomatically spam millions of victims with their pay-to-mail scheme via their phony blacklist. Using the blocklist from spammer extortionists is like inviting Cosa Nostra to protect your cash register.
My mailserver was listed 2 weeks ago (due to a user who sent me an email
from a domain like MX that points to one of their spam-trap servers).
Too bad that my mailserver as anti-spam protection does a reverse-check
on the sender's domain to check if that user really exists, and they
interpret this as an attempt to send spam (so they don't really check
whether someone sends spam, just you try to connect, and you're listed).

I attempted to contact them through the form they made available on
their website asking more info, but to date I have still not received a
response after almost 15 days have passed.

Fortunately, almost no one uses them anymore (at least, none of the
servers I administer have complaints in the logs that I have been listed
by them, and my servers send tons of emails).

There are much more serious services you can use, such as Spamhaus or
similar. New RBLs are born and die every day, it is not necessary to use
them all.
--
Ivo Gandolfo
Marco Moock
2024-02-15 18:56:38 UTC
Permalink
Post by Ivo Gandolfo
Post by Anonymous
On Thu, 15 Feb 2024 08:44:45 +0100
Another good thing about that is that if spammers harvest
addresses and send mail to that address, they will be listed at
uceprotect. I use their level 1 dnsbl in sendmail and that means
those spammers will rather unlikely be able to deliver their junk
to my real inbox.
It also means that countless (millions) of totally innocent
non-spammers will not be able to deliver email unless they pay an
extortion fee to UCEPROTECT. The UCEPROTECT grifters add millions
of innocent IP addresses to their blacklist to extort money from
the victims by a pay-to-delist scam. UCEPROTECT is the biggest
spammer on the Internet. They atomatically spam millions of victims
with their pay-to-mail scheme via their phony blacklist. Using the
blocklist from spammer extortionists is like inviting Cosa Nostra
to protect your cash register.
My mailserver was listed 2 weeks ago (due to a user who sent me an
email from a domain like MX that points to one of their spam-trap
servers). Too bad that my mailserver as anti-spam protection does a
reverse-check on the sender's domain to check if that user really
exists, and they interpret this as an attempt to send spam (so they
don't really check whether someone sends spam, just you try to
connect, and you're listed).
Do you use the VRFY SMTP command to check that or simply try to send an
email but close the connection then?
That is the intended command. If a server doesn't provide that, they
don't want to have the sender checked.
The latter will be interpreted as abuse by them.
If you fear that somebody forges the sender, check SPF/DKIM strictly
and reject them if it doesn't pass.

The problem behind sender verification is that if somebody sends
thousands of mails with your sender, the receiving servers will try to
send you 1000 verification attempts.
Stuff like SPF/DKIM can be cached in the DNS resolver.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Ivo Gandolfo
2024-02-15 19:30:26 UTC
Permalink
Post by Marco Moock
Do you use the VRFY SMTP command to check that or simply try to send an
email but close the connection then?
Yep, via rspamd. But just4fun I tried with a VM on my cluster that has 5
IPs available (IPv4 and IPv6), and I tried some options with telnet
(also because that VM DOES NOT HAVE any mail daemon installed, and all
the mail ports firewalled in and out ). All it takes is a connection to
their mail server and your IP goes straight to the blacklist. I'll leave
you free to try it yourself. 5 IP's listed in 3 min's xD
Post by Marco Moock
That is the intended command. If a server doesn't provide that, they
don't want to have the sender checked.
The latter will be interpreted as abuse by them.
If you fear that somebody forges the sender, check SPF/DKIM strictly
and reject them if it doesn't pass.
The problem behind sender verification is that if somebody sends
thousands of mails with your sender, the receiving servers will try to
send you 1000 verification attempts.
Stuff like SPF/DKIM can be cached in the DNS resolver.
My domain are very fine with all check's (DMARC, DKIM, SPF, etc), I have
registered all my ip's on all whitelist I have found.
After these tests I am ABSOLUTELY certain that they do not check whether
you really send SPAM or not. Thanks to their (bad) reputation I managed
to find some of their valid mail servers, with equally valid emails.
Luckily I have some subnet's "expendable" for testing, and I can assure
you that they don't do any checking. Their (bad) reputation is more than
deserved, so I advise anyone against using it (even the BIGs have given
up on using it due to their terrible way of managing it, see Google,
Microsoft, Yahoo, and practically all ISPs).
--
Ivo Gandolfo
Marco Moock
2024-02-15 20:37:21 UTC
Permalink
All it takes is a connection to their mail server and your IP goes
straight to the blacklist.
In level 1?
--
kind regards
Marco

Send spam to ***@cartoonies.org
Ivo Gandolfo
2024-02-15 20:54:38 UTC
Permalink
Post by Marco Moock
In level 1?
Yep.
--
Ivo Gandolfo
Anonymous
2024-02-15 21:02:15 UTC
Permalink
On Thu, 15 Feb 2024 21:37:21 +0100
Post by Marco Moock
All it takes is a connection to their mail server and your IP goes
straight to the blacklist.
Don't even visit their site. Your local IP might end up on an exploit list or sold to the BND and tied to the email or IP you were investigating. As far as intelligence agencies go the schneubli-eating German BND is the wurst. They are basically a clearing house or point man operation for the worst criminals who infect Swiss and U.S. intelligence agencies. Learn from the history of Crypto AG about the relationships of these agencies and the criminals that run them. Email blacklists serve as convenient reverse-lookup data stores for surveillance agencies. Of course they will look the other way when their assets are robbing people. It's a perk of doing business.
Post by Marco Moock
In level 1?
Read these links below. Some are written by big service providers. Even MXToolbox, afraid as they are to touch the subject, inadvertently lets slip what this racket is doing to people. UCEPROTECT is a protection racket. They are scum. They are bottom feeding extortioners. There are many other RBLs you can use without helping these bottom feeders.

The brainlets at Microsoft still use UCEPROTECT for their live and outlook mail hosts. Countless innocent sysops are blocked from sending messages to any Microsoft customers. The only reason I can think of for this is that someone at Microsoft getting kickbacks. As a postmaster I would never use UCEPROTECT. Even without knowing this scandalous information about their extortion just one look at their web site would convince me to not use their service. For the longest time their 'payment portal' was unencrypted. They required 'customers' (victims) to submit credit card information over plain http connections. If you pay their extortion fees don't be surprised if your CC info ends up for sale on a carder forum.

UCEPROTECT Scam: When RBLs Go Bad
https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

Email Service Providers – It’s Time to Stop Using UCEPROTECT
https://programmerbear.com/email-service-providers-its-time-to-stop-using-uceprotect/

UCEPROTECT Extortion Service: All Your Mails Are Belong To Us!
https://www.aaroncake.net/misc/showthought.asp?thought=57

UCEPROTECT Blacklist Scheme
https://kontech.net/uceprotect-blacklist-scheme-2020/

Recent Spikes on UCEPROTECT Level 3
https://blog.mxtoolbox.com/2021/02/12/recent-spikes-on-uce-protect-level-3/

Warning - Ignore Pay for De-Listing Blacklist Service
"Many countries have already blocked the UCEProtect server globally, this means the email servers can’t use it."
https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/

Beware: UCEPROTECT RBL Email Scam
https://www.inmotionhosting.com/support/news/uceprotect-rbl-scam/

Opinions on UCEProtect-Network: Scam?
Nobody legitimate uses that blacklist. Ignore it.
https://www.reddit.com/r/cpanel/comments/uyebez/opinions_on_uceprotectnetwork_scam/

UCEPROTECT Blacklist Scam
https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
Ivo Gandolfo
2024-02-15 21:13:27 UTC
Permalink
Post by Anonymous
The brainlets at Microsoft still use UCEPROTECT for their live and outlook mail hosts. Countless innocent sysops are blocked from sending messages to any Microsoft customers.
Not anymore. I got to try and they also removed that blacklist, too many
false positives (in the company where I work we use Microsoft services,
and their local technician confirmed this to me just 2 days ago).
--
Ivo Gandolfo
Anonymous
2024-02-15 21:57:35 UTC
Permalink
On Thu, 15 Feb 2024 22:13:27 +0100
Post by Ivo Gandolfo
Post by Anonymous
The brainlets at Microsoft still use UCEPROTECT for their live and outlook mail hosts. Countless innocent sysops are blocked from sending messages to any Microsoft customers.
Not anymore. I got to try and they also removed that blacklist, too many
false positives (in the company where I work we use Microsoft services,
and their local technician confirmed this to me just 2 days ago).
Maybe the the teams at Sucuri, Linode, Digital Ocean, Inmotion and others might have gotten through to Microsoft in the past week.

I tried last week and two IPv4 addresses were blocked by outlook mail servers. The servers responded with UCEPROTECT links. I am going to try to confirm this later on just to be sure.

Going forward I want to use IPv6 for all new mail domains and subdomains and set upstream rDNS records for each subdomain (mail, smtp, pop, imap). It seems like the IPv4 space is a shrinking battlefield of annoyance.
Marco Moock
2024-02-16 07:54:40 UTC
Permalink
Post by Anonymous
On Thu, 15 Feb 2024 21:37:21 +0100
All it takes is a connection to their mail server and your IP goes
straight to the blacklist.
Don't even visit their site. Your local IP might end up on an exploit
list or sold to the BND and tied to the email or IP you were
investigating.
That sounds like a porky-pie.
Post by Anonymous
As far as intelligence agencies go the schneubli-eating German BND
is the wurst. They are basically a clearing house or point man
operation for the worst criminals who infect Swiss and U.S.
intelligence agencies.
Remember: Every intelligence agency acts against their citizens.
Post by Anonymous
Learn from the history of Crypto AG about the relationships of these
agencies and the criminals that run them. Email blacklists serve as
convenient reverse-lookup data stores for surveillance agencies. Of
course they will look the other way when their assets are robbing
people. It's a perk of doing business.
Why do they want to surveil the IP addresses listed there?
Many spammer-loving ASNs are in certain countries where the western
agencies don't have access.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-02-23 07:26:48 UTC
Permalink
On Fri, 16 Feb 2024 08:54:40 +0100
Post by Marco Moock
Post by Anonymous
On Thu, 15 Feb 2024 21:37:21 +0100
All it takes is a connection to their mail server and your IP goes
straight to the blacklist.
Don't even visit their site. Your local IP might end up on an exploit
list or sold to the BND and tied to the email or IP you were
investigating.
That sounds like a porky-pie.
Is that an upgrade from sounding like a stage 1 chickenboner? :D

Lumber Cartel :: Glosary :: Chickenboner
https://www.lumbercartel.ca/glossary/chickenboner.pl
Post by Marco Moock
Post by Anonymous
As far as intelligence agencies go the schneubli-eating German BND
is the wurst. They are basically a clearing house or point man
operation for the worst criminals who infect Swiss and U.S.
intelligence agencies.
Remember: Every intelligence agency acts against their citizens.
Hey! Stop that! You're going to get us all into trouble! :O
Post by Marco Moock
Post by Anonymous
Learn from the history of Crypto AG about the relationships of these
agencies and the criminals that run them. Email blacklists serve as
convenient reverse-lookup data stores for surveillance agencies. Of
course they will look the other way when their assets are robbing
people. It's a perk of doing business.
Why do they want to surveil the IP addresses listed there?
Many spammer-loving ASNs are in certain countries where the western
agencies don't have access.
I've never thought of UCE-PROTECT to be a direct source of
drama; an indirect source, maybe, but that's just because they seem to
be highly successful at upsetting a lot of spammers.

At any rate, where the various three-letter agencies don't have
access, UCE-PROTECT and so many other DNSBLs provide worldwide coverage,
and I find these services to be quite useful.
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-02-23 17:44:17 UTC
Permalink
Post by Randolf Richardson 張文道
I've never thought of UCE-PROTECT to be a direct source of
drama; an indirect source, maybe, but that's just because they seem to
be highly successful at upsetting a lot of spammers.
True, and that is one of the good things.
Sadly, some people treat level 2/3 wrong.

But the best thing is still the cart00neys section.
http://www.uceprotect.org/cart00neys/
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-02-23 18:04:42 UTC
Permalink
On Fri, 23 Feb 2024 18:44:17 +0100
Post by Marco Moock
Post by Randolf Richardson 張文道
I've never thought of UCE-PROTECT to be a direct source of
drama; an indirect source, maybe, but that's just because they seem to
be highly successful at upsetting a lot of spammers.
True, and that is one of the good things.
Sadly, some people treat level 2/3 wrong.
But the best thing is still the cart00neys section.
http://www.uceprotect.org/cart00neys/
It's fantastic, and here's a highlight that made my day:

"Either you are lying as habit, or you are not the
brightest bulb in the chandelier."

Source: http://www.uceprotect.org/cart00neys/2021-001.html

That "not the brightest bulb in the chandelier" line is
wonderfully brilliant! :D
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-02-23 18:59:35 UTC
Permalink
Post by Randolf Richardson 張文道
That "not the brightest bulb in the chandelier" line is
wonderfully brilliant! :D
Maybe this is simply translated from German.
One of the uceprotect operators is from Bavaria and moved to
Switzerland.

In German, the term "Nicht die hellste Kerze auf dem Kronleuchter" is
the translation of that sentence.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-02-23 19:13:52 UTC
Permalink
On Fri, 23 Feb 2024 19:59:35 +0100
Post by Marco Moock
Post by Randolf Richardson 張文道
That "not the brightest bulb in the chandelier" line is
wonderfully brilliant! :D
Maybe this is simply translated from German.
One of the uceprotect operators is from Bavaria and moved to
Switzerland.
In German, the term "Nicht die hellste Kerze auf dem Kronleuchter" is
the translation of that sentence.
It's certainly classier than the variant used here in
Canada from time-to-time of "not the brightest bulb in
the pack."

Now I'm wondering, has that chandelier been collecting
a lot of dust? If so, then the "classier" aspect just
isn't going to cut it. ;)
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-02-15 18:52:09 UTC
Permalink
Post by Anonymous
It also means that countless (millions) of totally innocent
non-spammers will not be able to deliver email unless they pay an
extortion fee to UCEPROTECT.
It seems you don't understand the different levels.
Level 1 means IP addresses that actually send spam. They get unlisted
after 7 days.

Level 2/3 are entire networks.
Those admins who implement that lists intentionally want to block mail
from that networks/ASNs, so complain to them and not to the operator of
the list.
If nobody used lvl2/3, nobody would be affected.

Another good idea: Choose an ISP with a working abuse department.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Loading...