This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Previous message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Next message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Vittorio Bertola
vittorio.bertola at open-xchange.com
Tue Mar 2 10:49:57 CET 2021
> Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg <anti-abuse-wg at ripe.net> ha scritto: > > > > Hello, > > I noticed that RIPE NCC uses uceprotect-level1, uceprotect-level2 and uceprotect-level3 in RIPEStat Anti Abuse Blacklist Entries widget. > > There have been controversial positions about this blacklist recently: > > 1) https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security > 2) https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html > > > UCEPROTECT blacklists the whole range of IP addresses, including the full IP range of some autonomous systems: > I stress that the problem is not in blacklisting entire providers, something that may be justified if those providers are lenient in fighting abuse on their networks, but in blacklisting entire providers with very weak criteria (so weak that most big European hosters end up at least in the level 3 blacklist) and then asking for money to remove them. This is actually prohibited by RFC 6471 (section 2.2.5) because indeed, especially when done at scale, it looks a lot like extortion. > > UCEPROTECT states, 'Who is responsible for this listing? YOU ARE NOT! Your IP was NOT directly involved in abuse but has a bad neighborhood. Other customers within this range did not care about their security and got hacked, started spamming, or were even attacking others, while your provider has possibly not even noticed that there is a serious problem. We are sorry for you, but you have chosen a provider not acting fast enough on abusers') [http://www.uceprotect.net/en/rblcheck.php http://www.uceprotect.net/en/rblcheck.php ]. > > It asks for a fee if some individual IP address wants to be whitelisted (http://www.whitelisted.org/), > > It abuses people who decide to challenge their blacklist by publishing conversations in their so-called Cart00ney (http://www.uceprotect.net/en/index.php?m=8&s=0 http://www.uceprotect.net/en/index.php?m=8&s=0 ; http://www.uceprotect.org/cart00neys/index.html http://www.uceprotect.org/cart00neys/index.html ). > They recently published a disgustingly sexist "ad feminam" to blame a person that dared to complain about their methods: http://www.uceprotect.org/cart00neys/2021-001.html They start with the argument that since she is a woman she is stupid and "emotional rather than objective", because she is a woman, and so they quote her message in pink colour. This is completely unacceptable and I strongly recommend that RIPE distances itself as far as it can from these people - as a minimum, please stop using or referring to this blacklist in any way. Regards, -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola at open-xchange.com mailto:vittorio.bertola at open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210302/58074103/attachment.html>
- Previous message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Next message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]