<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div class="default-style">
<br>
</div>
<blockquote type="cite">
<div>
Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg <anti-abuse-wg@ripe.net> ha scritto:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div id="editbody1">
<div style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif;">
<p>Hello,</p>
<p>I noticed that RIPE NCC uses uceprotect-level1, uceprotect-level2 and uceprotect-level3 in RIPEStat Anti Abuse Blacklist Entries widget. <br><br>There have been controversial positions about this blacklist recently:</p>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
1) <a target="_blank" href="https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security" rel="noopener"> https://success.trendmicro.com<wbr>/solution/000236583-Emails-bei<wbr>ng-rejected-by-RBL-UCEPROTECL-<wbr>in-Hosted-Email-Security-and-<wbr>Email-Security</a>
<br>
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
2) <a target="_blank" href="https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html" rel="noopener"> https://blog.sucuri.net/2021/0<wbr>2/uceprotect-when-rbls-go-bad.<wbr>html</a>
<br>
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<br>
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<br>UCEPROTECT blacklists the whole range of IP addresses, including the full IP range of some autonomous systems:
</div>
</div>
</div>
</div>
</blockquote>
<div>
I stress that the problem is not in blacklisting entire providers, something that may be justified if those providers are lenient in fighting abuse on their networks, but in blacklisting entire providers with very weak criteria (so weak that most big European hosters end up at least in the level 3 blacklist) and then asking for money to remove them. This is actually prohibited by RFC 6471 (section 2.2.5) because indeed, especially when done at scale, it looks a lot like extortion.
<br>
</div>
<div class="default-style">
<br>
</div>
<blockquote type="cite">
<div id="editbody1">
<div style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<br>
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
UCEPROTECT states, '<em>Who is responsible for this listing? YOU ARE NOT! Your IP was NOT directly involved in abuse but has a bad neighborhood. Other customers within this range did not care about their security and got hacked, started spamming, or were even attacking others, while your provider has possibly not even noticed that there is a serious problem. We are sorry for you, but you have chosen a provider not acting fast enough on abusers'</em>) [<a target="_blank" href="http://www.uceprotect.net/en/rblcheck.php" id="v1m_6216008562741174618LPlnk" rel="noopener">http://www.uceprotect.net/en/<wbr>rblcheck.php</a>].
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<br>
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
It asks for a fee if some individual IP address wants to be whitelisted (<a target="_blank" href="http://www.whitelisted.org/" id="v1m_6216008562741174618LPlnk" rel="noopener">http://www.whitelisted.org/</a>),
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<br>
</div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
It abuses people who decide to challenge their blacklist by publishing conversations in their so-called <em>Cart00ney</em> (<a target="_blank" href="http://www.uceprotect.net/en/index.php?m=8&s=0" id="v1m_6216008562741174618LPlnk" rel="noopener">http://www.uceprotect.net/en/<wbr>index.php?m=8&s=0</a>; <a target="_blank" href="http://www.uceprotect.org/cart00neys/index.html" id="v1m_6216008562741174618LPlnk" rel="noopener">http://www.uceprotect.org/<wbr>cart00neys/index.html</a>).
</div>
</div>
</div>
</div>
</blockquote>
<div>
They recently published a disgustingly sexist "ad feminam" to blame a person that dared to complain about their methods:
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<a href="http://www.uceprotect.org/cart00neys/2021-001.html">http://www.uceprotect.org/cart00neys/2021-001.html</a>
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
They start with the argument that since she is a woman she is stupid and "emotional rather than objective", because she is a woman, and so they quote her message in pink colour.
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
This is completely unacceptable and I strongly recommend that RIPE distances itself as far as it can from these people - as a minimum, please stop using or referring to this blacklist in any way.
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
Regards,
<br>
</div>
<div class="io-ox-signature">
<p>-- <br class=""></p>
<pre class="">Vittorio Bertola | Head of Policy & Innovation, Open-Xchange<br><a href="mailto:vittorio.bertola@open-xchange.com">vittorio.bertola@open-xchange.com</a> <br>Office @ Via Treviso 12, 10144 Torino, Italy</pre>
</div>
</body>
</html>