<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p id="reply-intro">On 2021-03-02 13:12, Esa Laitinen wrote:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<div id="replybody1">
<div>
<p><br /></p>
<div class="v1moz-cite-prefix">On 02.03.21 10:49, Vittorio Bertola via anti-abuse-wg wrote:</div>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg <a class="v1moz-txt-link-rfc2396E" href="mailto:anti-abuse-wg@ripe.net" rel="noreferrer"><anti-abuse-wg@ripe.net></a> ha scritto:</blockquote>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<div id="v1editbody1">
<div style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;"> </div>
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;">
<div style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000;"><br />UCEPROTECT blacklists the whole range of IP addresses, including the full IP range of some autonomous systems:</div>
</div>
</div>
</div>
</blockquote>
<div>I stress that the problem is not in blacklisting entire providers, something that may be justified if those providers are lenient in fighting abuse on their networks, but in blacklisting entire providers with very weak criteria (so weak that most big European hosters end up at least in the level 3 blacklist) and then asking for money to remove them. This is actually prohibited by RFC 6471 (section 2.2.5) because indeed, especially when done at scale, it looks a lot like extortion. </div>
</blockquote>
<p>They don't ask for money to be removed from the the list. The listing gets automatically removed after 7 days of taking care of the issue, without money changing hands. Please stop spreading lies.</p>
<p><br /></p>
</div>
</div>
</blockquote>
<p>Interestingly -- but not unexpectedly -- enough they may add you to the uceprotect-level1 list if they see you attempted a payment but haven't paid. So, for reasons not related to spamming. <br /><br />The whole autonomous system of my cloud provider got listed in uceprotect-level3. I wanted to check how their whitelisting works. They blacklisted the public IP of my home internet connection, with a reason (<a href="https://pasteboard.co/JQShns8.png">https://pasteboard.co/JQShns8.png</a>):</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<p>Payment attempts with invalid credit cards. </p>
</blockquote>
<p>Needless to say: my home ISP doesn't allow sending mail, has port 25 blocked, and I haven't entered any card data to get my IP of Cloud server whitelisted whatsoever, only initiated the payment and closed the browser tab once I was routed to their payment provider. <br /><br />Regards,<br />Kristijonas</p>
</body></html>