On 02.03.21 10:49, Vittorio Bertola via anti-abuse-wg wrote:Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg <anti-abuse-wg@ripe.net> ha scritto:
UCEPROTECT blacklists the whole range of IP addresses, including the full IP range of some autonomous systems:I stress that the problem is not in blacklisting entire providers, something that may be justified if those providers are lenient in fighting abuse on their networks, but in blacklisting entire providers with very weak criteria (so weak that most big European hosters end up at least in the level 3 blacklist) and then asking for money to remove them. This is actually prohibited by RFC 6471 (section 2.2.5) because indeed, especially when done at scale, it looks a lot like extortion.They don't ask for money to be removed from the the list. The listing gets automatically removed after 7 days of taking care of the issue, without money changing hands. Please stop spreading lies.
Interestingly -- but not unexpectedly -- enough they may add you to the uceprotect-level1 list if they see you attempted a payment but haven't paid. So, for reasons not related to spamming.
The whole autonomous system of my cloud provider got listed in uceprotect-level3. I wanted to check how their whitelisting works. They blacklisted the public IP of my home internet connection, with a reason (https://pasteboard.co/JQShns8.png):
Payment attempts with invalid credit cards.
Needless to say: my home ISP doesn't allow sending mail, has port 25 blocked, and I haven't entered any card data to get my IP of Cloud server whitelisted whatsoever, only initiated the payment and closed the browser tab once I was routed to their payment provider.
Regards,
Kristijonas
