UCEPROTECT-Network Spam List, Is This Extortion?

JVF has never heard about UCEPROTECT until now. Their practices are bordering on extortion. Ourselves, as well as others in our same situation, feel that a class action lawsuit should be brought against them. Their method of blocking the entire ISP's IP range just because of a similar users IP is unacceptable and against every rule in the spam book. Below you can see the hoops we have been jumping through to get our IP address removed from their blacklist.

JVF Consulting recently upgraded our dedicated server to Liquid Web and was assigned a new IP address. After migrating everyone over one of our customers noticed their emails were bouncing back from an email address that he was normally able to send to. To investigate the reason behind this we did a quick blacklist check using mxtoolbox. As you can see in the screenshot below our IP address is listed on 11 out of 118 known blacklists.


Of course we were instantly interested in removing our IP to fix our clients email issues. We visited the website we were directed to, and from the first impression you can tell they're kind of shady and definitely not located in the USA.

UCEPROTECT is just another DNS blacklist. They track IP addresses possibly involved with spam so email server administrators can configure their servers to block email messages. We entered our IP address and ran a scan to see if in fact our IP address is really listed. The results below show that our entire IP range is on their list! Of course this is not due to us, but more than likely someone with a similar IP address. Thanks to UCEPROTECT's policy they block the entire IP range of /24 and /16 networks with their Level 2 and Level 3 lists. Simply said, JVF Consulting is getting punished by UCEPROTECT because of somebody else's spam. This is ridiculous!

OK, so we're listed on their blacklist, this is not the first time we have had to remove an IP address we manage that has been incorrectly added to a blacklist, so what is the process? As you can see in the screenshot below, they want us to pay 150.00 € Euro's (EUR) to process our request and remove our IP address. That's almost $200 dollars! This is totally unacceptable, and quite possibly illegal! We are aware that some IP addresses are definitely more suspicious than others, but you wouldn't want to filter mail from them without a little further evidence (like seeing some spam from them).


After further reading UCEPROTECT suggests that we should change our ISP. Why would we ever switch from Liquid Web, they're by far the best hosting company on the planet. If we don't want to cough up the $200 to be removed is there another option? Supposedly there is, UCEPROTECT Network claims a 7 day waiting period for removal of blacklisted IP addresses, but we have be waiting for ours to expire for months now. The problem with this situation is that there is no indication as to when the blacklisting began, or when the 7 day ban began. UCEPROTECT does have an adequate IP removal process and their contact form is no help since they will purposefully ignore you and ban your IP if you request help with removal. These are direct quotes taken from their contact us page. "I know that my IP will be listed for further 7 days because of abusing the contact form if i ask for removals here!!"

After this experience we feel that independently operated black lists should not be taken seriously, especially this one. I have submitted an email to them requesting free removal even though we risk them adding us to their blacklist for an additional 7 days. I'm still waiting on a response, so when or if we have any news or updates to this situation we will keep you posted.

Didn't know we have to pay to remove our IP address off the black listed list.This is so unfair and why do they have the rights to black list without further investigation?

UCEPROTECT are scam artists.
No one use them.

They prey on weak administrators that dont know how to configure their RBL's correctly.

ALL Admins must remove these servers from their RBL's.

It is borderline extortion. The only people who pay are the admins that dont know any better.

Companies like Yahoo! should take them off their RBL's!!

I hope UCEPROTECT/BACKSCATTER.ORG gets sued!

I have a client who is using their direct Internet connection to host their own corporate exchange server. They are NOT a marketing company. They are not a SPAM company. The received a false positive from ucenetwork. After performing a search in google for +uceprotect +extortion I discovered that waiting for the uce group to take you off their list after 4 weeks will only invite them to put you back on their list. There is no actual reason for this. If we look at this from a business standpoint, ANY lead to 'protect' the Internet is better than none at all. So I used my paypal account and paid them their 50 euros. That comes to about $73. This client also had a blacklist from their web server hosting provider - shared hosting platform. This, too, was blacklisted, but on SORBS-SPAM. I spoke to their ISP to move us to another IP, but they claimed that they did not see a reason. They also admitted to me that they tried to contact Matt Sorbs direct for over ayear and a half regarding that IP, and there has been no answer back.
I am amazed that there is both the EFF and many US legislation efforts for anti SPAM and some kinds of rights, but basic extortion schemes like unregulated blacklists and RBL's are completely ignored.

This does sound like a load of crap! This definitely seems unfair and should be reported for sure. Does sound like a scam as well!

These people are crooks and probably run by the same people that create spam. No respectable hosting company should use them for blacklists.

They have no legitimate reason for listing an IP and can offer no proof or information for fixing the so called offence (even if you pay 150$ for it).

There are many scams on the Internet and UCEPROTECT is one of them.

I tried some port scanning and came out with golden gloves. then I tried an mx server that my domain uses for an email server. I hardly go there yet and my site is bascially being rebuilt ground up to make it better. Anyway I hardly ever even send emails from my pc using my business email yet! Maybe if am lucky 5 a MONTH.
The only thing I do know is there are forms on the site for users to be contacted with infomration or membership options etc. and order confirmations and hardly am on the planet yet of being a busy site yet. But still the mail server I share is Blocked by a company called Backscatter. you know what maybe Backscatter should be on the one Blocked totaty every which way then can as when I did go to there site they appeared to be Cowards and they know their users probably hate them! And deservedly so. Now take Action and retaliate! Cal evey ISP. the FCC if needed about Backscatters extortion methods and no way to even contact them when they are stealing gobs of money. I bet the the reciepts are for a ukrainian syndicate. No harm to the ukrainians I even hired develoeprs there and were the nicest people.

I cannot believe anyone was so ignorant as to fall for thier "Pay us 50 Euros or we will block you forever" scam!!?! I am sorry for those who shelled out the cash, but this company is merely a fake RBL provider who are trying to extort money from legitimate busnesses. If you check out thier psuedi site (www.uceprotect.org) and enter any user pass and key, a script runs with all sorts of 733t-speak BS, showing that these guys are just a bunch of looser idiots who are stuck in thier teens. All admins should immediately remove them from your lists!!!

We can fight this company by letting its sponsors know what we really think of the company they sponsor. A list of the sponsors can be found here. http://www.uceprotect.net/en/index.php?m=11&s=0

Sponsors

UCEPROTECT-Orga thanks to the following companies for sponsoring the project with root servers and bandwidth:

AUSTRIA

AT-Mirror 2 - Foltec GesmbH

CANADA

CA-Mirror 1 - Admins WebSecurity GbR

CA-Mirror 2 - iWeb Technologies Inc.

FRANCE

FR-Mirror 1 - Cisneo.fr

GERMANY

DE-Mirror 1 - Blindi Net Project

DE-Mirror 2 - Cosimo GmbH

DE-Mirror 4 - I-NetPartner GmbH

HUNGARY

HU-Mirror 1 - Nordtelekom Ltd

MEXICO

MX-Mirror 1 - Suavemente Networks

PHILLIPINES

PH-Mirror 1 - Bitstop Network Services

SWITZERLAND

CH-Mirror 1 - Your-Web GmbH / Swiss Computer Services AG

USA

US-Mirror 1 - Net Services Group

US-Mirror 2 - AntiSpamTech

US-Mirror 3 - Cari.net

US-Mirror 4 - Cari.net

US-Mirror 5 - VIRTBIZ Internet Services

US-Mirror 6 - Suavemente Networks

US-Mirror 7 - Egihosting

US-Mirror 8 - Sprocket Networks, Now powered by AppServe Technologies, LLC

US-Mirror 9 - Singlehop.com

US-Mirror 10 - Marlin eSolutions

US-Mirror 11 - Netriplex

US-Mirror 12 - Wholesaleinternet.com

US-Mirror 13 - CPC Technology


Also "thank you" to Phil Marsh, Snowdon Consultants Ltd for proofreading and correcting the English version of the website.

Here is the letter I sent to these sponsors:
To Whom It May Concern:



The company you are sponsoring has several people trying to get together and file a class action lawsuit against this company due to their methods of operation. Listed below is several comments including UCEPROTECT on their methods of operations along with comments on what people think of this company.



From UCEPROTECT themselves…

People that use UCEPROTECT (BACKSCATTERER) go with level 1 or level 2 of filtering because level 3 is to aggressive by blocking out entire IP blocks instead of specific IP addresses as they should do. (http://www.uceprotect.net/en/index.php?m=3&s=5) They themselves gave this warning about level 3. …This blacklist has been created for HARDLINERS. It can, and probably will cause collateral damage to innocent users when used to block email….

Here is a list of IP addresses currently being blocked by them. I pasted them into Microsoft Excel to see how many are black listed and it went way beyond Microsoft Excel’s limit of 65,536. You can find the list here. (http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz)



Here are some links of people’s comments on BACKSCATTERER along with some quotes about their tactics of extorting money which I myself have paid also. ($74.97, which I found out after paying they want on a monthly basis. I should consider myself lucky because I found out that they used to charge $200 per month) There are people rallying out there to bring up a class action lawsuit against them.



http://www.webhostingtalk.com/showthread.php?t=713833

…We used to use uceprotect but we found waaay too many false positives because of very large, blanket listings We had to remove it from our list of used RBLs…



http://forums.contribs.org/index.php?topic=44585.0;wap2

http://www.smartertools.com/forums/p/21852/58371.aspx

…I actually was using the exact same set of RBL's, but after a while I found out that UCEPROTECT1 repeatedly listed the smtp servers of some major ISP's here (NL). Of the unique hits of this RBL (not in any of the others), about 50% was a false positive, so I removed it. I have not yet encountered similar problems with Zen, Spamcop and PSBL….

http://www.linode.com/forums/archive/o_t/t_2863/start_0/index.html

…This is an extortion racket along the lines of sorbs.net. This 'anti-spam' service may well be run by spammers - with their strange understanding of legal matters, poor grammar, and payment by PayPal - they sure act like spammers….



http://www.jvfconsulting.com/blog/59/UCEPROTECTNetwork_Spam_List_Is_This_Extortion.html

…JVF has never heard about UCEPROTECT until now. Their practices are bordering on extortion. Ourselves, as well as others in our same situation, feel that a class action lawsuit should be brought against them. Their method of blocking the entire ISP's IP range just because of a similar users IP is unacceptable and against every rule in the spam book. Below you can see the hoops we have been jumping through to get our IP address removed from their blacklist….



…OK, so we're listed on their blacklist, this is not the first time we have had to remove an IP address we manage that has been incorrectly added to a blacklist, so what is the process? As you can see in the screenshot below, they want us to pay 150.00 € Euro's (EUR) to process our request and remove our IP address. That's almost $200 dollars! This is totally unacceptable, and quite possibly illegal! We are aware that some IP addresses are definitely more suspicious than others, but you wouldn't want to filter mail from them without a little further evidence (like seeing some spam from them)….



…It is borderline extortion. The only people who pay are the admins that dont know any better….



…These people are crooks and probably run by the same people that create spam. No respectable hosting company should use them for blacklists.

They have no legitimate reason for listing an IP and can offer no proof or information for fixing the so called offence (even if you pay 150$ for it).
There are many scams on the Internet and UCEPROTECT is one of them….



http://www.dnsstuff.com/forum/index.php?topic=1366108.0 (This quote came from UCEPROTECT themselves when they visited the forum to defend themselves. If no reasonable person should use level 3 then why offer it???)

…This means no reasonable Person should use Level 3 for BLOCKING….



http://www.dnsbl.info/forum/viewtopic.php?f=6&t=1020



Here is a comment from my tech support on UCEPROTECT which powers BACKSCATTERER. MIPSPACE also uses BACKSCATTERER.



. . . Hello,
While the server is listed at UCEPROTECT, there is very little we as a company can do. They run their blacklists only as an effort to make money. We've tried to work with them before and it all comes down to them wanting money to do something that is automated in the first place. We have repeatedly asked them for logs/evidence/proof and they adamantly do not provide any. Armed with this information, upper management refuses to deal with such unscrupulous companies. . . .



Thank you for your time,

Michael

I don't think that it is a coincidence that right after I voiced my opinion on UCEPROTECT that they blacklisted me on level 1, 2, and 3.

What do you think? This DEFINATELY shows questionable behavior!

Michael

We are victim of this Black Listing system. Our internet service provider is being entirely blacklisted by them. Our ISP is the number one in Belgium.

I like their false positive ratio:

http://www.uceprotect.net/en/rblcheck.php?asn=5432
54 spammers lead to 2560 IPs blocked.
About 98% of false positive. That's a record !!!

Indeed they are going to block all spam but the whole internet too.
zyphos

Did anyone actually pay to be removed? If you did could you please post on here or email me the Paypal e-mail he uses?

This should be seen on your payment receipt generated by Paypal after you paid. You can also view it via your Paypal account information.

Many thanks
Ben

Interesting: You were listed in 11 of 114 blacklists and the guys at UCEProtect told you that your ISP is a spammerhaeven.
Instead of kicking your ISP's ass you are whining about the blocklist?
How ignorant are you?
Reading the text I got the impression that all they require to be done is that your ISP kicks off the spammers in that range and then it will be removed free of charge within 7 days.
Hard to believe that someone is stupid enough to call that extortion.
Anyway I have to say thank you for blogging about UCEprotect.
Without you I would possibly never have heard about their project.
Since there is so much whining about them, they seem to be very effective.
I will therefore install their lists on all my servers.