UCEPROTECT-Network Spam List, Is This Extortion?

By Jason Franco posted on Friday, May 1, 2009 - (General)

JVF has never heard about UCEPROTECT until now. Their practices are bordering on extortion. Ourselves, as well as others in our same situation, feel that a class action lawsuit should be brought against them. Their method of blocking the entire ISP's IP range just because of a similar users IP is unacceptable and against every rule in the spam book. Below you can see the hoops we have been jumping through to get our IP address removed from their blacklist.

JVF Consulting
recently upgraded our dedicated server to Liquid Web and was assigned a new IP address. After migrating everyone over one of our customers noticed their emails were bouncing back from an email address that he was normally able to send to. To investigate the reason behind this we did a quick blacklist check using mxtoolbox. As you can see in the screenshot below our IP address is listed on 11 out of 118 known blacklists.


Of course we were instantly interested in removing our IP to fix our clients email issues. We visited the website we were directed to, and from the first impression you can tell they're kind of shady and definitely not located in the USA.

UCEPROTECT is just another DNS blacklist. They track IP addresses possibly involved with spam so email server administrators can configure their servers to block email messages. We entered our IP address and ran a scan to see if in fact our IP address is really listed. The results below show that our entire IP range is on their list! Of course this is not due to us, but more than likely someone with a similar IP address. Thanks to UCEPROTECT's policy they block the entire IP range of /24 and /16 networks with their Level 2 and Level 3 lists. Simply said, JVF Consulting is getting punished by UCEPROTECT because of somebody else's spam. This is ridiculous!


OK, so we're listed on their blacklist, this is not the first time we have had to remove an IP address we manage that has been incorrectly added to a blacklist, so what is the process? As you can see in the screenshot below, they want us to pay 150.00 € Euro's (EUR) to process our request and remove our IP address. That's almost $200 dollars! This is totally unacceptable, and quite possibly illegal! We are aware that some IP addresses are definitely more suspicious than others, but you wouldn't want to filter mail from them without a little further evidence (like seeing some spam from them).


After further reading UCEPROTECT suggests that we should change our ISP. Why would we ever switch from Liquid Web, they're by far the best hosting company on the planet. If we don't want to cough up the $200 to be removed is there another option? Supposedly there is, UCEPROTECT Network claims a 7 day waiting period for removal of blacklisted IP addresses, but we have be waiting for ours to expire for months now. The problem with this situation is that there is no indication as to when the blacklisting began, or when the 7 day ban began. UCEPROTECT does have an adequate IP removal process and their contact form is no help since they will purposefully ignore you and ban your IP if you request help with removal. These are direct quotes taken from their contact us page. "I know that my IP will be listed for further 7 days because of abusing the contact form if i ask for removals here!!"

After this experience we feel that independently operated black lists should not be taken seriously, especially this one. I have submitted an email to them requesting free removal even though we risk them adding us to their blacklist for an additional 7 days. I'm still waiting on a response, so when or if we have any news or updates to this situation we will keep you posted.

Comments (35)

By Jonathon Kim posted on Friday, July 31, 2009 @ 2:03 PM
They prey on weak administrators that dont know how to configure their RBL's correctly.

ALL Admins must remove these servers from their RBL's.

It is borderline extortion. The only people who pay are the admins that dont know any better.

Companies like Yahoo! should take them off their RBL's!!

I hope UCEPROTECT/BACKSCATTER.ORG gets sued!
By Jeffrey posted on Friday, September 4, 2009 @ 12:49 AM
I tried some port scanning and came out with golden gloves. then I tried an mx server that my domain uses for an email server. I hardly go there yet and my site is bascially being rebuilt ground up to make it better. Anyway I hardly ever even send emails from my pc using my business email yet! Maybe if am lucky 5 a MONTH.
The only thing I do know is there are forms on the site for users to be contacted with infomration or membership options etc. and order confirmations and hardly am on the planet yet of being a busy site yet. But still the mail server I share is Blocked by a company called Backscatter. you know what maybe Backscatter should be on the one Blocked totaty every which way then can as when I did go to there site they appeared to be Cowards and they know their users probably hate them! And deservedly so. Now take Action and retaliate! Cal evey ISP. the FCC if needed about Backscatters extortion methods and no way to even contact them when they are stealing gobs of money. I bet the the reciepts are for a ukrainian syndicate. No harm to the ukrainians I even hired develoeprs there and were the nicest people.
By GKnight posted on Tuesday, October 27, 2009 @ 8:48 PM
I cannot believe anyone was so ignorant as to fall for thier "Pay us 50 Euros or we will block you forever" scam!!?! I am sorry for those who shelled out the cash, but this company is merely a fake RBL provider who are trying to extort money from legitimate busnesses. If you check out thier psuedi site (www.uceprotect.org) and enter any user pass and key, a script runs with all sorts of 733t-speak BS, showing that these guys are just a bunch of looser idiots who are stuck in thier teens. All admins should immediately remove them from your lists!!!
By Ben posted on Thursday, January 21, 2010 @ 10:38 AM
Did anyone actually pay to be removed? If you did could you please post on here or email me the Paypal e-mail he uses?

This should be seen on your payment receipt generated by Paypal after you paid. You can also view it via your Paypal account information.

Many thanks
Ben
By Franz posted on Thursday, March 4, 2010 @ 4:54 AM
Interesting: You were listed in 11 of 114 blacklists and the guys at UCEProtect told you that your ISP is a spammerhaeven.
Instead of kicking your ISP's ass you are whining about the blocklist?
How ignorant are you?
Reading the text I got the impression that all they require to be done is that your ISP kicks off the spammers in that range and then it will be removed free of charge within 7 days.
Hard to believe that someone is stupid enough to call that extortion.
Anyway I have to say thank you for blogging about UCEprotect.
Without you I would possibly never have heard about their project.
Since there is so much whining about them, they seem to be very effective.
I will therefore install their lists on all my servers.
By Tony posted on Wednesday, March 31, 2010 @ 10:44 AM
I sent a complaint to http://www.bka.de/ today.

Everyone, please send a complaint to http://www.bka.de/ - they are the department in Germany who deal with criminal organisations.

We need to get this company shut down as asking for money to remove IPs from so called black lists is illegal and shows this company is a scam. Franz, above, is clearly an employee of this scam outfit.
By J. Reives posted on Friday, April 9, 2010 @ 3:54 AM
They are not only backscatter/er but all uceprotect combinations, lautenschlager combinations, adminswebsecurity combinations, apews, triosex de and more. Not very smart of them is their wannabe-intimidating linking of their websites to the NSA of the U.S. either. This authority dislikes if someone adorns themselves with plumes borrowed from them.

There is obviously more than one reason why Dirk L. is wanted by some authorites and private persons now.
By Ralf posted on Friday, July 23, 2010 @ 2:49 AM
Total scam artists, sad to see that they are located in Germany, as I am a German myself.

This is plain and simple extortion, and I am currently checking if they added a clients IP address intentionally/maliciously in their blacklist. Found out last week when out of nowhere users at a client (I work for an outsourced IT service provider) got bounces on all emails. Checked the blacklists and saw they were indeed listed at a few. Reputable ones like CBL, Spamhaus and Spamcop removed the unfounded listing within minutes, Barracuda took it's sweet time and removed the IP within a couple of hours. Just those con-artists at UCEPROTECT hold you hostage for at least 7 days unless you pay them $150. I certainly will check up on those guys and will do/join any effort to get them shut down...
By Pat posted on Friday, July 30, 2010 @ 2:00 PM
yes really unfair, we have dedicated server with 2 IP's range
both are blacklisted because we are on these range
we had to paid to unlist the main server IP.
we lease theses IPs for our clients to know they are all blacklisted.

I used their form to tell them the way I think, once I clicked on submit , the form said
MESSAGE DENIED! - We don't take messages from people claiming to be a Spambot.
Spambots are welcome write us here .
ridiculous, they want you to fill their form and then tell you denied and want you submit via your ISP email
I never claimed for a remove on this form, just a way to express myself about their unfair and scam policy

now open to sugestion to figth them, a forum, or anything to stop them
thats not only affect service provider but the complete web community with shared, reseller and dedicated server clients.
I didn't checked if big big company as yahoo or hotmail are listed, there are plenty of spam sent from them.

contact me if you have a solution or proposition or sugestion to make
thank you
By Pat posted on Friday, July 30, 2010 @ 2:06 PM
sorry I forgot:

about hold you hostage for at least 7 days
if it was only 7 days or so, I will not make stories of it, but when 7 days come unlimited, this is another game.

on their level 3, we are, this is unlimited time, in short mean alway blacklisted
and not because we are spammer, but because in the range of where is our IP (1000's others) there are someone (if there are) abusing by spamming

really UNFAIR and Scam to make money on peoples making the web a way to earn money and paid their daily bills
By Bozaka posted on Wednesday, August 4, 2010 @ 5:28 PM
I have recently removed UCEPRotect level 1 from our mail server as they caused way too many false positives - I've maintained a very large whitelist to override the uceprotect list so the business can operate without losing legitimate emails.

I've finally given up as their lists are excessively vicious and on an almost daily basis block the IP addresses of LARGE ISPs and IP addresses of clients who are clearly NOT spammers. The final straw was OUR OWN ip address being added to their lists - we've never spammed, our network is nailed down heavily with NO access to port 25 except for our mailhosts. Why were added? Bugger knows.... And then the extortion method to get us delisted? NO thanks.

UCEPROTECT are overzealous with their lists and cannot be relied on unless you enjoy losing legitimate emails.
By Rhonda Brabbin posted on Wednesday, August 25, 2010 @ 5:30 PM
We are blacklisted by UCEPROTECT and cannot believe that some of our customers use this awful extorsion ring as spam protection what they are really doing is interfering in legitamate business, what do we need to do to shut them down? If anone has any information on taking down this idiotic organization please email me
By Laura posted on Friday, September 17, 2010 @ 10:24 AM
UCEProtect are still blocking huge IP blocks owned by BT, one of the UKs biggest ISPs.

They MAY have a legitimate claim that some BT users are sending spam, but blocking the entire range breaks the basic function of a anti-spam service - letting legitimate email through.

They have stated on their site that they are not going to be removing BT from the level 3 list. As many customers do not have the option of changing ISP, they are stuck, so we need to encourage all mailserver admins to either ignore this blocklist altogether, or only use it as a low-scoring spam indicator. It's wildly inaccurate, so has no place as a primary spam detector.

The requests for money to be delisted just make an irritation into something more suspicious.
By Gratis posted on Saturday, November 13, 2010 @ 4:03 PM
Some of these comments could have been posts in their own!
By Laurence Forcione posted on Wednesday, January 19, 2011 @ 12:08 AM
We too have been experiencing the same issue with them. After having been blacklisted over and over, paid the delisting fee numerous times, paid the white-listing fee and changed our mail server configuration, we still have no way to get in touch with them to find a solution.

This has been going on for several years and I believe they are hurting legitimate businesses more than they are helping. Their obnoxious stance towards anyone complaining with being listed and blaming it on incompetent mail administrators should be enough to reveal their intentions as a business organization.

Yes, they should be ignored, that's the best way to get rid of them, unfortunately some big players seem to rely on them (how the hell is that even possible?). Anyway, recently the effect of being listed on Backscatterer has been way less noticeable and they got more aggressive in listing IPs, so I decided to ignore them, stop paying their fee and will support any action that will help sanitize the process.

We should organize a petition to have their practices and other similar ones, banned as they have no intention in making the web a better place. Just rip-off legitimate businesses by taking advantage of the ability they have to interfere with proper email delivery and the lack of international regulations regarding email sending practices.
By FM posted on Tuesday, January 25, 2011 @ 7:07 PM
As a native German, I feel as if I have to apologize for them - then I noticed that they were from Bavaria, a state that we unsuccessfully tried to sell to the Austrians after WWII as revenge for letting the dictator out of Austria in previous years.

I'm not current with German law, but as they're "only" making a list available and aren't doing the blacklisting - which is done by whoever uses their list - they might be a slippery eel to catch.

Now, if we could just convince firelan.net and others to NOT use that blacklist, it'd all become a mute point soon enough.
By Jamey posted on Wednesday, February 9, 2011 @ 7:27 PM
chbmotd@uceprotect.net is the email they use for paypal. Yes, I got suckered too!

Good luck!
By Michael M posted on Wednesday, April 6, 2011 @ 3:52 PM
By Vertreter posted on Thursday, July 14, 2011 @ 10:41 PM
Do not pay anything to them. That company has no physical address and no bank connection (paypal is _not_ a bank).
The full names of these louts are known, also the whereabouts >http://www.aaroncake.net/misc/showthought.asp?thought=57< Lawsuits pending. Make paypal freeze their account because of money laundering.
By Seamus posted on Thursday, November 17, 2011 @ 10:51 AM
these f***ers really have pissed me off big time, I have hundreds of customers who do not receive mail because of their stupid lists.. in The past I paid them a couple of times, and was removed... We reconfigured our servers and took measures to ensure that we were NOT abusing in their eyes... It is simply impossible that this happens now.. our last expiration was on 14.11.2011, 30 minutes later we were listed again... Simply impossible.. why... ? the mail server was turned off at that time... duuuhh... complete Scam. Now if we end up on the list I just ignore it... I tell my clients who do not receive their mail to have their ISP remove UCEprotect from their RBLs ... This is the only way.. @Franz... I live close to Bavaria and if I find out where you are I may organize a little visit for you from a few Irish pals of mine in Balaclavas... Believe me I am looking for you you little piece of s***, you have cost me thousands in lost revenue and support... Interestingly Gmail do not subscribe to UCE...
By Lance Purcell posted on Sunday, February 5, 2012 @ 7:18 PM
Hi All,

I see a lot of people are really angry with UCE Protect. To be honest, its not extortion. UCE Protect is simply maintaining a LIST. It is their RIGHT to maintain a list and add/remove whomever they want.

If I wanted to set up a brand new RBL today, I could throw it up and there is no law in any country that governs who/what IP addresses I can add to my list. UCE Protect has this same right.

If you are angry or frustrated with their delisting practices (coined as extortion here), then you should petition the recipient mail server administrator to whom you cannot send mail as a result of your IP address listing. They are free to REMOVE UCE Protect as one of the RBL lists they reference.

There will never be a class action suit because UCE Protect is just making a list of IP addresses which falls within their free speech rights. They have absolutely NO CONTROL of who uses their list to block IP addresses. They are offering a "free" RBL service to Mail server administrators.
By Tod Denbayern posted on Saturday, February 25, 2012 @ 8:54 PM
Sure, Lance. Adolf Eichmann also maintained lists, only. Lists of people to be killed for being different. No, he did not kill anyone, he just maintained these black lists.

But the Allieds and Israel thought this was enough to execute him for taking part in a crime.

Admins should not make the mistake to use that ucecrap. They will be nailed anyway.

Nobody has to petition anywhere. Just take a lawyer, mail the German police and sue them. Their names are known.
By Lance Purcell posted on Sunday, March 11, 2012 @ 3:06 PM
Your comparison is absolutely ludicrous. Totally inappropriate for this forum IMO. We're talking about email and spam here. And your last sentence is just non-sensible babble. Your posts would probably earn you more credit in the History and Politics forums. Try there, you might make some friends.
By Rick posted on Monday, April 2, 2012 @ 4:57 PM
It looks like UCEPROTECT-Level 3 is a very accurate blacklist and produces very low false positives.
By Robert posted on Wednesday, April 18, 2012 @ 9:58 PM
"LEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
YOU ARE LOSING YOUR RIGHT TO EXPRESS DELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT. & WARNING: Do not play around here. You have no idea who we really are, and what will happen to you! " ...

Seriously??..ha ha ha.... These guys are narcissistic, powertrip dweebs...and seriously who in the hell would utilize this shadetree RBL as a freaking service for your companies email protection?..When there are plenty of free legitimate rbl's that don't threaten and extort money.. The supporters on this page in this thread MUST be trolls that work for the company, NOT network professionals with reputations to uphold.
By foster1628 posted on Wednesday, October 3, 2012 @ 4:04 PM
UCEPROTECT is blocking our server ip as well.
Abuse the internet
By avi s posted on Thursday, February 13, 2014 @ 8:54 PM
Hello, We want your comment release of the record, because the company above is blocked about 8 days and is unable to function, Fault firewall was revised and all efforts to release them does not work, please help us urgently
Thanks
mail.david-david.co.il which resolves to 31.168.148.28
By Ayhan posted on Friday, April 11, 2014 @ 6:54 PM
The Backscatterer.org and uceptotect is unacceptable.
1-The language they use in their website is Not business like, almost to level of insulting.
2-They do NOT allow people to contact them and explain this in a ridiculous language in their website.
3- They charge a lot of money.
4-They block an IP or a block of IP's. rather than blocking only the domain. This is like cutting down the services of an apartment or whole street if one person misuses.
I URGE EVERY BODY NOT TO USE THE BACKSKATERER CHECK İN THEİR SERVERS. ıF A LOT OF PEOPLE STOPS USİNG THEIR DATA BASE THEY WILL BECOME SENSIBLE.
By George posted on Monday, April 28, 2014 @ 2:56 PM
Admins do not use UCEPROTECT, NO REASON TO USE THEM, there a lot others that you can use.
By postman posted on Tuesday, June 10, 2014 @ 10:52 AM
Level3
It's a real extortion: my AS network is only mine. I choose my outgoing routes by myself -- there's no "your ip providers's network" for me and there's no any spam mail from my network. They say my AS is a part of AS65500! The same logic is to say, thet my AS is a part of XX.XX/16 or even XX/8 -- why not?
They say: give us money and we will excluse your network. Extortion, isn't it?
By Sulamani jack posted on Saturday, August 2, 2014 @ 10:47 AM
I hate this blacklist UCEPROTECT all other they whilist but this one seem to be the hacker why not blacklist IP like other
By Leonard posted on Tuesday, August 26, 2014 @ 11:26 PM
I would say it's blackmail. They've blacklisted us with a server which we are not on and have never been on. Every day we are notified we are blacklisted because we are sending spam from this other server. Whois can validate we are not at the IP address or even close to the IP address, they claim we are on.

They do not operate as a business. A business has accountability. They do not. Instead they are insulting and hide behind privacy so they don't have to be accountable.

The problem comes when they place you on their "list" and the other lists pick up on it. In my case, we can trace it back to them because suddenly everyone is showing an incorrect IP address for our server.

We get delisted from the other "lists" but as soon as UCEPROTECT places us back on their list, we get notices from all the others.

This interference of business. Who to sue? The administators who use UNCEPROTECT. Have your attorney send a cease and desist letter to them. And mention, especially if you're in the U.S. if they do not, you will open up "discovery" on the the company who is using this service. That will place the fear of God into any U.S. company who is using UNCERPROTECT.

No company wants the expense of "discovery". You can keep those things open for the entire lifetime of the company. It will be a lot easier for them to remove UNCEPROTECT than to be in "discovery".

Good luck
By David posted on Friday, September 19, 2014 @ 8:50 PM
UCE protect level 1 is a simple blacklist. But levels 2 and 3 are a clear extortion and a dirty business closer to mafia than to a fair spam fighting.

I don't know how much people are using their services but I hope they have no more than 2 clients worldwide. With this sort of burst lists, they look to be working shoulder-with-shoulder with spammers.
By UCE Guy posted on Sunday, September 21, 2014 @ 12:26 PM
Got this list from a disgruntled former UCEPROTECT associate->
Here are some of UCEPROTECT "partners" running spam traps. Mail server admins, you will understand what you need to do;)
I can ask for more domains if anyone is interested?

aalco-metall.de
admins.ws
alpinsports.at
apnq.org
bedouintravel.se
crossfashion.com
freelancewebmarket.com
hotel-link.eu
ipxnet.com
lautenschlager.eu
By Guy posted on Monday, December 8, 2014 @ 10:46 PM
If you have a client complaining that you're listed on the RBL, I would really question the issue, especially if you've never done business with the client before as they could be working directly with UCEPROTECT to make money. Either that or their email admin needs to find a new job. I've had a similar same issue with SORBS. I was going to mention Backscatterer too, but it looks like they're possibly the same company as UCEPROTECT, which makes a lot of sense.
Name:
Email:
Website:
Comment:
Verification:
RSS Facebook Twitter LinkedIn Google Plus Pinterest
Facebook
Instagram