OVH Community

Welcome to your community space. Ask questions, search for information, post content, and interact with other OVH Community members.

Blacklisted IP ranges by UCEPROTECTL3


#1

I have been facing issues with my email servers on OVH dedicated machines in both Canada and France.
It seems that there is a Swiss blacklist that is utilised by the likes of Microsoft (outlook, Hotmail, live etc etc) that is listing hoards of OVH’s IP ranges.
This has a direct negative impact on individual IPs on dedicated servers, and others I would imagine.
OVH informs me (by ticket return) that we have two options; 1) use IPv6 for outgoing SMTP or 2) ask the email service providers (to whom our emails can no longer be sent) to desist their use of the UCEPROTECT blacklist.
According to UCE OVH is one of the ASNs that are not configured correctly to avoid spam throughput via their servers/network.

Does anyone know how to set the SMTP out IP to work with IPv6? Because the second option is obviously pointless and it look like OVH is not going to buy their way out or alter their network accordingly!

Here is an extract from their lookup page (http://www.uceprotect.net/en/rblcheck.php)

What does it mean to be listed at the UCEPROTECT-Level 3?
UCEPROTECT Network operates three levels of blacklisting, so our users can make the decision how strong they want to filter.
While UCEPROTECT-Level 1 lists single IP’s only, UCEPROTECT Level-2 escalates and lists dirty allocations.
UCEPROTECT-Level 3 is the highest possible escalaion, complete Autonomus Systems (AS) get listed at Level 3 if there were too many Impacts from IP’s listed in Level 1 originating from said AS counted within the last 7 days.
If the provider harbours too many abusers and only has one ASN (Autonomus System Number) that logically means:
All IP’s of said provider get listed at Level 3 then.
Click here to see the Policy for UCEPROTECT-Level 3
While in fact UCEPROTECT-Level 3 is nothing than pure mathematics based on the Impacts from Level 1, one could best describe UCEPROTECT-Level 3 as a boycottlist.

As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP 142.44.xxx.xx was NOT part of abusive action, but you are the one that has freely chosen your provider.
By tolerating or ignoring that your provider doesn’t care about abusers you are indirectly also supporting the global spam with your money.
Seen from this point of view, you really shouldn’t wonder about the consequences.

Therefore we recommend:
Please send a complaint to your provider and request they fix this problem immediatly.
Think about this: You pay them so that you can use the Internet without problems;

If they are ignoring your complaint or claiming they can’t do anything, you should consider changing your provider.
There are currently about 105,000 providers worldwide, but only a few hundred make it to get listed into UCEPROTECT-Level 3.

According to the statistics measured against the mailflow of several national authorities in Germany, Austria and Switzerland, those few providers which often end up in our Level 3 are responsible for 50 - 75% of all global spam, while almost no real mail came from their networks and ranges.

See: Inaccuracy and accuracy of UCEPROTECT-Level 3 during the last 4 weeks

We often get to hear the argument:
My provider is so hugh, and they have so many home users, it is almost impossible that they can create effective measures to prevent spam.
This statement is simply wrong and an excellent good example for a large but clean provider is DTAG (ASN 3320):

DTAG has about 34 million IP’s and the majority of their customers are likely to be home users.
In spite of this size you can nowadays see almost no spam from the DTAG address space.
Let’s see DTAG (ASN 3320) here.

An even more stunning example for a large but clean provider is Microsoft (ASN 8075):

Microsoft has about 37 million IP’s and they are likely running Windows, which is a primary target for cybercriminals, due to its high distribution.
In spite of this facts you can nowadays see almost no spam from the Microsoft address space.
Let’s see Microsoft (ASN 8075) here.

The question must be: If big providers like DTAG and Microsoft can so effectively prevent that their customers are sending spam, why can your provider not also do so?

The simple answer is: The Abuse Departements of providers NOT listed in our Level 3 are doing an excellent job, while those listed do not.

If your provider really wants to stop the excessive abuse coming from their ranges they would simply install some preventive measures.

This 4 little steps would make the difference - and could be done in less than one hour.

Can’t you make an exception for me?
We never make exceptions. Requests are futile. Only your provider can fix this problem.
Anyway our system respects IP’s which are registered at ips.whitelisted.org, these are excluded from Level 3.

How can my providers total IP-space be removed from UCEPROTECT-Level 3?
After your provider has fixed those excessive problems, UCEPROTECT-Level 3 listing will be removed automatically and free of charge as soon as the causal Level 1 listings and with them their Impacts will expire and decrease below Level 3 escalation limit.
Every IP temporary listed at Level 1 expires 7 days after we have seen the last abusive action originating from there.
Automatic expiration is free of charge, because it does not require manual work.
If your provider don’t want to wait for free expiration, they can optionally order expedited express delisting, which is charged a total of for all IP’s and ranges under their ASN.
Orders for expedited express delisting are processed by external service providers, therfore it cannot be offered for free.
Please note that payment is not a solution, but limiting abuse is.
Therfore it is important that those excessive problems which have caused the listing at Level 3 are fixed in first place, otherwise your providers complete IP-space might end up in Level 3 again within a short timeframe.


#2

Hello.

Wanted to let you know you’re not alone - and I suspect you’re much more affected than I.
But I can confirm I’m routing SMTP via. a VPS with all relevant checks in place my side; DKIM / DMARC / SPF - but I’m getting bounced by other parties such as Microsoft due to the L3 block.

Same exact response from OVH, looks like it’s just written out and pasted to each individual which contacts.

I suppose OVH could create an IP Range for SMTP traffic and sell these IP’s to customer who want a clean IP range.


#3

Well, I don’t know about you but I can’t see why OVH cannot comply with the suggestions, would it affect a range of their customers? If so, are not those customers behaving in ways that are not acceptable to the standards outlined by UCEPROTECT?
I don’t understand the view “we refuse to adjust our policies” when it seems that those policies clearly allow abusive behaviour on their network. Surely we all want a spam free world do we not? I am looking at moving away from OVH if they continue to drag me into their refusal to comply.


#4

My host is also blacklisted by gmail/googlemail, whether because of UCEPROTECTL3 (which persists, currently they cite 3,389 messages caught in their spam traps coming from OVH-hosted IP addresses) or Google’s own blacklists I’m not sure.

I can’t afford my customers not getting my emails, will have to look at switching to a better host even if it costs more :frowning:


#5

I want to know is there any specific criteria to be in blacklist because my friend just use smoker word and got blacklisted and he was wondering why it’s happened. Anyone can guide me more about it please. Thanks.