Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg <anti-abuse-wg@ripe.net> ha scritto:


Hello,

I noticed that RIPE NCC uses uceprotect-level1, uceprotect-level2 and uceprotect-level3 in RIPEStat Anti Abuse Blacklist Entries widget.

There have been controversial positions about this blacklist recently:

1) https://success.trendmicro.com/solution/000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security
2) https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html


UCEPROTECT blacklists the whole range of IP addresses, including the full IP range of some autonomous systems:
I stress that the problem is not in blacklisting entire providers, something that may be justified if those providers are lenient in fighting abuse on their networks, but in blacklisting entire providers with very weak criteria (so weak that most big European hosters end up at least in the level 3 blacklist) and then asking for money to remove them. This is actually prohibited by RFC 6471 (section 2.2.5) because indeed, especially when done at scale, it looks a lot like extortion.


UCEPROTECT states, 'Who is responsible for this listing? YOU ARE NOT! Your IP was NOT directly involved in abuse but has a bad neighborhood. Other customers within this range did not care about their security and got hacked, started spamming, or were even attacking others, while your provider has possibly not even noticed that there is a serious problem. We are sorry for you, but you have chosen a provider not acting fast enough on abusers') [http://www.uceprotect.net/en/rblcheck.php].

It asks for a fee if some individual IP address wants to be whitelisted (http://www.whitelisted.org/),

It abuses people who decide to challenge their blacklist by publishing conversations in their so-called Cart00ney (http://www.uceprotect.net/en/index.php?m=8&s=0; http://www.uceprotect.org/cart00neys/index.html).
They recently published a disgustingly sexist "ad feminam" to blame a person that dared to complain about their methods:

http://www.uceprotect.org/cart00neys/2021-001.html

They start with the argument that since she is a woman she is stupid and "emotional rather than objective", because she is a woman, and so they quote her message in pink colour.

This is completely unacceptable and I strongly recommend that RIPE distances itself as far as it can from these people - as a minimum, please stop using or referring to this blacklist in any way.

Regards,

-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy