You know what I’m talking about, do you?
If you admitt a mail was blocked by UCEProtect Level 3 then you will have to explain why you are using and the sender of a blocked mail might try to discuss UCEProtects delisting policy.
But using secretly you can simply say: “Oh the damned spamfilter blocked you” and put them on your whitelist. Shit can happen sometimes and there is no discussion at all.

We are using the UCEProtect lists because they don’t cost us a dime, we can modify them to fit our needs and of course because they are very effective against our mailflow.

We don’t care about their delisting policy because we can override their listings at any time with our own whitelist.

If you have a clue what the important systems are for you, then it is not a problem to use even very hard lists like UCEProtect Level 3.
The key to success is that you can rsync all UCEProtect lists, mix with your local whitelist, make some exceptions based on geolocation and other tricks, lump that all together and you will end up with a first class blocking system free of charge that is high accurate, very effective and not predictable by third parties.

No one will ever be able to figure that UCEProtects lists are a serious part of your filter strategy if you are running a setup like ours. One IP they have on their list will be blocked while another one will pass our filter.

Now why do I know Yahoo, AOL and Microsoft are doing something similar?
We are not just happy users, but also sponsoring one of UCEProtects Mirrors and we can read logfiles of our mirror.

Of course the 3 companies mentioned might just download the lists to waste our bandwith and traffic, but that seems to be unlike.
The PTRs of the IPs downloading the lists are also a clear indicator for that it’s the administration and not users that are downloading.

When I was working for Return Path Inc., running standards compliance for their certification program, we queried client IPs against UCEProtect as well as a raft of other DNSBLs. We never saw any such correlation; plenty of IPs listed on that DNSBL had no problems delivering mail, whether certified or not, at Hotmail & Yahoo! (IIRC we dropped queries for UCE Protect after some time because of false positives and the odious delistings policy.)

Someone within those organizations might be querying the lists. Yahoo!/Hotmail/AOL may well have arrived at the same conclusion regarding the reputation of a given IP, and blocked it, simultaneously with it being on UCE Protect or another DNSBL. That would be a pretty normal thing. It doesn’t mean they are using them to make decisions about mail delivery, and I’ve seen no evidence to that effect.

N.B.: I do not speak for Return Path Inc., nor am I now an employee of that company.

–
Neil Schwartzman
Executive Director
CAUCE : The Coalition Against Unsolicited Commercial Email

http://cauce.org
http://twitter.com/cauce

Recently I’ve noticed that i’m getting alot of outbound spam connection from chinese & korean ips. Though I have smtp authentication on my server, all the spam is from my legitimate email ids to unknown ids.

Is there a fix for this ?

Aj.

One of these distribution channels is a DNSBL.
The reason why they are so influetial seems to be that you can use them secretly, if you do not want to admitt you are using them.
UCEProtect’s license permits to do so:

http://www.uceprotect.net/en/index.php?m=13&s=0

There are many companies that are downloading the UCEProtect lists, replacing the rejection texts with something like “550 Rejected by policy”, mixing the lists with a local whitelist and are very happy with the results.

Yahoo, AOL and Microsoft are the 3 most prominent companies that are secretly using UCEProtect that way.

Since anyone can download their lists without a subscription they can only tell you how many unique IP’s are downloading the lists.
Yahoo, AOL and Microsoft are therfore seen as 3 users only in UCEProtect’s stats.
This is probably the reason why they are constantly under-estimated.
It is hard to say how many mailboxes are behind the 2,8 Million systems, that are using them according to their website:

http://www.uceprotect.net/en/index.php?m=9&s=0

(Disclaimer: I am a member of the ASRG — which isn’t a very private club anyway — but everything said here obviously reflects only my opinion and uses my choice of words.)

I have a theory that what’s going on is customers of said carrier are complaining about the fact that they are on UCEProtect, and demanding that said carrier delist the block they are in. Carrier pays the money, because this is easier than losing a customer.

Fortunately, we’re convincing carriers to actually deal with the spam problem through better outgoing spam filtering and a notification system. This is a much better solution than paying money to UCEProtect.