Hacker News new | ask | show | jobs
by codegeek 1951 days ago
Yes. this is exactly what's happening to us/our customers. We are not using DO for any emails. But because the domain itself is blacklisted on UCEPROTECTL3, some of our customer's users are blocking an email from their domain completely. Everyone is confused WTF is going on.
1 comments
LinuxBender 1951 days ago
Could it be two issues going on at the same time? UceProtect blacklists AS numbers (netblocks belonging to an org), CIDR blocks and individual IP's. They don't block domain names. Other RSL's do block domain names. If your website domain is hosted on DO but your email does not originate from their netblocks, then the blacklisting is occurring elsewhere.

Did you get the email headers from a customer that is reporting this? You can analyze the headers to see who is flagging you. Are your emails generated on DO and you relay through another service (SES), but you are not obfuscating the DO header that your MTA injects? [1]

[1] - https://major.io/2013/04/14/remove-sensitive-information-fro...

link
codegeek 1951 days ago
I appreciate this info. Will run it by the team to get more info. But don't you think DO should take action to block spammer so that other genuine customers IP blocks are not added by default to this type of list ?
link
LinuxBender 1951 days ago
I absolutely agree that all VPS and server providers should do their best to deal with UCE, malware, bots and related mischief. I would add that they should make some effort to reach out to RBL's and RSL's to delist their address ranges. It would be up to a number of their customers to push for such changes before they would likely prioritize it.

I would even go as far as to suggest that both they and their customers should have aliases on all domains for spam@, uce@, postmaster@, abuse@, malware@ and security@ that route to a distribution list or mailbox that the domain holder responds to that same day. Back in the day, that was a requirement to varying degrees to sign up for any of the big email campaign providers.

Every domain holder should also have a proper DNS dmarc rule with a reporting email address listed. Example using ycombinator.com [1]

  [1] dig +short _dmarc.ycombinator.com txt

  "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-reports@ycombinator.com,mailto:re+gewxcbuqfmh@inbound.dmarcdigests.com; aspf=r; pct=100"
link
ev1 1949 days ago
They make an attempt. UCEPROTECT is nearly an extortion racket. Search for "uceprotect lowendtalk" or "uceprotect webhostingtalk" and it's nothing but providers complaining about being forced to pay $600 or they stay listed for a year per entry, including terminated spmamers that lasted an hour
link