| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by LinuxBender 1960 days ago

Could it be two issues going on at the same time? UceProtect blacklists AS numbers (netblocks belonging to an org), CIDR blocks and individual IP's. They don't block domain names. Other RSL's do block domain names. If your website domain is hosted on DO but your email does not originate from their netblocks, then the blacklisting is occurring elsewhere.

Did you get the email headers from a customer that is reporting this? You can analyze the headers to see who is flagging you. Are your emails generated on DO and you relay through another service (SES), but you are not obfuscating the DO header that your MTA injects? [1]

[1] - https://major.io/2013/04/14/remove-sensitive-information-fro...

1 comments

codegeek 1959 days ago

I appreciate this info. Will run it by the team to get more info. But don't you think DO should take action to block spammer so that other genuine customers IP blocks are not added by default to this type of list ?

LinuxBender 1959 days ago

I absolutely agree that all VPS and server providers should do their best to deal with UCE, malware, bots and related mischief. I would add that they should make some effort to reach out to RBL's and RSL's to delist their address ranges. It would be up to a number of their customers to push for such changes before they would likely prioritize it.

I would even go as far as to suggest that both they and their customers should have aliases on all domains for spam@, uce@, postmaster@, abuse@, malware@ and security@ that route to a distribution list or mailbox that the domain holder responds to that same day. Back in the day, that was a requirement to varying degrees to sign up for any of the big email campaign providers.

Every domain holder should also have a proper DNS dmarc rule with a reporting email address listed. Example using ycombinator.com [1]

  [1] dig +short _dmarc.ycombinator.com txt

  "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-reports@ycombinator.com,mailto:re+gewxcbuqfmh@inbound.dmarcdigests.com; aspf=r; pct=100"

ev1 1958 days ago

They make an attempt. UCEPROTECT is nearly an extortion racket. Search for "uceprotect lowendtalk" or "uceprotect webhostingtalk" and it's nothing but providers complaining about being forced to pay $600 or they stay listed for a year per entry, including terminated spmamers that lasted an hour