Hi all,
we've seen a lot of new users coming from a link which leads to your discussion about UCEPROTECT-Blocklists from November 2007.
This is to those that were ranting about our listing policies:
Yes you were promoting us, even if that was not your intention.
First we have to say that UCEPROTECT is not ONE blocklist there are three different hard lists, so that our users can select how "hard" they want to block.
While we have not seen anyone whining about Levels 1 and 2 here, we have seen lots of nonsense here about our Level 3.
Here is our point of view on all the wrong claims we have seen here:
UCEPROTECT-Level 3 (which is the highest possible escalation for learning resistant providers) lists a complete AS, if there are at least 0.2% of all IP's under the responsibility of the provider spamming within the last 7 days.
That might sound hard but in fact 98% of all providers have less than these 0.2% spammers per week. Chances to stay off our Level 3 are absolute equal for all providers.
Most stay below 0.05% spammers per week, and it is very easy for any provider to limit abuse, if he really wants. I can say this because i was working in a Swiss providers abuse departement for years before i got the job of the technical diector at the UCEPROTECT-Project Germany.
It is pure nonsense that some here were wrongly claiming we want providers money to delist them.
As soon as a provider's abusers go below that 0.2% within 7 days their AS leaves Level 3 automatically and FREE OF CHARGE.
So all a provider must do to get delisted is to limit the abuse coming from his networks and ranges.
Let's talk about Sunrise AS 6730:
http://www.uceprotect.net/en/rblcheck.php?asn=6730
Sunrise is not a BIG provider, it is more like a small to middle size one. They have a total of 494848 IP's and they were responsible for a total of 1578 abusers within the last 7 days. That translates to 0.319 % of their total IP's are spammers.
Let's compare that to AOL AS 1668 (which is really a BIG provider):
http://www.uceprotect.net/en/rblcheck.php?asn=1668
AOL has a total of 6319104 IP's and they were responsible for a total of 51 abusers within the last 7 days. That translates to 0.001 % of their total IP's are spammers.
That brings us to the interesting question: How many abusers would Sunrise host, if they would be so big as AOL?
That question can be answered by looking to another notorius spam supporter:
Infostrada AS 1267 (At this time ranked as the No 6 of the worlds worst spammerhaevens):
http://www.uceprotect.net/en/rblcheck.php?asn=1267
Infostrada has a total of 6206464 IP's and they were responsible for a total of 18616 abusers within the last 7 days. That translates to 0.3 % of their total IP's are spammers.
That should tell you that Sunrise and Infostrada are doing something VERY WRONG, while AOL does it right.
AOL blocks all outgoing connection from their dynamic IP's to destination port 25 if that destination is not their own smarthost. That makes the game over for all those trojan infected home-user machines.
If Sunrise or Infostrada would be interested in that YOU (THEIR PAYING CUSTOMERS) would be able to send mails without problems, they would simply also have installed port 25 blockers at their dialups. They had time enough since November, but they have chosen to just ignore the problem.
The question is: If AOL and other hugh providers can prevent massive abuse coming from their ranges, why can providers like SUNRISE or INFOSTRADA not?
Let's talk about accuracy of UCEPROTECT-Level 3:
At this time we have a total of 300+ "Providers" listed at UCEPROTECT-Level 3.
I guess some of you have heared of the international well known Anti-Spam Guru AL IVERSON from Chicago USA. He monitors about 50 well known international blocklists for accuracy and is publishing the results.
Let's have a view on his independent statistics of UCEPROTECT-Level 3:
http://stats.dnsbl.com/uce3.html
What does that statistics tell us?
Those 300+ lame "Providers" which got it to end up in UCEPROTECT-Level 3 are responsible for 50 + % of all global spam, but almost no real mail is coming from their networks and ranges.
So instead of whining about "the bad guys at UCEPROTECT" you should better use your energy to call your provider and get loud on the phone: You pay him to get access to the internet, but in fact he can just give you access to those places not blocking him because of his spammy behavior.
That means: Your problem is not UCEPROTECT. We just lift the finger and show people who is responsible for spam. Your problem is, that your provider really believes that you will tolerate that he is active supporting spammers.
Those using UCEPROTECT-Level 3 for blocking exactly know what they are doing because we tell it to them:
See here: http://www.uceprotect.net/en/index.php?m=3&s=5
We are also telling providers how to not end up in UCEPROTECT, but some have really other interests than stopping spam.
See here: http://www.uceprotect.net/en/index.php?m=4&s=0
If all providers would stop playing Quake and install the 4 steps we recommend in the link above, then spam would be history or at least decrease to the the level it had in the early internet years.
That is what we and our users want to happen. Nothing else.
Thank you.
Claus von Wolfhausen UCEPROTECT-Network