Question

How to removed my IP as blacklisted in UCEPROTECTL3 Spam

Posted November 23, 2016 81.4k views
DebianEmailDigitalOceanIPv6

I need your help on how to get white-listed my IP in UCEPROTECTL3 Spam

11 comments
  • A more pro-active attitude from DO would be appreciated in this matter. Do something about it soon to get the blocked DO IP (ranges) from the UCEPROTECT3 blacklist and in our case also remove it from the widely used BARRACUDA blacklist. Otherwise I see no other solution than to move all of our VPS’s to an other supplier that is more in control over their systems and customers bad behavier.

  • I have the exact same problem. And the problem is actually not the blacklisting in itself. No the problem is that the email server just drop the email - so I get bounced email telling me that something is wrong.

  • As per ’s query page:

    «As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
    Your IP 157.245.xxx.xxx was NOT part of abusive action, but you are the one that has freely chosen your provider.
    By tolerating or ignoring that your provider doesn’t care about abusers you are indirectly also supporting the global spam with your money.
    Seen from this point of view, you really shouldn’t wonder about the consequences.

    Therefore we recommend:
    Please send a complaint to your provider and request they fix this problem immediatly.
    Think about this: You pay them so that you can use the Internet without problems;

    If they are ignoring your complaint or claiming they can’t do anything, you should consider changing your provider.
    There are currently about 105,000 providers worldwide, but only a few hundred make it to get listed into UCEPROTECT-Level 3.

    According to the statistics measured against the mailflow of several national authorities in Germany, Austria and Switzerland, those few providers which often end up in our Level 3 are responsible for 50 - 75% of all global spam, while almost no real mail came from their networks and ranges.»

    This is completely unacceptable. I was already thinking of moving my Postfix server to AWS so I guess this makes the decision for me.

  • I will be ending my use of DO for hosting servers because of this problem and will not be recommending them to others. This is a solvable problem and DO does not seem to care enough. Sad. I am clearly not the first person to run into this. :(

  • Show 6 more comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
44 answers

Just as an update I see that my droplet IP is, as of now (August 2019), part of a new UCEPROTECT3 blacklist that covers a large piece of DO IP space.

It’s nothing that I’ve done wrong and nothing that anyone in the IP space close to me is guilty of, but the UCEPROTECT website claims that there are a lot of DO droplets sending spam at the moment.

I’ve put a support ticket in to ask what DO are able to do about this - I’d encourage others inconvenienced to do the same.

  • This!

    please, all the users having this problem, let’s upvote this question to give it visibility and open a support ticket.
    DO needs to address this issue, not just for their customers, but for all the email users who are getting spam from their servers.

  • I have same problem.

I am having the same problem at 2021… Can someone do something about it in Digital Ocean?

  • same thing just happened to me

  • same thing over here.

  • I’m being caught by this also. DigitalOcean folks: what is being done to control the 1000s of spam mails that iceprotect is detecting coming from your network ?

    I rent a droplet from DO for the explicit purpose of handling my mail. If the address remains blacklisted, I will have to move.

  • Thanks. Came here from a search of UCEPROTECT3. I am affected by this issue, too.

  • Este problema también me afecta bastante, al contactar con DigitalOcean me dicen que no utilice el servicio de correo con droplets de digital ocean. Ayuda por favor!

  • Same problem just happened for me.

  • This affects me, too. In an email exchange with support a couple of weeks ago, the rep was sympathetic and gave me some links to info that might help me get delisted, but basically he told me this is why DO does not recommend running email servers from their droplets. Does that mean DO has no control over spam activity coming from their own droplets? Does it mean DO can’t remediate how their IP ranges are blacklisted? This is a very unsatisfying solution from my point of view as an end-user. I host my domain on a Droplet. It seems perfectly right that I host my email server. Also, why else would DO offer cPanel droplets?

I got a very unhelpful response from Digital Ocean support below that sidesteps their responsibility as a cloud provider.


DigitalOcean is not a dedicated email host and does not have a postmaster to maintain our IP reputation. As a result, some DigitalOcean IP ranges are blacklisted. We do not recommend sending mail from our platform directly and we will not request delisting. We will not prevent you from sending mail, but you will be at the mercy of the IP reputation if you choose to do so. Here are some possible workarounds if you choose this route:


Request delisting from the blacklist provider when possible. If you are receiving bounce backs due to the blacklist, the error message usually includes a link that shows you where you can submit a delist request.

Snapshot and create a new Droplet for a new IP address. Note that this does not guarantee you won’t run into the same issues due to the reasons previously discussed. If you’d like to redeploy for a new IP, please follow this guide:

How to Migrate Droplets Using DigitalOcean Snapshots
https://www.digitalocean.com/docs/images/snapshots/how-to/migrate-droplets/


If you must send mail, we suggest partnering with a mail relay provider like SendGrid or Mailgun, etc. These providers already have relationships with real-time blacklist aggregators (RBLs) like SORBS and Spamhaus and have a postmaster that works to ensure their reputation is kept clean. These links have some additional information:

Why You May Not Want To Run Your Own Mail Server
https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server

Droplet Limits
https://www.digitalocean.com/docs/droplets/#limits

Like most here, I all of us here I don’t send email directly from my server but through a mail relay service which isn’t blacklisted and doesn’t have any issues. The issue I AM seeing is that LOT of Digital Ocean IPs are listed in this BS UCE blacklist provider.

Digital Ocean needs to send it’s security team and or lawyers to talk to the peeps over at UCEPROTECTL3 and address the issues customers are facing.

by Mitchell Anicas
When setting up a web site or application under your own domain, it is likely that you will also want a mail server to handle the domain's incoming and outgoing email. While it is possible to run your own mail server, it is often not the best option for a variety of reasons. This guide will cover many of the reasons that you may not want to run your own mail server, and offer a few alternatives.
  • No, they need to fix their abuse issues. I believe I have a contact in management there. I’m going to reach out to him.

  • I just got this exact same email.

    If this is going to be the DO policy (not doing anything about the spam going out their servers), all their IPs should be in automatically in all blacklists.

    So far, I was happy with the service, but the fact that they do not commit to the elimination of spam (which affects not only DO customers, but all email users) makes me start searching for a new provider. I’m leaving as soon as possible. I will return when DO commits to looking for a better internet.

  • Got this same exact answer… very disappointing, I have customers complaining that they can’t send emails and it seems the only solution is to move away to another service....

  • It is unacceptable! I have the same problem, and this message clearly seems these guys at the support simply don’t understand what’s going on and why it is a business-critical problem. People continuously report it in about a half year.

  • We got the same run around “not our fault, not our responsibility” responses too. Appalling. We have a very large and successful business, and DigitalOcean is now a cause of harm for us, so we are now looking into (expensive) 3rd party email relay solutions, or we are just going to move our entire company off DO and to somewhere else that actually takes spam abuse seriously.

    • The problem is that even if you use a third pary email server, if your domain name is associated to DO (for example if you website is still there), UCEPROTECT still blacklists it and your emails don’t reach the clients

I was using DigitalOCean VPS services from 4 years ago (web hosting) and never had issues. Servers here in DO are cheap and very reliable, never had a down time. But since some months ago we needed to host mail services, so now we manage mail servers in our Droplets.

Now, i can see reality about DO and their useless abuse team about spamming issues.

Start to use digitalocean services is really easy and fast, anyone can create an account and -10 min later have many 5 USD droplets working at same time, with gigabit speeds and not any restriction about networking outbound and inbound, so that’s why many bad intention users come to DO and use their IPs and resources in possibly illegal actions, and DO abuse team is doing nothing about this to control or almost to try to decrease level of abuse that many users do on their accounts.

Now i’m moving to Vultr (tried to move on UpCloud, but they restrict use of 25 port, and didn’t authorized me to open it up on my VPS), and i hope in a future, DO takes severe actions against spammers and abusers, and cares about safety on internet. Maybe i could return and open up my account again. Meanwhile, i leave.

  • Thank you for you comment. I still don’t knew Vultr Cloud Services. I am moving to there also. I will try they services, but so far, they have better prices! I like that!

My mail server has been affected by this for the last 3 days. This is a deal-breaker in terms of hosting. If Digital Ocean is not willing to do something about this, I would love to hear recommendations of better cloud service providers.

Same problem here, my clients without e-mail, just because this stupid UCEPROTECTL3 blacklist !!! Any solution? Or other hosting provider? IM HERE SINCE 2015 !!!

Same automatic and disappointing answer from support.

  • Digitalocean is getting blocked completely by UCEPROTECT-Blacklist
  • a new Droplet-IP wont resolve the problem
  • Microsoft is using UCEPROTECT
  • DO letting their users do what they want (Pirate-Policy)
  • This is a problem for serious businesses using DO as hoster

UCEPROTECTL3 is often an entire range block, so it’s probably DO who are being blacklisted rather than you. However, there is no formal delisting process, so DO need to stop spam from ANY of the IPs in the blacklisted range, and keep the range clean for long enough for the IP to be automatically delisted. That’s not impossible, but it’s not easy and it’s definitely not quick. Even when it’s done, it’ll take a while for the IP’s reputations to recover enough that I’d consider them good enough to send mail through.

For you as a customer, that means you’re not going to be able to get your IP whitelisted. Assuming you’re not the problem (i.e. you KNOW you’re not sending spam through your server - be sure of this before you proceed), then the quickest fix is to migrate to a different IP that isn’t on any blacklists. I don’t know if DO can change the public IP of your droplet, but even if they can, I’d personally opt for a phased migration to a new droplet so you can manage the process yourself.

I need your help on how to get white-listed my IP in UCEPROTECTL3 Spam

Have you check uceprotect website?
You (DO) can delist the whole range by paying 449CHF - as they recommend, you (DO) can charge for this your users:

If you don’t want your users to be affected until the free expiration, you can optionally order expedited express delisting if offered, which is charged a total of per ASN and we strongly recommend that you collect these charge from your abusers.

They also provide another way: if you go to https://www.uceprotect.net/en/rblcheck.php and type you mail server IP, you will see a nice red message:

This IP is NOT registered at ips.whitelisted.org. More Information about whitelisted.org can be found here.

As I see, you can go to http://www.whitelisted.org/ and register you IP for 25CHF/month.

I haven’t tried it, and yes, I see how nice is this business model (you are marked as a spammer, until you pay them), but if it’s a critical service for you, you may consider to pay.

  • I found that whitelisted.org information on uceprotect site yesterday and considering paying, however like @ajnasz I’m disappointed by their attitude which is: “You’re spammer until you pay us!”.

    Long term that might be not worth the money and effort. I’m paying DO for droplet, Plesk for their panel, and now have to pay whitelisted.org (which I’m sure is uceprotect themselves) just to prove I’m not the spammer. Not to mention the amount is more than DO and Plesk altogether.

    On the other hand I would like to congratulate DO their attitude of telling their customers they actually give a sh*t what people are doing with their droplets. That tells me soon enough DO is gonna be used by hackers and scammers only because all serious clients or developers will have to leave.

    Well I wonder what will happen next but if nothing changes I’m gonna look for more reliable provider.

  • I’ve just paid for this. I will report back my experience, but I can’t help feel like Digital Ocean should be picking up the tab for this. £75 for a single unsigned 32bit number to be kept in a file, for 2 years, is a rip off!

Previous 1 2 3 4 5 Next