Return to DavesPlanet

So I ran into an odious little company called UCEPROTECT. The misguided folk at UCEPROTECT maintain a blacklist of email servers guilty of "abuse". Not spammers, mind you, just any 'ol email server on the planet that sends any sort of email notification to their spam trap email accounts, including notifications from your server that an email was undeliverable, including out of office autoreplies, and including challenge-response spam blockers.

Rule 1 is that spammers don't use their real return email address. I think everyone on the planet except UCEPROTECT gets this concept. What spammers do is to take a whole list of targets and randomly pick two addresses at a time, one for the recipient and one for the bogus sender. So if you are being spammed, you can also know that others are receiving spam that looks like it came from your email addresss. You can also be sure that some percentage of undeliverable spam sent to your email server will have a forged address of a spam trap. Doom on you.

Suppose a spammer targets an address on your email that is invalid or "out of office" and the spammer uses a forged "sender" address of a UCEPROTECT spam trap? That's right, when the geniuses at UCEPROTECT get the bounced email back they decide your email server is guilty of "abuse" and they automatically blacklist you.

What does this mean for people who use UCEPROTECT to filter their inbound email for spam? It means that really important email from your boss or your business partner is going to go to the great bit bucket in the sky. UCEPROTECT isn't about protecting you from spammers, it is about punishing server operators for using an email model that interferes with the UCEPROTECT business model. UCEPROTECT would love to give you a clean list of spammers, but they can't because of the kind of "blowback" noise that spammers generate. The only reasonable course of action for UCEPROTECT to take then was to list "abusive" companies in with spammers and give you a list of everybody they don't like.

Reasons UCEPROTECT will place you and your business partners email servers on their blacklist are:

Personally, I would like to see the spammers target UCEPROTECT spam trap addresses as the forged "senders" on their next campaign. I think it would be funny as hell to see UCEPROTECT blacklist every mail server on the planet. That would be an effective demonstration of this kind of stupidity. It would be easy for a spammer to find UCEPROTECT spam trap addresses, all they need to do is keep track of when and where emails go out and corelate a group of addresses with similar timestamps sent to the server where a "hit" was recorded against. Rinse and repeat as needed to narrow down the list.

Return to DavesPlanet