Level 1: 168712 IP's, Level 2: 2968 Allocations, Level 3: 960 ASN's. Last Updated: 20.01.2021 06:04 CET
for Level 1
for Level 2
for Level 3
Help for ISPs
How to use
UCEPROTECT Blacklist Policy LEVEL 3
This blacklist has been created for HARDLINERS. It can, and probably will cause collateral damage to innocent users when used to block email.UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org if the SPAMSCORE for that ASN is 20 or higher, but also a minimum of 10 IP's (to prevent small Providers to get listed for 1 or 2 spammy customers) allocated to this ASN got Level 1 listed within the last 7 days.
The SPAMSCORE is calculated by following Formula:
(Level 1 Listings in that ASN / Total IP's in that ASN) * 100000
The result is rounded to one digit after the decimal point.
We want to give you some examples:
You managed to get 55 Level 1 Listings within 7 days, and your ASN has a total of 1024 IP's allocated, then your SPAMSCORE is 5371,09375 resulting in rounded 5371,1 which means you should be firewalled on sight...
But if you have 160 Level 1 Listings within 7 days, and your ASN has a total of 34025472 IP's allocated, then your SPAMSCORE is 0,47023594558 resulting in rounded 0,5 which means you are a very clean Provider...
As you can see that formula sounds much more dramatic than it is in reality.
It mostly corresponds to several hundret abusive IP's at smaller providers, and some thousands at middle-sized or big providers.
It is impossible for respectable and professional providers to end up in UCEPROTECT-Level 3, because Level 1 records expire if there is no abuse for 7 days and we also took care about providers size by generating Level 3.
Additionally and independent of Level 1 listings, an ASN can get listed at Level 3 manually and permanent when it is suspected that it were specially created for spamming.
This suspicion is given in principle if:
- The provider rotates spammers / abusers within the ASN.
- The provider blocks IP addresses or netranges of blacklists, to enable their spammers to fly safely under the blacklists radar (evasion tactics).
- The ASN is assigned to a well known spammer / spamsupporter / listwashing service / botnet operator / malware distributor / phisher / deceiver.
- A striking disparity exists between legit mail and spam.
We believe that a professional service provider or carrier should be able to act promptly before listings are escalating up to Level 3, therefore by using Level 3 the chances are that you will mostly block “learning-resistant” service providers or carriers and their customers.
NOTE: By using Level 3 for blocking, be prepared to occasionally lose some required mails too. DO NOT BLAME US, YOU HAVE BEEN FOREWARNED!
The recommended use of Level 3 is incorporating it into a scoring system, to
give e.g. 2 points on a ‘match’ where 5 or more points trigger a spam tag.
If you are a true BOFH you would logically block using all of our levels.To get an idea how UCEPROTECT-Level 3 and other blacklists did perform within the last 4 weeks see the statistics measured at the real mailflow of several authorities in Germany, Austria and Switzerland.
If you can't believe what you see in our stats, you should also have a look at the independent statistics from Intra2Net AG which measures hitrates and also false positives of more than 40 blacklists.
There are about 105000 providers all over the world. The statistics can also be interpreted this way, that those black sheeps which get it to end up in Level 3 are responsible for 50 to 75% of the global spam, while almost no real mail came from their ranges.