Level 1: 140646 IP's, Level 2: 1716 Allocations, Level 3: 16 ASN's. Last Updated: 09.04.2020 14:01 CEST
for Level 1
for Level 2
for Level 3
Help for ISPs
How to use
UCEPROTECT Blacklist Policy LEVEL 3
This blacklist has been created for HARDLINERS. It can, and probably will cause collateral damage to innocent users when used to block email.UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org if more than 100 IP's, but also a minimum of 0.2% of all IP's allocated to this ASN got Level 1 listed within the last 7 days.
However, if 10000 or more IPs from an AS are listed in Level 1 within 7 days, a Level 3 listing will be made regardless of the percentage.
That sounds much more dramatic than it is in reality.
It mostly corresponds to several hundret abusive IP's at smaller providers, and some thousands at middle-sized or big providers.
It is impossible for respectable and professional providers to end up in UCEPROTECT-Level 3, because Level 1 records expire if there is no abuse for 7 days and we also took care about providers size by generating Level 3.
Additionally and independent of Level 1 listings, an ASN can get listed at Level 3 manually and permanent when it is suspected that it were specially created for spamming.
This suspicion is given in principle if:
- The provider rotates spammers / abusers within the ASN.
- The provider blocks IP addresses or netranges of blacklists, to enable their spammers to fly safely under the blacklists radar (evasion tactics).
- The ASN is assigned to a well known spammer / spamsupporter / listwashing service / botnet operator / malware distributor / phisher / deceiver.
- A striking disparity exists between legit mail and spam.
We believe that a professional service provider or carrier should be able to act promptly before listings are escalating up to Level 3, therefore by using Level 3 the chances are that you will mostly block “learning-resistant” service providers or carriers and their customers.
NOTE: By using Level 3 for blocking, be prepared to occasionally lose some required mails too. DO NOT BLAME US, YOU HAVE BEEN FOREWARNED!
The recommended use of Level 3 is incorporating it into a scoring system, to
give e.g. 2 points on a ‘match’ where 5 or more points trigger a spam tag.
If you are a true BOFH you would logically block using all of our levels.To get an idea how UCEPROTECT-Level 3 and other blacklists did perform within the last 4 weeks see the statistics measured at the real mailflow of several authorities in Germany, Austria and Switzerland.
If you can't believe what you see in our stats, you should also have a look at the independent statistics from Intra2Net AG which measures hitrates and also false positives of more than 40 blacklists.
There are about 105000 providers all over the world. The statistics can also be interpreted this way, that those black sheeps which get it to end up in Level 3 are responsible for 50 to 75% of the global spam, while almost no real mail came from their ranges.