Beware: UCEPROTECT RBL Email Scam

Learn about the UCEPROTECT RBL Email Scam

It has come to our attention that a UCEPROTECT Real-time Blackhole List (RBL) scam is generating false positives on blacklist checker tools. In our investigations, we have confirmed that this is not affecting the ability to transmit emails.

If this were an accurate RBL listing, you would receive a “bounceback” or returned email that includes an error message stating that you are blacklisted. You can then use this bounceback email to narrow down the specific cause of the issue further.

In this guide we’ll explain what this UCEPROTECT RBL scam is and what to do if you do receive a bounceback email.

Upgrade to VPS Hosting for Peak Performance

Upgrade to InMotion VPS Hosting today for top-notch performance, security, and flexibility, and save up to $2,412 – a faster, stronger hosting solution is just a click away!

check markSSD Storage check markHigh-Availability check markIronclad Security check markPremium Support

VPS Hosting

What Is the UCEPROTECT RBL Scam

RBL lists, sometimes called a DNS-based Blackhole List (DNSBL),  are used by most email servers to help identify IP addresses that are known for sending spam. It is meant to be a database of servers that have been reported by email users. Using these crowd-sourced lists can help reduce the amount of spam emails that are allowed to be delivered to your users. 

For example, InMotion Hosting utilizes an RBL Checker for DNS Blacklisting since it is an industry standard. We rely on these lists for accurate information and most of the time they are correct.

Recently, an RBL provider called UCEPROTECT has incorrectly blacklisted a very large number of IP ranges. This has also been confirmed by major security and anti-spam service providers such as Sucuri. In the Sucuri investigation, an IP address was blacklisted for spamming even though it was not even a mail server. 

While it is not affecting email transmissions, it is causing many email servers to show up on a UCEPROTECT RBL list. Our System Administrators have verified that this is not causing any issues with delivering email to recipient servers. If your mail IP address is blacklisted, it would result in a bounceback email.

Since this is a false listing, RBL or blacklisting reports from UCEPROTECT should be ignored. 

Did You Receive a Bounceback Email?

If you are listed on a valid RBL list, it will result in a bounceback email. If your email was not returned or bounced then you are not blacklisted.

In some cases, there may be a valid blacklisting. Typically, the bounceback email will state that you are blacklisted with an error message. Our bounceback parser tool can help you pull the error message from the headers of an email and help you determine the cause.

The Bounceback Parser tool will help you forward the details of valid blacklistings to our System Administrators. You can also reach out to our Live Support team for assistance.

If you are receiving a different error, the following guide goes over the common returned email messages and what they mean. This can help you narrow down the specific cause.

Now you know what the UCEPROTECT RBL Scam is, you can disregard any listings reported from them. For more helpful guides on topics like spam prevention, check out the Email section of our Support Center.

JB
John-Paul Briones Content Writer II

John-Paul is an Electronics Engineer that spent most of his career in IT. He has been a Technical Writer for InMotion since 2013.

More Articles by John-Paul

6 thoughts on “Beware: UCEPROTECT RBL Email Scam

  1. i have a dedicated server hosted in inmotion for over 10 years.
    i tried several times to get help using the chat.
    now apart from beeing in UCEPROTECT i´m also in AT&T blacklist.
    everytime i ask for help i´m told that a delist request has been made.
    fact is that i´m still listed.
    every single email sent to gmail users go to spam.
    really i would expect a different treatment for a long time user.

    1. Hi Paulo, sorry to hear that you’re having trouble sending email to gmail. If you’re sending high volumes of email and having trouble with Gmail specifically, I’d recommend checking Google Postmaster Tools to get a better understanding of any issues Google, specifically, may be having. Some of our technicians like to recommend various online spam checkers that evaluate email content to see what aspects of it may set off spam filters; I don’t have one to recommend specifically, but I would suggest looking into those if you have not already done so.

      It sounds like you’re already aware of the basics, but I’m going to link to our article on how to keep your emails from being labeled as spam just to make sure nothing was missed. Lately, Gmail has been especially sensitive to SPF and DKIM records.

      I’ve also seen email forwarders cause problems, specifically if you forward all mail from your domain to a gmail.com address without filtering out spam, this can lead to your domain getting flagged for spam even when it’s just a few personal accounts. Unusual, but I’ve seen it a few times.

      On top of that, I’ve seen Excel files with certain benign macros in them get flagged as spam, and HTML emails that don’t include a plaintext version cause issues as well. I hope those help.

      1. Hello Filip, you need to submit a ticket to our live technical support team (https://www.inmotionhosting.com/support/amp/how-to-get-great-technical-support/). If your emails are being rejected and classified as spam, then you should also be getting bounceback messages from the server rejecting your emails. You need to provide those messages to support so that they can check to make sure that your domain or your server has not been blacklisted.

  2. My domain has been Blacklisted at times by UCEPROTECT, I thought because the shared IP assigned to it is being used by some InmotionHosting site on the same block that is sending SPAM. What do you do in that event? Also, I do get a bounceback email occasionally, but I think it is because some spammer is ‘spoofing’ my email address. Why do I even get the bounceback if it didn’t come from my domain’s IP ?

Was this article helpful? Join the conversation!