HACKER Q&A
📣 codegeek

DigitalOcean IPs added to UCEPROTECTL3 Spam list and they want money?


This is becoming a real issue for our customers and I was wondering if anyone else has faced something similar.

Apparently, a lot of DigitalOcean IPs are added to some SPAM database called UCEPROTECT [2] and I just found out that some large companies (microsoft/outlook exchange etc) uses this list to block emails from an entire domain IF this domain is on this list.

DO is one our primary server provider and looks like tons of their iP is on this list by default because 100%, we don't do any spamming. We run a legitimate SAAS business and this is very concerning as a customer who pays thousands of dollars a month to DO.

The part that is really troubling is that now to unblock a specific IP, we have to PAY these guys. The amount is not the issue for me but as a principle, it feels like a Ransom and I absolutely hate paying a random 3rd party when I know we are not at fault directly.

Does anyone at HN know what's going on here ?

I googled DO's support on this and found that they are replying with generic answers on this which is not good enough. [0]. Also found an interesting reddit article on this [1]

[0] https://www.digitalocean.com/community/questions/how-to-removed-my-ip-as-blacklisted-in-uceprotectl3-spam

[1] https://www.reddit.com/r/sysadmin/comments/eur4ju/removal_from_uceprotectl3_blacklist/

[2] http://www.uceprotect.net/

  👤 LinuxBender Accepted Answer ✓
UceProtect have operated this way for a very long time. It upsets a lot of people that are on shared networks like DO. Unfortunately the best you can do is move your commercial email to a paid system such as an email marketing company that deals with email campaigns. An alternate option would be to wait for the block to time out, but that can be weeks assuming the spammers on DO have been stopped. The payment UceProtect accepts is to bypass the timers. It is akin to paying bail, but you should not do it unless you know the spammers have been stopped. The bigger VPS providers such as Amazon and Azure have their own email services you can use. The smaller VPS providers get abused a lot and it takes too long for their teams to respond to the UCE complaints. This is why their AS numbers, CIDR blocks and smaller netblocks get blocked by UceProtect, SpamCop and other RBL/RSL's frequently.
👤 gvb
I run a personal web server from my home. I have found Digital Ocean IP addresses as a frequent source of stupid web server hack attempts (e.g. trying to hack wordpress - I don't run wordpress). I sent complaints to their abuse department to no effect, so I now block all the Digital Ocean netblocks that show up in my logs.

My conclusion is that Digital Ocean doesn't care if their tenants run hacks and scams.

FWIW, I rarely get scans from AWS. When I do, I report it - I get a response email logging the complaint and a day or two later I get a follow-up email closing the ticket and saying "it's been taken care of."

👤 CD1212
I've just been alerted to this same issue. I have a site hosted with DigitalOcean (ie. the domain A records resolve there) and use G-Suite for my emails. Would this affect the reputation of my emails, simply because the domain is associated with the blacklist. Surely unless I was trying to send emails from the DigitalOcean server itself, it wouldn't make any difference?