We recently noticed that our email forensics were detecting a very large number of blacklisted URLs in emails being sent from our platform. These were not blacklistings with the emails or any element of the sending infrastructure itself, but instead, with the websites that the emails linked to… and there were thousands of them.
The problem relates to a blacklist called UCEPROTECT who have three naughty lists of increasing scope and severity. The worst of their naughty lists is Level 3. UCEPROTECT-Level 3 blacklists ASNs (autonomous system numbers) which are a large block of IPs – these are the building blocks of the internet and are usually owned by ISPs, telecoms providers and governments. A couple of ASNs used by Amazon are currently blacklisted on UCEPROTECT-Level3 and these comprise of over 47 million IP addresses! These are addresses that are used by Amazon to serve millions of websites dynamically through their cloud services.
The accusation by UCEPROTECT is that this Amazon is
currently the second and third worst 'Spammerheaven' or Botnet host in the world!
With no word from Amazon on the subject, others have recommended that you encourage your mail recipients not to use UCEPROTECT-Level3 as we saw on the Trend Micro support forums last week – a very large Amazon hosting customer.
This is problematic as there is one particular organisation who use UCEPROTECT-Level3 for spam filtration; Microsoft.
In the same way your average Amazon customer has little sway over how Amazon manage their cloud infrastructure, your average Office365 and Outlook.com user has little sway over Microsoft cyber security.
By UCEPROTECT’s own admission “It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed” - Their approach is to cause issues for a very large number of Amazon’s customers in the expectation that the company will do something about it. This is more like vigilantism than proper spam filtration and UCEPROTECT have a long a chequered history of causing these issues.
Whether a blacklist sits at the Enterprise Cyber Security or Vigilante end of the spectrum is something of a moot point. These services share information between them and influence major providers like Microsoft, Google and Apple. e-shot now automatically checks over 100 blacklists to identify when emails are blacklisted. Most commonly, blacklisting relates to a single IP or a domain which can be contested and de-listed based on legal basis for sending. The Amazon issue with UCEPROTECT is on an entirely different scale.
This is a deeply unsatisfactory situation, but there is little anyone other than Amazon can do about it at present. Our advice would be to check your email Forensics and review if you see links that are blacklisted by UCEPROTECT. If you can exclude them from the email, it may be prudent to do so, although these blacklistings will not universally harm deliverability. If you cannot remove blacklisted links, then review the bounce logs after your campaign has been sent and consider resending to bounces with the links removed.
Our Customer Success team can advise further on this or if you are not an e-shot customer, then our Healthcheck will also help identify if UCEPROTECT is affecting your emails.
We are confident that we can help you, which is why we offer a free healthcheck to identify potential issues with your current programme and free advice on things that could be done to improve it.