Back to Top

Help & Support

Get instant answers 24/7

Top > Miscellaneous Topics

Will using UCEPROTECT blacklists block legitimate emails?

Summary:

UCEPROTECT2 and UCEPROTECT3 blacklists should not be used to block email as that would cause loss of legitimate email. IPs included in these blacklists are not spamming. Most email administrators know this, which is why being included in one of these blacklists usually does not cause a problem.

Some admins may find UCEPROTECT1 useful since it often lists IPs that may be directly involved in spamming, but there is risk of it also blocking clean email because they sometimes block shared IPs. We do not recommend using UCEPROTECT for blocking spam due to the practices of this blacklist as reported on Wikipedia here:

https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists#Suspect_RBL_providers

The article below is for administrators of mail servers that are not subscribed to SpamHero. If you're a SpamHero customer, you don't need to subscribe to any blacklists, since we take care of filtering spam for you.

In general, we do not recommend using any blacklists if your users need reliable email delivery. Because many IPs are shared or dynamic, when you block all email coming from an IP, you risk blocking legitimate email along with the spam. Instead, we recommend that you get a proper spam filter (like SpamHero).

If you really want to use UCEPROTECT, make sure you only use their UCEPROTECT1 blacklist (aka UCEPROTECT-Level 1). Their website explains why, but here's a brief summary to save you some reading:

UCEPROTECT1 (UCEPROTECT-Level 1)

This blacklist contains individual IP addresses that are actively spamming. According to the UCEPROTECT website, efforts are made to only include IPs that will not negatively impact legitimate messages. There will always be some legitimate messages blocked with any blacklists, but this blacklist is used by a lot of mail servers.

UCEPROTECT2 (UCEPROTECT-Level 2)

This blacklist blocks a range of IPs that are in the same neighborhood as IPs that are spamming. As mentioned on the UCEPROTECT website, mail servers that use this list will block some legitimate email. Mail servers that aren't used for mission critical applications may choose to use this blacklist when lost email isn't a big deal.

UCEPROTECT3 (UCEPROTECT-Level 3)

This blacklist blocks huge ranges of IPs and is used as a way to put pressure on large network providers that are not handling spam complaints quickly. Because the blacklisting shows up on sites such as MXToolBox, it will usually result in lots of users complaining to the network provider when they see their IP included in one of these massive IP range blocks. No competent email service provider would use this blacklist as it would block mass amounts of clean email. There is a warning on the UCEPROTECT website about using UCEPROTECT3 (although it seems a bit understated there).

Why are we writing about this?

This article was written because occasionally one of our network providers ends up getting their entire network listed on the UCEPROTECT3 blacklist. When this happens, we see almost zero impact in deliverability of our emails (including from our outbound service) as most mail server admins know that UCEPROTECT2 and UCEPROTECT3 should not be used to block email. When UCEPROTECT3 blacklistings are detected, we work with our network provider to get the issue resolved, which can sometimes take a few weeks.

Last updated January 9, 2024