Moved to a new floating IPv4 address for mail.grapheneos.org so Microsoft blacklisting the previous one is no longer an issue.
It's only $2.88 CAD + 13% sales tax for each address so we're just going to park ones with bad routing or blacklisting issues for the time being.
Conversation
The 3 particularly problematic IPv4 addresses we've gotten are from the same 51.222.17.0/24 block. I'm just going to retire them and get OVH to replace them with new ones because they're something seriously wrong with that IP block. Every other IP address has way saner routing.
3
6
Replying to
OVH is (used to be?) pretty relaxed about abuse reports, there is a pretty long history of abuse that lead to many of their blocks getting blacklisted in e.g. DNSBLs.
Usually only individual /24s were blacklisted if repeat offenders used them.
1
Replying to
That's completely fine though because every reasonable blacklist allows you to get an individual /32 whitelisted despite them blacklisting the /24. It doesn't take much time to get all the legacy stuff cleaned up.
UCEPROTECT extortionists are an exception but it doesn't matter.
1
1
Nearly every reasonable blacklist also has expiry dates for them so it eventually gets back to normal.
Issue we ran into is that Microsoft has a special blacklist for hotmail.com, outlook.com, etc. with PERMANENT blacklisting and a broken appeal system.
We use a free service to monitor for IP or domain blacklisting. Never had issues with the domains and IPs were easy to keep clean for everything other than UCEPROTECT /24 and AS.
Recently changed when our new VPS IP + batch of new floating IPs were all blacklisted by Microsoft.
1
Put substantial effort into trying to appeal the bans through their official form and the email follow-up.
It was a huge hassle to even get a standard copy paste response from them saying that the IPs are not eligible for whitelisting. It's now resolved by just using new IPs.
1
2
Show replies
Replying to
Good point, I distinctly remember having issues with getting Hotmail (Outlook.com) to reasonably assess sender reputation. It did not go well. Colocation hosts not giving a crap about their blocks didn't help the situation either.
1
Replying to
I could probably get OVH to give me a whole /24 but it'd be a huge waste of money and it's not worth it. Have a bunch of floating IPs for our services and only 3 of them in this bad IP range are on their blacklist. It's a bad IP range for other reasons. It's just broken somehow.
1
Show replies