I wrote:
What does it mean to be listed at the UCEPROTECT-Level 1? It means abusive activity was seen from IP 96.86.170.229 directly within the last 7 days.
Concrete allegation: IP 96.86.170.229 tried to deliver mail to spamtraps.
Progress: UCEPROTECT-Level 1 (and all other UCEPROTECT) DNSBLs no longer list 96.86.170.229 . This is reassuring! It would be quite bad if we had unknown spamtraps on the subscriber rosters. I'm still a bit worried, in that it's troubling that at least one (allegedly) was _on_ the roster(s), raising (as I said) the troubling question of whether there is a vulnerability permitting subscribing users without three-way handshake confirmation.
Michael, I hope you will get around to confirming that the local config to add a nonce (or whatever it's called) to the subscription POST data is in place. That is non-default.
https://multirbl.valli.org/dnsbl-lookup/96.86.170.229.html now shows a subset of six out of the (if memory serves) nine recently showing.
Vexingly, the postmaster.rfc-clueless.org one for FQDN balug.org (and thus for lists.balug.org) is still there, although I asked removal. I _hope_ this means that removel request is still pending.
Michael, I would still appreciate your attention to the remaining entries on https://multirbl.valli.org/dnsbl-lookup/96.86.170.229.html . Some, such as SORBs, really ought to be addressed by the system siteadmin. (Again, for SORBS, create a SORBS login.)