NinerNet Communications™
Blog

Corporate Blog

Continual problems with South African ISPs and mail service providers (Afrihost and Xneelo) New entry in the last 24 hours.

27 July 2025 23:36:22 +0000

I’ve just spent about seven hours writing a long, detailed and evidence-based reply to a client who just receives nothing but BS, delay tactics and obfuscation from a South African mail service provider named Afrihost. (Please see here for the details of the never-ending Xneelo debacle, which is similar.) I am posting this here so that I can at least get some mileage out of this waste of seven hours of my life, on a Sunday.

Names and addresses have been changed or redacted to protect the guilty.

Hi Bob,

Thanks for your email. You only sent one side of a supposed email
exchange with Afrihost; there was no "back-and-forth" so I see no
evidence, namely domains (besides your own domains, which are only one
side of the equation, and hotmail.com), IP addresses, dates, times and
(most importantly) bounce messages. In particular I see no evidence --
no *proof* -- on Afrihost's side that what they are saying is true.
Anybody can say and claim anything they want, but it's pointless if
they don't back it up with evidence.

Unlike in politics, everything I have said in the past about email and
everything I will say in the future (including below) is technical and
backed up by hard evidence. Lying to paying clients is a complete waste
of time and will not end well, but it seems that the support
departments of bigger companies like Afrihost are schooled in BS and
delay tactics, rather than providing actual support or admitting fault
and actually fixing their broken systems.

This email is long (I won't apologise) because email is complicated and
this message is based on the work that Afrihost won't do to address
your one puny complaint because they have a lots of other complaining
customers to BS with their lies. The hours (about six so far today just
to answer your email full of Afrihost lies) of work *I* have to do to
give you a full and honest answer and explanation is something that
doesn't increase their share price, so they won't do it. But my efforts
seem to be worthless because everyone seems to believe BS these days
rather than concrete proof.

Here is my actual evidence / hard proof:

* https://multirbl.valli.org/lookup/ucebox.co.za.html
* This is a domain-based list of mail servers that are in blacklists,
and this is a search based on ucebox.co.za, which shows their domain in
one blacklist.

* https://multirbl.valli.org/lookup/smtp.ucebox.co.za.html
* This is the same as above, but with the alleged name of their sending
(SMTP) server (definitions below) provided in the Afrihost message
below, and the results show that their SMTP server is in the same
blacklist.

* https://multirbl.valli.org/lookup/197.242.159.57.html
* The sub-domain smtp.ucebox.co.za resolves to twelve different IP
addresses. This is a search for one of those IP addresses, and that IP
address is in five blacklists!

* https://multirbl.valli.org/lookup/41.76.215.28.html
* Like the search above, this is a search for another of their twelve
IP addresses -- both this one and the one above are random choices because
I'm not repeating the search twelve times when the results for *two* of
them are bad enough. This IP address is in six blacklists!

A quick glance shows that the blacklists all seem to be the same (which
is not surprising), so they are not in a total of 13 blacklists, just
the greatest number of 6. In comparison, NinerNet's mail server is in
three:

https://multirbl.valli.org/lookup/178.62.195.26.html

The point is not to compare numbers and say that our number is smaller
and so we're better; the point is to say that we're aware of the
problem, and the information we have provided on our blogs (
https://blog.niner.net/tag/email and https://status.niner.net/tag/mail
) goes towards explaining certain things.

In there we explain our presence in two of the blacklists (Ascams and
UCEPROTECT), which cover every single one of the IP addresses owned by
our data centre; it is *not* because our mail server has done anything
to be in that blacklist. The only full remedy to that problem is for us
to move our mail server to another data centre with another company,
which is not something that we can do on a whim and without
considerable forethought and planning, but which we *will* be doing on
the next move. What we do to overcome this problem is to redirect all
email to certain domains through our secondary SMTP server; problem
solved. It's impossible for us to know in advance what those
destination domains are, but as soon as one is reported by one of our
clients we direct all future messages to that domain through our
secondary SMTP server. Problem *immediately* and *fully* solved. (By
the way, hotmail.com is one of those domains, which is why you'll
receive this via our secondary outbound/SMTP mail server.)

The third blacklist (Polspam) is a Polish blacklist. It's a bit more
complicated to determine why we're on that list, but my *educated* (I
emphasise) guess is that we're on it for the exact same reason we're on
the other two blacklists, because all of our data centre's IP addresses
are blacklisted.

Have you asked Afrihost why they are on at least six blacklists and
what they're doing about it? I believe the answer to that question is
"no", and even if you asked you will *not* get an answer, or you will
be told in relatively polite terms that you don't know anything about
email and that they are perfect and NinerNet is the problem ... the
aforementioned BS. This is similar to the issue with another South
African ISP, which we have documented exhaustively at:

status.niner.net/2024/01/19/email-messages-from-xneelo-formerly-hetzner-south-africa-senders-blocked

We don't get into these arguments with non-South African ISPs and mail
service providers, so I'm forced to come to the conclusion that South
African's don't give a damn.

Definitions:

* Blacklist (also "blocklist" for those that want to be politically
correct): A list of servers -- usually based on their IP addresses, not
domains -- that have sent spam or malware in the recent past. The full
definition is broader than that (as I've partially explained above) but
if you want a longer explanation than this already long email I suggest
you use an Internet search engine I refer to below. Blacklists exist to
remove servers from the email system that have shown problematic
behaviour in the *recent* past so that legitimate receiving mail
servers -- such as NinerNet's -- don't have to process "junk" email,
and legitimate email receivers -- such as you -- don't have to read and
process junk email.

* BS: This is about as profane as I will get in communications with a
client, although in situations like this it's getting more and more
difficult not to turn the air blue. It's an adjective, a noun, a verb
and probably various other parts of speech. If you're unclear on the
meaning, that's what Internet search engines are for.

* SMTP: Simple Mail Transfer Protocol. This protocol is how mail
servers communicate with one another, and the term "SMTP" is also used
as an adjective.

* Various other colour lists: They exist, but neither Afrihost's
domains nor IP addresses are in any, so I won't get into what they are
and are not.

I took a look at [YOUR WEBSITE]. I note that
(assuming that's you) you're involved in "Compliance & Business
Solutions", and that, "[You] believe that great businesses are built on
strong systems, clear strategy, and full compliance." Email is all
about "compliance" with "standards" which, as benign as that word
sounds, are actually the non-negotiable "rules" that have to be
followed to get an email message from point A to point B. Afrihost have
made all sorts of claims in the email you forwarded to me, but they
have not told you how you can check on those claims. On the other hand,
NinerNet has shown you all the third-party evidence that backs up the
claims I've made.

I will address some of the things they have said:

* "We’ve confirmed that the messages from [YOUR EXTERNALLY HOSTED EMAIL
ADDRESS] are successfully sent and accepted by the outbound mail relay
(smtp.ucebox.co.za) with a 250 OK response, indicating successful handoff.":

* While I'm willing to accept that someone has made a mistake in their
rush to get to the next complaint from one of their customers and I
don't want to be pedantic, an "outbound mail relay" does not "accept"
email messages (as far as this issue is concerned), it offers/sends
them. The "250 OK response" is what they see in the logs on their mail
server, but since they didn't actually provide the specific lines of
the logs (with dates and times) NinerNet has absolutely no way of
correlating their claims against the corresponding lines in the logs of
our mail server. This is how auditing works, as you would very well
know from the list of qualifications on your website.

* "Additionally, the same emails are being successfully delivered to
[HOTMAIL ADDRESS], which confirms there’s no issue on our end
with sending or authentication (SPF, DKIM, and DMARC all pass":

* Again, NinerNet is not Hotmail and doesn't know how Hotmail servers
work. It does *not* confirm *anything* other than the fact that Hotmail
and NinerNet handle email from blacklisted IP addresses differently. And
they didn't tell you how to confirm that their claims that their "SPF,
DKIM, and DMARC" all pass. I took a quick look at some of their public
DNS records -- did I mention how many hours I've already spent on this
reply? -- and at least one of them are broken. It's not a significant
one, but if they can't get one of them right how and why should I or
you assume that they got the rest of them right?!

* "You may check if there is [sic] any server-side filters or rules
that might be rejecting, flagging, or silently discarding these
messages. if not, you may whitelist the domain at the [YOUR DOMAIN]
side and check again.":

* This is a good idea. I have checked whatever blacklists you might
have in place through the control panel on the mail server and you
don't seem to be blocking anything relevant, but you will have to log
into the webmail to see if there are any filters in place there that
could be causing a problem. I have looked for ucebox.co.za and the IP
addresses that smtp.ucebox.co.za uses in our server-wide blacklists,
and they are not there. That means that if email from their servers to
our server are bouncing -- that hasn't explicitly been stated -- then
they're bouncing because of the blacklists their servers are in. This
means that the blacklists are working as intended and as advertised,
which I consider to be a good thing.

While in the control panel I had a look at the logs of email you've
received at [YOUR DOMAIN], and I note four recent email messages
successfully received from [YOUR EXTERNALLY HOSTED EMAIL ADDRESS]:

* RE: Bank confirmation letter, Lease agreement and Invoices.
* 2025-07-26 11:44:09 CAT

* TEST
* 2025-07-27 12:23:03 CAT

* Last Test
* 2025-07-27 12:23:15 CAT

* test new
* 2025-07-27 17:08:37 CAT

Those were all successfully received, which makes me wonder why I have
spent six hours writing this email. For that reason I will end this
message here and claim, like Afrihost, that there is no problem.

Craig

On Sun, 2025-07-27 at 15:07 +0000, [NINERNET CLIENT] wrote:
> Hi Craig,
>
> Trust you are well? Please see below emails and my back-and-forth
> exchange with Afrihost. None of my emails from my [EXTERNALLY HOSTED DOMAIN]
> domain is being received by our [NINERNET-HOSTED DOMAIN]. are you able to check
> into it please?
>
> Thanks and Regards,
>
> [NINERNET CLIENT]
> [PHONE NUMBER]
>
>
>
> From: Afrihost <hosting@afrihost.com>
> Sent: 27 July 2025 16:59
> To: [NINERNET AND AFRIHOST CLIENT]
> Subject: [#PXQ-982-73116]: blocked emails
>
> Hello there.
>
> Following up on the issue regarding non-delivery of emails to
> [NINERNET CLIENT]:
>
> We’ve confirmed that the messages from [AFRIHOST-HOSTED EMAIL ADDRESS]
> are successfully sent and accepted by the outbound mail relay
> (smtp.ucebox.co.za) with a 250 OK response, indicating successful
> handoff.
>
> Additionally, the same emails are being successfully delivered to
> [CLIENT'S HOTMAIL ADDRESS], which confirms there’s no issue on our end
> with sending or authentication (SPF, DKIM, and DMARC all pass
>
> You may check if there is any server-side filters or rules that might
> be rejecting, flagging, or silently discarding these messages. if not
> , you may whitelist the domain at the [CLIENT'S DOMAIN] side and check
> again.
>
> Regards,
> Sreehari RS
> Check out some of our hosting tutorials by going to the following
> link:
> https://answers.afrihost.com/video-hosting

--
NinerNet Communications | Craig Hartnett
* https://www.niner.net | [EMAIL ADDRESS]
Phone: +1 604 630 1772 | +260 96 209 8871 | 1 855 NINERNET

We do not have these discussions with our clients about ISPs and mail service providers in Europe, North America, South America, Asia or Oceania. Incompetence seems to be concentrated in South Africa.

Tags: , , ,
Categories: Warnings
2 Comments »

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all it entails. This includes concomitant industries and activities such as domain registration, SSL/TLS certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc email encryption facebook google happy hosting customers hosting transfer icann invoices iphone kwacha maintenance paying your bill paying your invoice quarterly kwacha rate review rates registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours spam ssl ssl/tls support transparency wordpress zamnet

Resources:

On NinerNet: