Jump to content



Recommended Posts

For several months I noticed that much of the Ebay and PayPal phishing junk had been coming from a powweb.com source. My first report to them was acknowledged with a note saying that the problem had been dealt with. The second acknowledgement said something along the lines that had they received my first report they would have acted upon it and stopped the flow of spam.

Recently all spam that I receive from a powweb.com source pretends to be from the Chase Bank. I am getting these on a regular basis now and no other spam is arriving here from this network.

The parser reports this:

Parsing input: 
host = clust10-www01.powweb.com. (cached)
[report history]
ISP does not wish to receive report regarding

ISP does not wish to receive reports regarding - no date available
Routing details for
[refresh/show] Cached whois for : abuse[at]powweb.com
Using abuse net on abuse[at]powweb.com
abuse net powweb.com = admin[at]powweb.com, abuse[at]powweb.com
Using best contacts admin[at]powweb.com abuse[at]powweb.com

Entering other PowWeb IP addresses produces similar reports. Does this mean that PowWeb have no intention of stopping the spam by indicating that they do not want SpamCop's reports? A search of Google and Google Groups suggests that this might be the case. The reports were sent though. Why? I would have thought that the report would have gone to a 'devnull' type address if the ISP has indicated it doesn't want them. Apart from getting the IP addresses onto the SCBL there seems little point in sending reports to PowWeb any longer. I certainly won't bother adding any additional comments.

Any thoughts or clarification would be appreciated.

Link to comment
Share on other sites

I've managed some web sites hosted there and had no problems with the service there, to include anti-spam efforts, control of web-sites and e-mail servers. But have to admit, it's been a while since I've visited their support forums, so things may have changed. The IP you list shows signs of problems at http://www.senderbase.org/search?searchString= .. but in contrast to your other checks, I looked at the (three) servers used in old e-mail I've got and there are no issues on those three. First guess is that some user has a compromised scri_pt file on a hosted site .. historically, this used to be handled pretty quickly by their support staff ... but again, I'm talking a bit historically ... at least 6 months or so ... setting a data point here ...

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.6 .. 1215%

Last 30 days .. 4.0 ... 295%

Average ........ 3.5

at 10:19 GMT -6

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 4.4 .. 803%

Last 30 days ... 4.1 .. 296%

Average ......... 3.5

Link to comment
Share on other sites

PowWeb seem to be well-regarded in general terms: http://www.webhostingjungle.com/powweb/reviewg.shtml


Recent SCBL entries for addresses - 4 of which were currently listed when checked.

Can only imagine that once they receive initial reports with sufficient data to act, they request no further. I would not give up on them - maybe send a manual report or two, see how they respond. Don't really look like the "typical" spambags to me (but then I'm not seeing the same continual round-Robin of spam and evidently they're not sufficiently pro-active to obtain express de-listing.)

... it's been a while since I've visited their support forums, so things may have changed ...


There's a clue. Why not visit the lion's den, ask some questions in their user forums, see if you can snag some official reponse there? http://forum.powweb.com/showthread.php?p=355008 might be a starting point. They seem to have listings on SORBS too, which is probably worth mentioning if you do that - http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...