LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

"Olga" Mail spam

Lee Silverman <[log in to unmask]>

Wed, 19 Jul 1995 09:58:09 -0400

text/plain (68 lines)

This message is being sent to the listserv listowner's mailing list, and to
the addresses listed in the SOA records for Brigham Young University and
University of Utah.
 
About one month ago, someone began forging posts to every listserv mailing
list in existence, promising the placement of romance ads in Russian
newspapers in return for US cash.  I, as well as other listowners, believe
that this is a scam, and even if it is not, it is certainly a huge abuse of
the internet and a waste of listserv list owners' time.
 
My efforts to trace this person ended at utah.edu, when I sent a message to
the postmaster there and received no response.  Now that a second message
has been posted, I think that it is high time that people from BYU and
Utah.edu got involved in order to stop these postings.  Presumably, these
abuses are in violation of the terms of BYU and Utah's internet provider,
Sprintlink, and so I think it is very much in their interest to put a halt
to these postings if they are coming from within their domain, or at least
to help in the investigation to help pin down the perpetrator.
 
This last batch of messages was posted from the clearly forged address
[log in to unmask]  I will quote from the end of the posting:
 
------
     I am posting anonymously because of the flames and volume of inquiries
that would result otherwise.  I think those who are truely interested will
take the time to write.
_____________________________________________________________________________
To: probable flamer
Subject: polite note
 
     Although Olga has never seen a newsgroup nor heard of "net-etiquette,"
she believes that offering lonely singles the possibility of romance exceeds
the cost of angering those who feel the net shouldn't be used in this fashion.
     IHA (I humbly ask) that you not flame the postmaster of this site.
 
peace. . .
-------
 
I believe that "Olga" is wrong: the cost of her messages in people hours
and network bandwidth far exceeds their value.
 
The headers from this round of messages don't help much in tracing the
person.  Here is what I determined from the last round of these messages:
The original post went through a machine at naic.nasa.gov.  The postmaster
of that site checked his records and found a connection from
emcb015x.utah.edu that corresponded to that message.  The headers from that
post, as well as this one, claim to be from physics1.byu.edu
(128.110.56.15). physics1.byu.edu is 128.187.18.57, not 128.110.56.15 as
the header of this message says.  128.110.56.15 has an A record for:
emcb015x.utah.edu.  I what this probably means is that someone connected
from emcb015x to naic, claiming to be physics1.byu.edu. That means that the
person *probably* has some kind of access to emcb015x, whatever machine
that is.
 
This goes some way to confirm my suspicion that the originator of this
spam is someone, whose name might or might not be David, who has access to
emcb015x.utah.edu.  There's no HINFO record for that machine, so I can't
tell what it is; nor can I telnet to it.  This makes me think it's a PC of
some kind.  The name of the machine makes me think that it might be in a
computer cluster somewhere, which would make finding this person difficult.
Perhaps the postmaster at Utah can shed some light on this.
 
I am more than happy to answer all inquiries on this subject.  Please feel
free to send me email directly if you have any questions.
 
Lee Silverman     [log in to unmask]      http://www.netspace.org/users/lee/
         Live each day as if your life had just begun.  --  Goethe

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM