This message is being sent to the listserv listowner's mailing list, and to the addresses listed in the SOA records for Brigham Young University and University of Utah. About one month ago, someone began forging posts to every listserv mailing list in existence, promising the placement of romance ads in Russian newspapers in return for US cash. I, as well as other listowners, believe that this is a scam, and even if it is not, it is certainly a huge abuse of the internet and a waste of listserv list owners' time. My efforts to trace this person ended at utah.edu, when I sent a message to the postmaster there and received no response. Now that a second message has been posted, I think that it is high time that people from BYU and Utah.edu got involved in order to stop these postings. Presumably, these abuses are in violation of the terms of BYU and Utah's internet provider, Sprintlink, and so I think it is very much in their interest to put a halt to these postings if they are coming from within their domain, or at least to help in the investigation to help pin down the perpetrator. This last batch of messages was posted from the clearly forged address [log in to unmask] I will quote from the end of the posting: ------ I am posting anonymously because of the flames and volume of inquiries that would result otherwise. I think those who are truely interested will take the time to write. _____________________________________________________________________________ To: probable flamer Subject: polite note Although Olga has never seen a newsgroup nor heard of "net-etiquette," she believes that offering lonely singles the possibility of romance exceeds the cost of angering those who feel the net shouldn't be used in this fashion. IHA (I humbly ask) that you not flame the postmaster of this site. peace. . . ------- I believe that "Olga" is wrong: the cost of her messages in people hours and network bandwidth far exceeds their value. The headers from this round of messages don't help much in tracing the person. Here is what I determined from the last round of these messages: The original post went through a machine at naic.nasa.gov. The postmaster of that site checked his records and found a connection from emcb015x.utah.edu that corresponded to that message. The headers from that post, as well as this one, claim to be from physics1.byu.edu (128.110.56.15). physics1.byu.edu is 128.187.18.57, not 128.110.56.15 as the header of this message says. 128.110.56.15 has an A record for: emcb015x.utah.edu. I what this probably means is that someone connected from emcb015x to naic, claiming to be physics1.byu.edu. That means that the person *probably* has some kind of access to emcb015x, whatever machine that is. This goes some way to confirm my suspicion that the originator of this spam is someone, whose name might or might not be David, who has access to emcb015x.utah.edu. There's no HINFO record for that machine, so I can't tell what it is; nor can I telnet to it. This makes me think it's a PC of some kind. The name of the machine makes me think that it might be in a computer cluster somewhere, which would make finding this person difficult. Perhaps the postmaster at Utah can shed some light on this. I am more than happy to answer all inquiries on this subject. Please feel free to send me email directly if you have any questions. Lee Silverman [log in to unmask] http://www.netspace.org/users/lee/ Live each day as if your life had just begun. -- Goethe