Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Russian Ladies Spamming Information

10 views
Skip to first unread message

df...@frymulti.com

unread,
Apr 10, 1997, 3:00:00 AM4/10/97
to df...@frymulti.com

The "SVETLANA Agency", supposedly of St. Petersburg, Russia, has been
posting to the Net and spamming people with email for weeks now,
using the address in...@svetlana-spb.com. We have started to receive
complaints about it because some of their mail headers indicate that
we (frymulti.com) are the source of their mail.

It is clear that we're just an SMTP host for their outgoing mail. The IP
address their server claims to be (IP 193.23.123.43) is bogus. Our
logs indicate it is really coming from the 139.92.42.0 class C. We were
able to trace this back to dialup SLIP accounts being used at the IBM
network in the Netherlands. We have sent them a message detailing which
accounts were being used at precisely which times so they should be able
to shut them down. Our note was sent to euib...@ns.ibm.com. Is there a
better email address to use?

What's annoying is that there is about a one hour gap between each spam
message that Svetlana sends through frymulti.com. This indicates to me
that they're using a series of SMTP hosts in a round robin series to avoid
detection. So, besides spamming USENET and people via email, they're
exploiting other servers to do it.

If you check, you'll see that svetlana-spb.com gets its DNS from
nancynet.com, an apparently-well-known spam organization.

I wanted to detail this report to the Net so you can help me stop it.
Contact me at df...@frymulti.com if you need any more information.

David Fry
Fry Multimedia

PS I'm posting this through Deja News since our newserver is down.

-------------------==== Posted via Deja News ====-----------------------
http://www.dejanews.com/ Search, Read, Post to Usenet

Andrew Gierth

unread,
Apr 10, 1997, 3:00:00 AM4/10/97
to

>>>>> "dfry" == dfry <df...@frymulti.com> writes:

dfry> We were able to trace this back to dialup SLIP accounts being
dfry> used at the IBM network in the Netherlands. We have sent them a
dfry> message detailing which accounts were being used at precisely
dfry> which times so they should be able to shut them down. Our note
dfry> was sent to euib...@ns.ibm.com. Is there a better email
dfry> address to use?

ab...@ibm.net

--
Andrew.

0 new messages