Neptura Oy, Credo power Oy, Reality Interactive Oy, Axion Suomi, Rapid Investment Ltd, Spamming, Fraud, And Who Knows What Else

Since a few months earlier, a few interconnected Finnish businesses have been spamming a list that isn’t documented (but is clearly based on Finnish Business Information System data) with messages regarding “your [mobile, Internet, whatever] subscription update” (original Finnish: Liittymäpäivityksestänne) or “Contact” (original Finnish: Yhteydenotto).

Elisa Oyj, the ISP, appears utterly inept and incapable of dealing with the problem.

The spamming originally started in February 2015. Here’s a sample from March.

From Mon Mar 16 hh:mm:ss 2015
Return-Path: <>
Received: from (               
        by x (Postfix) with ESMTP id x
        for <x>; Mon, 16 Mar 2015 hh:mm:ss +0200 (EET)    
Received: from PUDDELrealitylocal ( [])          
        by (Postfix) with ESMTP id x
        for <x>; Mon, 16 Mar 2015 hh:mm:ss +0200 (EET)
MIME-Version: 1.0
From: Esa Kaasila <>
To: x
Subject: Yhteydenotto
Date: Mon, 16 Mar 2015 hh:mm:ss +0200
Message-ID: <x@PUDDEL>
Content-Length: 2934
Lines: 57
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable

Terve x,
Kiinnostaako säästö?
Me tarjoamme Suomen parhaan asiakaspalvelun sekä 30-50% säästön verrattuna nykyisiin yritysinternet- ja puhelinliittymien kustannuksiin.
Kuulostaako uskomattomalta yhtälöltä? Me Credopowerilla laskemme turhan ilman pois hinnoista.
Arvomme vastanneiden kesken 5 kylpylälomaa 27.3.

Ystävällisin terveisin

Esa Kaasila
Credopower Oy
+358 50 5532321

The spam does not indicate anything about the address source, which in itself makes it illegal (Personal Data Act, Section 25).

It (solely) refers to a Finnish limited company, Credo power Oy as the originator. The phone number 050 5532321 is currently unlisted, but belonged to (yet another individual) at Credo power Oy at the time this first happened according to Fonecta’s online phone book.

The people behind Credo power Oy are documented on, Miro Palmu as the chief of everything and currently Aleksandra Agareva as the required vice member of the board (was somebody else at the time).

The message appears to have been handed to the consumer mail servers of Elisa plc by a static host in their network (no WHOIS suballocation to anyone for 194.157/16), with a domain name ( registered personally to somebody named Teemu Sorri but intimately connected with Reality Interactive Oy, behind which is (as documented on surprisingly only a vice member of the board, Tuukka Sorri.

It also refers to a domain name ( registered through a WHOIS anonymization service. There is no web page directly at [] (in the network of LayerIP in the UK), it redirects to [] (in the network of right here in Finland; domain name registered to BM media Oy right here in Finland). The people involved with BM media Oy are documented on; Teemu Sorri and Benjamin Salutskij. The web pages of indicate BM media Oy as well, with a person called Riku Varjamo as the contact, and the phone number 050 550 8654, which, too, is unlisted.

A request for the description of the personal data file was met with the following surprise denial:

From  Thu Feb 26 15:26:27 2015
Return-Path: <>
Received: from ( [])
        by (Postfix) with ESMTP id 70CE879501B
        for <atro.tossavainen at>; Thu, 26 Feb 2015 15:26:27 +0200 (EET)
Received: from Esbian ( [])
        by (Postfix) with ESMTP id 282058184F
        for <atro.tossavainen at>; Thu, 26 Feb 2015 15:26:26 +0200 (EET)
From: "Esa Kaasila" <>
To: "'Atro Tossavainen'" <atro.tossavainen at>
References: <>
In-Reply-To: <>
Subject: RE: Rekisteriseloste
Date: Thu, 26 Feb 2015 15:26:30 +0200
Message-ID: <003901d051c7$d4f2d450$7ed87cf0$>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHsPPEgqgHpwQb3C/CT8ALm1Q9IUJzLFamQ
Content-Language: fi
Status: RO
X-Status: A
Content-Length: 618
Lines: 22

Emme ole suomalainen yritys.
Yst: EK

In other words, “We are not a Finnish company. BR: EK”

Of course that’s a lie. It was further qualified as follows (headers omitted as substantially identical to the above): kuuluu Iso-Britannialaiselle Rapid Investment Ltd -yritykselle joka valmistaa ja tuottaa markkinointikirjeitä asiakkaan toivomuksen mukaan.
Rapid Investment Ltd ei ole BM Median, Reality Interactiven, Credopowerin, Nebulan, Netmonitorin, Oikeusministeriön (??) eikä Suomispamin asiakas millään tavalla ja ilmoituksesi on näinollen täysin aiheeton. Kiitos kuitenkin huomiosta yhtiötämme kohtaan ja hyvää kevättä kaikille vastaanottajille. En halua jatkaa keskustelua aiheesta muutoin kun kirjepostilla tästä asiasta. Olette tervetulleita vapaasti myös käymään.

Yhtiön yhteystiedot:

Rapid Investment Ltd
6 Beechwood Crescent
LS4 2LL Leeds, England

The UK Companies House does in fact contain a business by that name (Company No. 09352398) but the address is nowhere near Leeds. If Rapid Investment Ltd indeed was involved in this activity, it would be doing so illegally as it has not registered to handle personal information with the Information Commissioner’s Office.

The spams are currently being sent by

From: Mika Korpela <>

using exactly the same Elisa infrastructure as above.

The domain name is registered with the following details:


descr:    Neptura Oy
descr:    21881214
address:  Antti Savander
address:  Renvallinkuja 6 
address:  00840
address:  Helsinki
phone:    0466624156
status:   Granted
created:  26.5.2015
modified: 4.6.2015
expires:  25.5.2018
nserver: [Ok]
nserver: [Ok]
dnssec:   no

That’s the old address indicated in the FBIS entry for Neptura Oy – the current one is as indicated in the spam,

Neptura Oy
Puusepänkatu 5
Hämeenlinna 13100

The phone number in the domain registration is unlisted. The message quotes the phone number 045 611 1294, which is unlisted. The people responsible for Neptura Oy are documented on; they are Ilkka Laakso and Mika Untolehto.

The whole matter stinks to high heaven, and Elisa plc are doing absolutely f… all to stop it.

One Response to Neptura Oy, Credo power Oy, Reality Interactive Oy, Axion Suomi, Rapid Investment Ltd, Spamming, Fraud, And Who Knows What Else

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top