Friday, July 16, 2010

Incredible !ndia - Part I

Incredible !ndia is always incredible, even their spams are incredible too. If you are the spammer who sent us this spam, please take note that your package is NOT incredible at all, we could get something cheaper with better quality.

And if anyone ever trust any company from this incredible country, good luck to you and be prepared to enjoy your marvelous time in shouting, screaming and table banging.

We did report this to GMail, but we doubt they will do anything about it since they are too busy in handling all other stuffs (e.g. http://www.msnbc.msn.com/id/38037689/ns/business-careers).

Header
Return-Path: rasmita.seo@gmail.com
Received: from mail-gy0-f174.google.com (mail-gy0-f174.google.com [209.85.160.174]) by mail.elohkcalb.com with SMTP; Fri, 16 Jul 2010 16:49:45 +0800Received: by gyh4 with SMTP id 4so1410777gyh.33 for multiple; Fri, 16 Jul 2010 01:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=+Co92QyGRgThegXgm+rEzEo0r+Vbxfr/9RdB3BUcX1Y=; b=Mz3b5ascRmeaGnxewFgcILwgbkOE06cWXwnRkKL/n0921W/MSYmbDR7W8xVcgbfWUE yOU8e8GMDLUCnM4KaRlmc0TXsvLnwKpf/wYzkxtFuvZ0FCToL7MT+Q3/zwVlI9Tx5vpD u3D2EDAhVkFGi2UMABIRpO90Rqla7eWGPcXfA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=refQ6o/DoJk1tX6l+rwrRYMfH6LtIQ+91fhCjlqrpY1ny32kLk6Yc6sE4hfXKHB5Gw 81y/vtLGhXqO2oLpeLMjTmobKMh8/zcOggnH71NlABfiqkssNk3ual7iANFhrhZ2Tzog +QGvJk/mL1f8iY23S/CMV+Kgnal3M6HBw+l+8=
MIME-Version: 1.0
Received: by 10.100.31.7 with SMTP id e7mr862768ane.213.1279270202552; Fri, 16 Jul 2010 01:50:02 -0700 (PDT)
Received: by 10.101.115.9 with HTTP; Fri, 16 Jul 2010 01:50:02 -0700 (PDT)
Date: Fri, 16 Jul 2010 01:50:02 -0700
Message-ID: AANLkTil_abQQSJeZobOjiO8gaJ2ggwZnLosftk5Imhpi@mail.gmail.com
Subject: Proposal for SEO (Search Engine Optimization) work services in Affordable Rates From India
From: rasmita.seo@gmail.com
To: nobody@elohkcalb.com
Content-Type: multipart/alternative; boundary=0016e647162efeb3e0048b7d4db7X-

Subject
Proposal for SEO (Search Engine Optimization) work services in Affordable Rates From India

Content
Hi,
Greetings of the day,
Are you looking for Affordable (SEO) Search Engine Optimization Services From India For Outsourcing Seo Work?
......

[Skipped as we are not going to advertise for spammer.]

......
--
Thanks
Rasmita (Marketing Executive)
New Delhi-India

Wednesday, July 14, 2010

notice protect-- internet trademark intellectual property safeguard

If you have received something similar to this, we encourge you to ignore such emails if you have no intention in running your business in the stated region. Even if your business plan does cover the listed area, please go ahead and register the domain names on your own.



From: "John" john@ygnetwork.com.cn
Sent: Sunday, April 18, 2010 4:50 PM
To: nobody@elohkcalb.com
Subject: notice protect-- internet trademark intellectual property safeguard

Dear Manager:

We are a Domain Name registration service company, which is a professional Internet Domain Name Registration and dispute resolution organization in China.On April.15th,2010, We received HAITONG Investment company's application that they are registering the name " elohkcalb " as their Internet Keyword and " elohkcalb .cn "?" elohkcalb .com.cn " ?" elohkcalb .asia " ?" elohkcalb .hk "domain names etc..,It is China and ASIA and HongKong domain names.But after auditing we found the brand name been used by your company. As the domain name registrar in China, it is our duty to notice you, so I am sending you this Email to check.According to the principle in China,your company is the owner of the trademark,In our auditing time we can keep the domain names safe for you firstly, but our audit period is limited, if you object the third party application these domain names and need to protect the brand in china and Asia by yourself, please let the responsible officer contact us as soon as possible. Thank you!

Best regards,
John
Oversea marketing manager
Tel:+86(0)21 6296 2950
Fax:+86(0)21 6296 1557
web:www.ygnetwork.cn



Unfortunately we have not received one such email yet, if we are feeling lucky one day, we'd give them the following response:

Dear John,

Firstly, thank you for your unnecessary audit.

We highly appreciate your effort in copying and pasting the email from your template. As your template contained tons of grammer mistakes, we have no choice but to gather all our researchers in helping us to flip some words, twist some characters, and crunch some roaches that accidentally flew into our lab. Trust us, we have put in massive effort in trying to decipher the message that you encoded.

In any case, after 7x7=49 days of non-stop analysis, we are forced to put this to a halt due to insufficient investor fundings. Since your company and you are somehow related to HAITONG Investment company, we would like to seek your help in getting them to fund us, so that we can continue to analyze your email in greater detail. Without such funding we would not survive, and that will definitely cause some of our best researchers to lose their job and worse, the problem may futher deteriorate and turn into a hopeless society since there are now more jobless people on the street.

If you managed to persuade HAITONG Investment company in providing us the funding, please kindly contact us immediately, and we will definitely give you some rewards for your effort. If you've tried but fail to obtain the funding agreement, we'd suggest that you pass the case to your manager or someone who has the ability to do so. We will still reward you, but the incentive would definitely be lesser as compared.

Once the funding agreement is sealed, and now we are all in one big happy family, you may then proceed to help HAITONG Investment company in registering all the domain names that they requested, including but not limited to the followings: elohkcalb.cn, elohkcalb.com.cn, elohkcalb.asia, elhokcalb.hk. You might also want to recommend them to register elohkcalb.net, elohkcalb.org, elohkcalb.biz, elhokcalb.us with the rest of the 300+ ccTLDs for a greater future.

Last but not least, thank you very much for wasting your time reading this email.

Have a great day.

Regards,
eLohkCalb Domain Director.

PasteLeft (P) 2010 eLohkCalb Corporation. No Rights Reserved and Unauthorized Duplication is in no way Prohibited.

Guang Dong Spam Factories

Guang Dong, is indeed (in)famous for their spams. Since we do not support users from this spam-made-famous hotspot on Earth, we happily blocked all the IP addresses that knocked our door and the result has been good. Most of them are dynamic IPs, which shouldn't be saying HELO to our servers in the first place anyway.

Guang Dong - ChinaNet
61.140.0.0 - 61.146.255.255
183.7.0.0 - 183.7.255.255

Guang Dong - Unicom
120.82.0.0 - 120.82.255.255
221.4.0.0 - 221.5.127.255

Guang Dong - Railcom
58.253.19.205

Well, if you choose to do or have done something similar, we welcome you to add your feedback in the comments. :-)

Something about YSmtp

[Note: There's an updated post on this topic]

YSmtp, and I'm sure you know who owns them. Well, they are pretty good in filtering of emails, good in the sense that they always try to park all incoming emails in your bulk folder.

With a legit email and clean server, this is what happen when you try to send an email with attachment larger than 2MB into their network, and we wonder if this is how they can offer unlimited email space since huge (if you consider 10MB as HUGE) emails are guaranteed to be dropped.

And by the way, filing this as an issue to their so-called customer care is as good as sending letter to Atlantis.

[53018] Connecting to 206.190.54.127
[53018] Connection to 206.190.54.127 from 205.209.161.186:64570 succeeded
[53018] RSP: 220 mta1048.mail.re4.yahoo.com ESMTP YSmtp service ready
[53018] CMD: EHLO mail.elohkcalb.com
[53018] RSP: 250-mta1048.mail.re4.yahoo.com
[53018] RSP: 250-8BITMIME
[53018] RSP: 250-SIZE 41943040
[53018] RSP: 250 PIPELINING
[53018] CMD: MAIL FROM:nobody@elohkcalb.com SIZE=9797062
[53018] RSP: 250 sender nobody@elohkcalb.com ok
[53018] CMD: RCPT TO:somebody@yahoo.com
[53018] RSP: 250 recipient somebody@yahoo.com ok
[53018] CMD: DATA
[53018] RSP: 354 go ahead
[53018] The smtp session has timed out.

Sometimes you would get this too:

[53018] Connecting to 67.195.168.230
[53018] Connection to 67.195.168.230 from 205.209.161.186:64585 succeeded
[53018] RSP: 421 4.7.0 [GL01] Message from (205.209.161.186) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html
[53018] CMD: QUIT


Disclaimer
1) The actual IP in log was not 205.209.161.186. We are using this IP to showcase the examples but feel free to do whatever you want with it. It is one of the IP that we blogged about in the bulletproof datacenter entry.
2) Email addresses in the examples are faked for safety reason. Again, you are free to do whatever you want to these addresses.
3) Whatever you do to the IP and email addresses listed in this blog entry has nothing to do with us.

Saturday, July 3, 2010

HitCartel/JZL plans to concur the world!

HitCartel (or JZL), if you prefer us to call you that way, please read up on SMTP protocol. HTTP commands will not (and will never) be understood by an SMTP server, unless you plan to concur the world by converting all other protocols into a HTTP-only realm.

First attempt - check if the cow is awake?
[69.61.33.154][269048] rsp: 220 mail.elohkcalb.com
[69.61.33.154][269048] connected at 7/3/2010 9:16:57 AM
[69.61.33.154][269048] rsp: 421 Command timeout, closing transmission channel
[69.61.33.154][269048] disconnected at 7/3/2010 9:18:59 AM

Second attempt (2 hours later) - talking to a cow with sheep language
[69.61.33.154][9698403] rsp: 220 mail.elohkcalb.com
[69.61.33.154][9698403] connected at 7/3/2010 11:03:06 AM
[69.61.33.154][9698403] cmd: GET http://www.hitcartel.com/proxy_testing/proxy_test.php?ip=69.61.33.154&type=noip HTTP/1.1
[69.61.33.154][9698403] rsp: 500 command unrecognized
[69.61.33.154][9698403] cmd: User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
[69.61.33.154][9698403] rsp: 500 command unrecognized
[69.61.33.154][9698403] cmd: Host: http://www.hitcartel.com/
[69.61.33.154][9698403] rsp: 500 command unrecognized
[69.61.33.154][9698403] cmd: Accept: */*
[69.61.33.154][9698403] rsp: 500 command unrecognized
[69.61.33.154][9698403] cmd: Proxy-Connection: Keep-Alive
[69.61.33.154][9698403] rsp: 500 command unrecognized
[69.61.33.154][9698403] cmd:
[69.61.33.154][9698403] rsp: 500 command unrecognized
[69.61.33.154][9698403] disconnected at 7/3/2010 11:03:22 AM

Well, you have just made the day for us. :-)