U.S. is World Leader in Spam

adept256 writes "Sophos outs 'dirty dozen' spam producing countries. And the USA is in the lead by a country mile. 'The United States is far and away the worst offender, accounting for nearly 60 percent of the world's spam. Even though European countries are responsible for less spam, they are still generating millions of junk emails a day,' said Graham Cluley, senior technology consultant at Sophos."

Nigeria?

[slipgun]

Surely Nigeria should be on that list, with all its bank account spams?

While they're at it...

[Hayzeus]

...maybe Sophos could also get around to changing their default "notify recipient" setting on their email virus scanner.

That way, Sophos themselves might produce a little less spam...

Gee! yah think?

[FatSean]

I mean, of course the most spam comes from the USA! Highest concentration of 'net users here yah know. USA generates 60% of spam but I bet the USA has a higher percentage of the network as well.

Its no supprise.

[psycht]

So many broadband & other high-speed connections left wide open that can relay data.

Re:Its no supprise.

[hendridm]

Or perhaps it's all the aspiring entrepreneurs who are trying to make a quick buck with no regard for ethics or other people.

I was born and raised in the U.S., but some of the scams I see just sicken me and the lengths people will go to to make a quick buck. Some people will even take advantage of their friends and family! Who needs enemies when your own brother or sister is trying to guilt you into their latest multi-level marketing endeavor.

No.1 sender and hardest to block

[CdBee]

Most European countries spam can be dealt with by blocking all the Top-Level Domains except the ones you deal with (Turkey, Germany and Italy in my case)

However so many European companies use the .com TLD as to make blocking it impossible due to the amount of essential email that would be stopped.

I wish that the USA had a TLD that was only used there - it would make things so much easier...

Re:No.1 sender and hardest to block

[Samael_666]

Great way to fight spam, just block TLD's ... NOT!
These kind of actions render the concept of email completely useless.

You would want to allow email from other US based servers , but block emails from the rest of the world ?

Re:No.1 sender and hardest to block

So what would you do if one of your friends took a holiday in Brazil? Edit your configuration files to let his emails through for the time he was there?

What about English speakers living in those countries who might want to contact you in English? Right now, they email you and get a snarky reply saying you don't understand Spanish. Great, but they actually wrote in English. Your patronising assumption that everyone else is as monolingual as you is doing nobody any favours.

When was this sample taken?

[nebaz]

I wonder if the recently passes Federal Anti-Spam legislation has had any effect on these numbers. Obviously not a big enough one, since according to these figures, so much spam still comes from the U.S. If these numbers can be tabulated, can they not also report the offenders to the police?

I also wonder if there is any way to bring the issue of unprotected computers to the public. Perhaps negligence penalties of some sort? I don't want to punish the wrong people, but it would be a lot harder to hack into all of these systems if they were administered properly.

Spam from US servers

[YAN3D]

Could be that most spam is coming from US servers is because the US owns most of the IP addresses.

I would have sworn it was CN, TW, KR and similar

[robslimo]

I guess I haven't bothered to track back much of my incoming spam lately. A couple of years ago, I tried to find the origin for each spam I received and, at the time, they mostly came from China, Korea, and S. American countries from ill configured computers running as open relays.

I guess, with the 'spam mafia' installing these zombies on Grandma's computer, the countries with the largest population of lusers online will be the larger sources of spam.

How about normalizing that data?

[Mr.+Underbridge]

Yes, so the US generates 60% of the world's spam. However, what fraction of the world's total email traffic does the US generate? I bet it's near 60%.

Without having some idea of what fraction of a country's email traffic is spam, these numbers just tell you which countries have a bigger internet presence, and absolutely nothing more.

Re:How about normalizing that data?

Very good point, there is no attempt here to adjust the data for population or net use.

However, a quick look at the numbers shows your bet is probably a bit off:

http://www.clickz.com/stats/big_picture/geograph ic s/article.php/5911_151151

e.g. Compare the UK and USA, 34.3 million net users vs 182.13 million. That's a ratio of roughly 6 to 1. Spam production is about 56 to 1 taking the article data at face value. Making the (reasonable?) assumption that email volume is roughly in line with the number of net users in a country, then the numbers are telling.

The question is how much the USA spam stats should be adjusted for others hijaking US computers and other factors...

Either way, the USA probably still comes out way ahead.

higher bandwidth = more spam

[stonebeat.org]

spammers in US also have easy access to higher bandwidth, than any other country.

Re:higher bandwidth = more spam

[dave420]

4,Ignorant assumption

Take Sweden, for example. 10mb connections are standard in many, many houses across Sweden. As for Singapore's national network (ethernet speeds across the whole country), I guess they don't count either.

America isn't the biggest player in many things these days, just in egos, it seems.

Re:So much for the AXIS OF EVIL...

[mwood]

Nah, it's just because we have so many more computers for the bad guys to zombify. (Or, more or less equivalently, we have so many more clueless computer owners.)

The report isn't really valid

[Moryath]

For example, a Nigerian email sent from a hotmail/yahoo account (they almost all are) would seemingly, by this standard, come from the US.

And then there's the thing they themselves point out; their methods of determining origin only go so far, hijacked machines / email routers configured to "wash" the headers of relayed stuff also go a long way to making the numbers invalid.

I still say the ultimate revenge is to paper-spam the big spammers. Sign them up for hundreds of thousands of magazines and all the rest.

The coup de grace would be then to package and mail a spammer the contents of my cats' litterbox the day after feeding them beef 'n' bean leftovers.

Re:The report isn't really valid

[dipipanone]

For example, a Nigerian email sent from a hotmail/yahoo account (they almost all are) would seemingly, by this standard, come from the US.

And how do you suppose is this *not* spam of US origin?

While the author of the email might not be American, the domain and the sysadmin certainly are.

If someone is using Hotmail or Yahoo to whap out zillions of spams, I see that of evidence of an incompetent systems administration in exactly the same way that I'd see someone failing to secure their mail relays in China, and as such, I'd expect that domain to be held accountable for it.

So...

[Universal+Nerd]

Since so many USian companies block all email from the brazilian IPs should I now block all email from USian IPs?

This isn't a troll (despite sounding like one).

I'm very upset that my mail server, a very well maintained with a plethora of spam and virus filters, is blocked by asshat american sysadmins "just because we're spammers".

Re:Who Is Surprised By This?

[akadruid]

...We're the richest, most powerful, most prosperous country in the history of mankind...Leading in spam is a small price to pay...

Dream on sunshine. Ever heard of the Roman Empire? Greeks? British? Germans? Even the French were more powerful in their day. You have some of North America, a little in the Middle East, and not a lot more. The greatest spammer in the history of mankind is not really an accolade to stand in the history books. In time, people will look back and say 'So they were number 1 in a well contended field for a short time... so what?'. You got a way to go yet sunshine. Don't think that one half-assed victory in the middle will make the emperors of old start saying 'Fuck me, wish we'd had that 'e-mail spam' thing to go along with our might legions'.

Damn I just realised I got trolled properly there.

An idea for curbing spam?

[wiggys]

Obviously the "war on spam" needs to be fought on legally as well as technologically (and thanks to the fucked-up CAN-SPAM act some spammers are being given the green-light to annoy the hell out of us legally).

Assuming we ever have laws in place which state that genuine opt-in lists are the only valid way to advertise products then we still cannot sue the spammers who send junk to harvested addresses because of the problems involved with tracing them.

Tracing spammers is difficult/sometimes impossible because any computer on the internet can runs its own SMTP server to send mail to anywhere on the net. 10 years ago when the net was more innocent and less commercially corrup, this was fine, but nowadays this is just too powerful.

The problem is, if some clueless person (which probably accounts for 80% of net users) has their machine compromised by a virus or trojan than their computers are used to send out the spam, and as there are no log files the spammers are virutally impossible to trace.

Now imagine if the only way to send spam was via an approved mail server. For most of us this will be our ISPs, for the rest we will simply subscribe to one of the many official trusted ones.

Now the problem of reporting spam is a lot easier - complaints will be dealt with by the trusted mail servers who keep detailed logs of which customers have logged in to send mail, what IP address they used and at what time.

It doesn't matter if the customer deliberately sent out the spam or if they had been compromised by a trojan - the trusted mail servers can deny their customers the right to send more email until they have had an assurance from their customers that the problem has been fixed.

I'm not saying this is going to end spam altogether, but it should go a long way to curbing it.

What about all the spam which originates from, say, Nigeria or Amsterdam? Simple - unless the trusted mail server takes active steps to eradicating the spam they will no longer be trusted.

Re:Much from compromised computers

[gowen]

high position of Canada

Well, taking my twenty-odd thousand spams as a sample, a lot of Canadian spams come from compromised machines at shawcable / shaw.caclient*.comcast.net and attbi.com, the abuse departments are too lazy^H^H^H^Hoverwhelmed to do anything about them (even easy solutions, such blocking port 25 and insisting mail is relayed through their own SMTP servers, which would kill this spam stone dead at a stroke).

what % of non-spam internet traffic is in the US?

[websensei]

stats are so easy to manipulate or misinterpret.

let's assume the article is correct and 60% of the world's spam is US-based. in and of itself this is meaningless. if > 60% of the net's total content originated in the US, that would make the US better than average for its spam production.

My experience: China and Korea are the worst

[Nova+Express]

This has not been my experience, maybe because my ISP more effectively blocks spam freom the U.S., but far and away the most persistent spammers I've seen for at least the last six months have been for Chinese phramacies. (Korea used to be far and away the worst, but now they're way back in second.) American ISPs (at least all the decent ones) kick spammers and spamvertised sites off their system, but the ones in China keep going and going and going.

If anyone knows a contact at chinanet.net where you can actually reach an administrator (or, better yet, one that speaks English), that would be a very useful thing to have...

Huh?

[e.m.rainey]

The United States is far and away the worst offender, accounting for nearly 60 percent of the world's spam.

Wait, so all of us are responsible for the actions of these spammers? The "United States" itself doesn't spam, spammers do. Perhaps it should have been:

60 percent of the world's spam comes from spammers in the Unitied States.

I believe the guilt would lay correctly with the spammers in this phrasing.

Wrong

[Mr.+Underbridge]

B.S. it isn't a case of "one spam for every x legitimate emails" the number of spam emails and legitimate emails are completely unrelated.

Read the response by the second guy to respond to me. Both legitimate and illegitimate email are going to track with the number of total servers (scaled by how many are unprotected) and number of internet-connected citizens (scaled by how many are internet-connected) among other variables he mentioned.

I mean, actually think about what you're saying. You would congratulate Antarctica for generating 0 spam. If you want to look at this without considering "ham" emails, look at the spam difference - (spam sent = spam received). I would argue that even this difference should be fractioned by how many total emails are sent received which really is a decent measure of internet presence, but even without it, you at least separate net spam "donors" from "recipients"

Honestly, if you don't normalize variables in comparing large sample sets with small, you absolutely cannot compare raw numbers. I could recommend statistical reference texts if you like.

Re:Wrong

[Mr.+Underbridge]

I was objecting to scaling with legitimate emails, not scaling with number of insecure high-bandwidth connections.

Those two variables will correlate highly, and it's easier to count emails than servers.

Re:Poor research...

[gowen]

Who knows how many open relays the spammers use.

Well, thats the point. If Spam that comes through Open Relays, then the Open Relay is treated as the source of the spam, as its their bad netizenship thats allowing it to propogate.

Close the open relays and de-trojan the zombie machines and the spam problem pretty much goes away.

A NEW UNCOVER SECRETS ABOUT ANYONES!! teheknfd

[Westech]

Nah, it's just because we have so many more computers for the bad guys to zombify.

I agree. Just looking at the horribly butchered English that is in 95% of the spam that I get tells me that it not written by someone who's first language is English.

Population Adjusted Values:

[mumblestheclown]

The third column is the one of interest (the second is population, in millions, the third is a sort of spam per person score, where lower a lower score is worse). Long story short, Canada is worse per person than the USA, and netherlands and sourth korea have nothing to be proud of, either, as their governments are doing statistically about an equivalently poor job of keeping the problem in check.

That said, hopefully this study (not my little humor below, the sophos study) begin to, ever so slightly, shut up those people who claim that spam laws are useless because they will just drive spammers from one locale to the next. while this is true at the margins, the fact is that spam, like all business, is foremost local.

1. United States 56.74% 280 493
2. Canada 6.80% 30 441
3. China (& Hong Kong) 6.24% 12400 198718
4. South Korea 5.77% 48 832
5. Netherlands 2.13% 16 751
6. Brazil 2.00% 166 8300
7. Germany 1.83% 82 4481
8. France 1.50% 60 4000
9. United Kingdom 1.31% 59 4504
10. Australia 1.21% 19 1570
11. Mexico 1.19% 95 7983
12. Spain 1.05% 41 3905

Virusses

[ward.deb]

Much spam is made also by virusses...
I would like to know how much spam is coming from Windows users...:P

Re:So much for the AXIS OF EVIL...

[tolan-b]

"What's your point? One's a continent and one's a country dumbass. I bet Asia has more people online than the USA too."

RTFC, 60% of spam comes from the US, but there are more computers outside the US than inside, that means that the claim that the US is only so high because it has so many computers is provably wrong.

Anonymous Proxies

[WormholeFiend]

What is the Slashdotters' opinion on anonynous proxies?

I personally find the web variety very useful to browse Slashdot, since Slashdot banned a large IP range in which I belong, due to some a-hole using scripts targetting this site.

I equate Anonymous Cowards with Anonymous proxies in that they enable trolls, offtopics and first-posters.

I find irony in that for all the anti-spam stance promoted by the slashdot editors and slashdotters in general, this site cant seem to find an uber-geek technical solution to thread-spamming here.

Does anyone know what metric?

[Asprin]

Does anyone know what metric was used to determine these rankings? Was it "country where the first SMTP transfer originated"? Was it "office address of the dude typing in the text of the spam"?

I hate it when dudes publish 'findings' and don't explain how they got them. So much for the scientific method and reproducibility -- they could have made the whole thing up!

[**NOTE** I am not saying they did make the numbers up, but as a matter of journalistic and scientific integrity, when you publish the results and don't publish the method used to determine those results, your cannot be evaluated as anything other than opinion. We're after facts, here, people, not truth. /RANT]

ISPs, please block egress port 25!

[RT+Alec]

I think it is time that ISPs block, by default, all outbound port 25 traffic. Customers can either:

• Use the ISPs mail server (this accomodates 90% right away)
• Use a VPN or SMTP+AUTH(+SSL) on an alternate port to connect to their SMTP server of choice (this accomodates another 9%)
• For the remaining few that just have to run their own SMTP server, let them have a static IP and open up the ports

Of course, some consumer ISPs won't be willing to deal with the headaches of option #3, or perhaps might charge a bit more for it, which is entirely fair. Businesses need to block all egress port 25 period, there is rarely a legitamate need for an employee to run their own SMTP server (unless they work in the IT department, but then they can probably open the port up themselves).

Re:ISPs, please block egress port 25!

"I think it is time that ISPs block, by default, all outbound port 25 traffic. "

Yeah, cuz we all know how well blocking outbound port 80 traffic is working out. In fact, why not block all outbound traffic and only allow inbound traffic, it would simplify the web greatly. The ISPs could just stream content to us, interspersed with advertisements to help subsidize the cost. If you have not noticed yet I'm being just a little bit sarcastic.

I have a counter proposal. How about we just make it illegal to forward spam and make clueless users responsible for their own bloody machines? Then, when they are tired of paying fines they can either reconfigure thier computer, or sue the manufacturer for default settings are hopelessly broken. How does that sound?

Re:ISPs, please block egress port 25!

You know, examples like these always work when you assume that 100% of internet 'customers' are home users. Indeed, if you totally ignore anything but home consumption, this works flawlessly.

However, what idiotic posts like the above don't realize is that the Internet is not made up of home PCs that consume and uberservers that provide. This would be the 'TV consumption' mindset that people seem to apply. The Internet is a lot more diverse than that.

Sure, you pretend to address it by making vague mention of 'IT departments' but who's IT department are we talking about? Backbone providers, bandwidth resellers, large data/hosting centers, large corporations, small corporations? How does the idea of 'block everything port 25' apply to every single one of these situations positively?

As soon as you start making any exceptions to your little 'block everything' rule, everything falls apart with the first open relay or the first NAT that shares an IP with an unrestricted STMP server. I mean, really. The problem is so diverse that even though the 'block everything' idea solves the problem, it's just throwing the baby out with the bathwater.

The problem with those statistics

[marcopo]

is that they do not compare the numbers to the total number of internet users in said countries. Saying the U.S. uses more fossil fues than any other country is true, but more interesting when you see this remains so on a per-capita basis.

additionally, they do not try to find out where the spammers are but only where the messages originate from. as they say, 30% of spam comming from compromised machines is attributed to the location of said machines, not to the spammer's location.

Re:Why am I not surprised

[Serious+Simon]

the police came down hard on a group of about fifty 419 spammers in Amsterdam.

That was hopeful news, but I haven't seen a big drop in 419 scam mails. I am still getting one or two each day...

I started notifying the providers that their reply email accounts are with. The sooner those are shutdown, the less opportunity for their victims to get through a reaction.

If anyone has another suggestion to make life difficult for them I'd like to hear it!

Re:Simple Solution

[wiggys]

Each account (internet access account, not email account) can only send 50 emails per day. More than sufficient for any normal user.

This is a bit too restrictive though - remember, we don't want to penalise ordinary internet users, most days I might only send 10 but some days I could quite happily send more than 50... why shouldnt I be allowed to send more? What if one of my emails was urgent and I wasn't allowed to send?

I also don't like the idea of reviewing people's email traffic (time-consuming for the ISP and a clear violation of privacy), and cutting someone's email off for 24 hours for sending a virus sounds like a Police State. What if I'm emailing a new virus to Sophos to analyse?

Far better we keep the net free as far as possible...

ISP's blocking insecure system on their network?

[rawg]

I'm wondering. As an ISP, could there be a program that scans customer's computers for problems and blocks them until the customer fixes them? This way we could slow the spread of viruses, spam, and other nasty things.

Re:So much for the AXIS OF EVIL...

[MMaestro]

It could just mean that the U.S. has the highest number of hijacked computers compared to the number of hijacked computers in the rest of the world. Sure other places like Asia and Europe may have more computers, but the U.S. has had an established computer base for a longer time than other places. Its not like computers are shipping with hijacked software to begin with.

Re:Statistics, my dear Watson.

[Genjurosan]

Yet isn't this possible, considering that there have been many /. articles stating that the majority of spam originates from a VERY low number of sources? If one of these major sources of spam is always moving the source, then wouldn't a study over a greater period of time be a bit more effective?

I just have a problem with spouting information when the sample was only over a period of two days. It reminds me of what some of the people that I work with call facts, when in fact they miss the big picture by a mile because they were too lazy to collect a large aggregate of data over a lengthy time period.

Re:I HAVE THE ANSWER!

[sogoodsofarsowhat]

Just remember without the good old USA there would be no INTERNET. (know your history)

Re:BZZZT! Wrong!

[kahei]

Could you please learn basic economic terminology before posting? The national debt is the money owed by the US treasury to holders of US bonds, some of whom are foreign and many of whom are not.

Now, please to close mouth and open books. Thank you :)

A Workable Solution to SPAM

In our efforts to fight SPAM, we seem to be ignoring the technique used to fight organized crime leaders. It was tough to get them for their actual crimes, but relatively easy to get them on tax-evasion for the wealth their crimes created.

Most SPAM is trying to sell us something. Why not go after the business itself using local and state laws and IRS audits.? If the local fire department finds a coffee pot on a frayed extension cord, shut the building down for a month. That sort of thing. At the end of the month, let the IRS step in with a detailed audit, then the state labor practices agency for worker safety issues. Give those bureaucrats some raw meat to chew on and maybe they'll leave the rest of us alone.

Word will soon go out that spamming makes life very unpleasant.

Re:So much for the AXIS OF EVIL...

But all the spam from the whole of Europe plus the whole of Asia doesnt add up to half the spam that's from the US...

Why has this degenerated in to an excuse fest?

Re:Only temporary

[eaolson]

And all he has to do with the brain dead SPEWS method is get a new IP which is free.

Which is why SPEWS increases the listing to encompass nearby IPs once the ISP has shows they are willing to tolerate spam. If an ISP is spam-friendly, then any email from their network has an increased probablity of being spam. SPEWS is essentially a quarantine of spam-infected areas of the 'Net.

And nuking villages is an excellent way to kill mosquitoes. It's stupid and ineffectual. And there are blantently obvious and more effective means of dealing with spam without doing more damage than the spammers as SPEWS does.

Stop with the hysterical overreaction and namecalling. No damage is being done to anyone. If you choose to do business with a spam friendly ISP, some of your emails might get rejected. If you choose to live in a crack house, the pizza joint might choose not to deliver to you, too.

To use your mosquito analogy, if those mosquitos were infected with the Ebola virus, it would be a good idea to fumigate not only that village, but the neighboring ones too, just to be on the safe side. That's what SPEWS is; a quarantine.

One of the greatest problems with spam is not the spammer himself, but the spam-friendly networks that are happy to take spammers' money and refuse to kick them off their servers. SPEWS attacks the spam problem at the ISP level, not the individual IP level. It is as much a boycott of those businesses as it is a DNSBL.

No one is forcing you to use SPEWS. If you don't like it, don't use it. In my experience, it helps stem the flood of spam I get, and has no downside, so I'm going to keep using it.

Useless Statistic

[Kaboom13]

While I don't doubt the US has just as large (if not larger) spam problem then the rest of the world, these statistics are useless. They dont explain anything you need to make use of the data. What counts as a spam message? All unsoliticited emails ? What about "legitimate" spam with a working opt-out link, or all that crap people willingly sign-up for. How is the country of origin determined? Most spam tries it's hardest to conceal it's origins. It can be difficult to determine the country of origin of legitimate traffic. Finally, how was the spam collected? I can't think of a way to quickly collect a lot of spam without introducing a bias. Finally, do comprimised machines count? Does the location of the person causing them to send spam count, or the comprimised machine? If they want their data to be taken seriously, they need to be open about the process they used to get it. Also it seems a little convenient a company that sells anti-spam software in the American and European market claims those countries produce the most spam.