Slashdot Mirror


U.S. is World Leader in Spam

adept256 writes "Sophos outs 'dirty dozen' spam producing countries. And the USA is in the lead by a country mile. 'The United States is far and away the worst offender, accounting for nearly 60 percent of the world's spam. Even though European countries are responsible for less spam, they are still generating millions of junk emails a day,' said Graham Cluley, senior technology consultant at Sophos."

18 of 398 comments (clear)

  1. While they're at it... by Hayzeus · · Score: 5, Insightful
    ...maybe Sophos could also get around to changing their default "notify recipient" setting on their email virus scanner.

    That way, Sophos themselves might produce a little less spam...

  2. Its no supprise. by psycht · · Score: 5, Insightful

    So many broadband & other high-speed connections left wide open that can relay data.

    1. Re:Its no supprise. by hendridm · · Score: 5, Insightful

      Or perhaps it's all the aspiring entrepreneurs who are trying to make a quick buck with no regard for ethics or other people.

      I was born and raised in the U.S., but some of the scams I see just sicken me and the lengths people will go to to make a quick buck. Some people will even take advantage of their friends and family! Who needs enemies when your own brother or sister is trying to guilt you into their latest multi-level marketing endeavor.

  3. When was this sample taken? by nebaz · · Score: 5, Insightful

    I wonder if the recently passes Federal Anti-Spam legislation has had any effect on these numbers. Obviously not a big enough one, since according to these figures, so much spam still comes from the U.S. If these numbers can be tabulated, can they not also report the offenders to the police?

    I also wonder if there is any way to bring the issue of unprotected computers to the public. Perhaps negligence penalties of some sort? I don't want to punish the wrong people, but it would be a lot harder to hack into all of these systems if they were administered properly.

    --
    Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
  4. How about normalizing that data? by Mr.+Underbridge · · Score: 5, Insightful
    Yes, so the US generates 60% of the world's spam. However, what fraction of the world's total email traffic does the US generate? I bet it's near 60%.

    Without having some idea of what fraction of a country's email traffic is spam, these numbers just tell you which countries have a bigger internet presence, and absolutely nothing more.

  5. Re:So much for the AXIS OF EVIL... by mwood · · Score: 5, Insightful

    Nah, it's just because we have so many more computers for the bad guys to zombify. (Or, more or less equivalently, we have so many more clueless computer owners.)

  6. The report isn't really valid by Moryath · · Score: 5, Insightful

    For example, a Nigerian email sent from a hotmail/yahoo account (they almost all are) would seemingly, by this standard, come from the US.

    And then there's the thing they themselves point out; their methods of determining origin only go so far, hijacked machines / email routers configured to "wash" the headers of relayed stuff also go a long way to making the numbers invalid.

    I still say the ultimate revenge is to paper-spam the big spammers. Sign them up for hundreds of thousands of magazines and all the rest.

    The coup de grace would be then to package and mail a spammer the contents of my cats' litterbox the day after feeding them beef 'n' bean leftovers.

    1. Re:The report isn't really valid by dipipanone · · Score: 4, Insightful

      For example, a Nigerian email sent from a hotmail/yahoo account (they almost all are) would seemingly, by this standard, come from the US.

      And how do you suppose is this *not* spam of US origin?

      While the author of the email might not be American, the domain and the sysadmin certainly are.

      If someone is using Hotmail or Yahoo to whap out zillions of spams, I see that of evidence of an incompetent systems administration in exactly the same way that I'd see someone failing to secure their mail relays in China, and as such, I'd expect that domain to be held accountable for it.

  7. So... by Universal+Nerd · · Score: 4, Insightful

    Since so many USian companies block all email from the brazilian IPs should I now block all email from USian IPs?

    This isn't a troll (despite sounding like one).

    I'm very upset that my mail server, a very well maintained with a plethora of spam and virus filters, is blocked by asshat american sysadmins "just because we're spammers".

    --
    Ash nazg durbatuluk, ash nazg gimbatul Ash nazg thrakatuluk agh burzum-ishi krimpatul
  8. Re:Who Is Surprised By This? by akadruid · · Score: 4, Insightful

    ...We're the richest, most powerful, most prosperous country in the history of mankind...Leading in spam is a small price to pay...

    Dream on sunshine. Ever heard of the Roman Empire? Greeks? British? Germans? Even the French were more powerful in their day. You have some of North America, a little in the Middle East, and not a lot more. The greatest spammer in the history of mankind is not really an accolade to stand in the history books. In time, people will look back and say 'So they were number 1 in a well contended field for a short time... so what?'. You got a way to go yet sunshine. Don't think that one half-assed victory in the middle will make the emperors of old start saying 'Fuck me, wish we'd had that 'e-mail spam' thing to go along with our might legions'.

    Damn I just realised I got trolled properly there.

    --
    "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
  9. An idea for curbing spam? by wiggys · · Score: 4, Insightful

    Obviously the "war on spam" needs to be fought on legally as well as technologically (and thanks to the fucked-up CAN-SPAM act some spammers are being given the green-light to annoy the hell out of us legally).

    Assuming we ever have laws in place which state that genuine opt-in lists are the only valid way to advertise products then we still cannot sue the spammers who send junk to harvested addresses because of the problems involved with tracing them.

    Tracing spammers is difficult/sometimes impossible because any computer on the internet can runs its own SMTP server to send mail to anywhere on the net. 10 years ago when the net was more innocent and less commercially corrup, this was fine, but nowadays this is just too powerful.

    The problem is, if some clueless person (which probably accounts for 80% of net users) has their machine compromised by a virus or trojan than their computers are used to send out the spam, and as there are no log files the spammers are virutally impossible to trace.

    Now imagine if the only way to send spam was via an approved mail server. For most of us this will be our ISPs, for the rest we will simply subscribe to one of the many official trusted ones.

    Now the problem of reporting spam is a lot easier - complaints will be dealt with by the trusted mail servers who keep detailed logs of which customers have logged in to send mail, what IP address they used and at what time.

    It doesn't matter if the customer deliberately sent out the spam or if they had been compromised by a trojan - the trusted mail servers can deny their customers the right to send more email until they have had an assurance from their customers that the problem has been fixed.

    I'm not saying this is going to end spam altogether, but it should go a long way to curbing it.

    What about all the spam which originates from, say, Nigeria or Amsterdam? Simple - unless the trusted mail server takes active steps to eradicating the spam they will no longer be trusted.

    --

    Sorry, but my karma just ran over your dogma.

  10. Re:Much from compromised computers by gowen · · Score: 5, Insightful
    high position of Canada
    Well, taking my twenty-odd thousand spams as a sample, a lot of Canadian spams come from compromised machines at shawcable / shaw.caclient*.comcast.net and attbi.com, the abuse departments are too lazy^H^H^H^Hoverwhelmed to do anything about them (even easy solutions, such blocking port 25 and insisting mail is relayed through their own SMTP servers, which would kill this spam stone dead at a stroke).
    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  11. Wrong by Mr.+Underbridge · · Score: 5, Insightful
    B.S. it isn't a case of "one spam for every x legitimate emails" the number of spam emails and legitimate emails are completely unrelated.

    Read the response by the second guy to respond to me. Both legitimate and illegitimate email are going to track with the number of total servers (scaled by how many are unprotected) and number of internet-connected citizens (scaled by how many are internet-connected) among other variables he mentioned.

    I mean, actually think about what you're saying. You would congratulate Antarctica for generating 0 spam. If you want to look at this without considering "ham" emails, look at the spam difference - (spam sent = spam received). I would argue that even this difference should be fractioned by how many total emails are sent received which really is a decent measure of internet presence, but even without it, you at least separate net spam "donors" from "recipients"

    Honestly, if you don't normalize variables in comparing large sample sets with small, you absolutely cannot compare raw numbers. I could recommend statistical reference texts if you like.

  12. A NEW UNCOVER SECRETS ABOUT ANYONES!! teheknfd by Westech · · Score: 5, Insightful

    Nah, it's just because we have so many more computers for the bad guys to zombify.

    I agree. Just looking at the horribly butchered English that is in 95% of the spam that I get tells me that it not written by someone who's first language is English.

  13. Population Adjusted Values: by mumblestheclown · · Score: 4, Insightful
    The third column is the one of interest (the second is population, in millions, the third is a sort of spam per person score, where lower a lower score is worse). Long story short, Canada is worse per person than the USA, and netherlands and sourth korea have nothing to be proud of, either, as their governments are doing statistically about an equivalently poor job of keeping the problem in check.

    That said, hopefully this study (not my little humor below, the sophos study) begin to, ever so slightly, shut up those people who claim that spam laws are useless because they will just drive spammers from one locale to the next. while this is true at the margins, the fact is that spam, like all business, is foremost local.

    1. United States 56.74% 280 493
    2. Canada 6.80% 30 441
    3. China (& Hong Kong) 6.24% 12400 198718
    4. South Korea 5.77% 48 832
    5. Netherlands 2.13% 16 751
    6. Brazil 2.00% 166 8300
    7. Germany 1.83% 82 4481
    8. France 1.50% 60 4000
    9. United Kingdom 1.31% 59 4504
    10. Australia 1.21% 19 1570
    11. Mexico 1.19% 95 7983
    12. Spain 1.05% 41 3905
  14. Re:So much for the AXIS OF EVIL... by tolan-b · · Score: 5, Insightful

    "What's your point? One's a continent and one's a country dumbass. I bet Asia has more people online than the USA too."

    RTFC, 60% of spam comes from the US, but there are more computers outside the US than inside, that means that the claim that the US is only so high because it has so many computers is provably wrong.

  15. Does anyone know what metric? by Asprin · · Score: 4, Insightful


    Does anyone know what metric was used to determine these rankings? Was it "country where the first SMTP transfer originated"? Was it "office address of the dude typing in the text of the spam"?

    I hate it when dudes publish 'findings' and don't explain how they got them. So much for the scientific method and reproducibility -- they could have made the whole thing up!

    [**NOTE** I am not saying they did make the numbers up, but as a matter of journalistic and scientific integrity, when you publish the results and don't publish the method used to determine those results, your cannot be evaluated as anything other than opinion. We're after facts, here, people, not truth. /RANT]

    --
    "Lawyers are for sucks."
    - Doug McKenzie
  16. ISPs, please block egress port 25! by RT+Alec · · Score: 5, Insightful

    I think it is time that ISPs block, by default, all outbound port 25 traffic. Customers can either:

    • Use the ISPs mail server (this accomodates 90% right away)
    • Use a VPN or SMTP+AUTH(+SSL) on an alternate port to connect to their SMTP server of choice (this accomodates another 9%)
    • For the remaining few that just have to run their own SMTP server, let them have a static IP and open up the ports
    Of course, some consumer ISPs won't be willing to deal with the headaches of option #3, or perhaps might charge a bit more for it, which is entirely fair. Businesses need to block all egress port 25 period, there is rarely a legitamate need for an employee to run their own SMTP server (unless they work in the IT department, but then they can probably open the port up themselves).