U.S. is World Leader in Spam

adept256 writes "Sophos outs 'dirty dozen' spam producing countries. And the USA is in the lead by a country mile. 'The United States is far and away the worst offender, accounting for nearly 60 percent of the world's spam. Even though European countries are responsible for less spam, they are still generating millions of junk emails a day,' said Graham Cluley, senior technology consultant at Sophos."

Connection....

[Piethon]

I wonder if this proves a connection between industrial pollution and virtual pollution?

Why am I not surprised

[lavalyn]

Spamming computers may appear to be foreign, but in the end, it's nearly always an American source. Or from the Netherlands for some reason in those stupid 419s.

If you're not blacklisting from Spamhaus's SBL+XBL of spam outfits & open relays, and dialup pools, those ones are natural things to start blocking on connect.

Re:Why am I not surprised

[anticypher]

The 419 scams were cracked down on in the Netherlands recently, sending the scammers mostly to Madrid and Barcelona. Its a whole community, the majority are no longer Nigerians, but a mix of eastern europeans and west africans. The africans work the front end of the scams, pulling in leads. The eastern europeans work the back end, setting up banking accounts, credit card processing scams, laundering the money and the like.

There are a bunch of network operators tracking the technical guys, who buy up space in Colo's to house their scam sites and ADSL connections for the apartments where the scammers operate from. Mostly they use hijacked machines spread all around the internet for their relay points and temporary (30-90 minutes) websites, but those tend to be controlled from a few central servers. These are scary people to deal with, the Albanians have a nasty reputation of just killing anyone who might cross them. We were warned repeatedly by the police to not confront them, but take notes and let the police deal with it. There are dozens of unsolved murders blamed on the Albanians, including some from the 419 scam gangs.

In the Benelux area, we're glad the police finally did their job, even though the investigation took more than a year. Now its the poor Spanish police's turn, and the scammers know they don't have an effective high-tech group. So expect the 419 scams to continue to grow.

Still, Clueleyless is right about most spam coming from US sources, despite their using hijacked machines all around the world. I haven't seen a spam recently that didn't have a US oriented payment method, US phone number, US mailing address. Its American spammers targeting American victims, and American law enforcement is afraid to do anything about it. I can't remember the last time, if ever, I saw a French, Spanish, Portuguese, or Dutch language spam. Or one in Euros.

the AC

Re:Why am I not surprised

If anyone has another suggestion to make life difficult for them I'd like to hear it!

You might want to check out 419 Eater - the people there LOVE to make scammers' lives a misery.

(Yes, I just posted this 2 minutes ago, but being the moron I am I forgot to actually give you a link).

Need legal backing

I'm all for the initiatives been taken by Yahoo etc to try and put a stop to spam by making sure the email protocols are up to scratch.

This needs doing anyway... ...but the REAL answer is to arrst the ******** who are sending this stuff and throw them in jail !

I don't understand why this is SO difficult !!!!

Much from compromised computers

[AlecC]

Reading the article, a more interesting point is that at least 30% - which probably accounts for a large slice of the US end European contribution - is from compromised machines. They believe most of those are directed from Russia.

Aside from the absence of Russia, the only thing I find surprising about the list is the high position of Canada - second, 6.8%. Given Canad's relatively small population, that must make them the leader in spam-per-capita - an unpleasant distinction.

Re:Much from compromised computers

[rm007]

the only thing I find surprising about the list is the high position of Canada - second, 6.8%. Given Canad's relatively small population, that must make them the leader in spam-per-capita - an unpleasant distinction

Not so surprising, the figure is not really out of whack. While the population is a little more than one tenth - 32 million vs 292 million - higher internet usage levels, especially broadband penetration probably accounts for some of why the Canadian figure is not closer to the 5.7 - 5.9% that you might expect. As other posters have noted, normalizing the data would have helped make more sense of the of the numbers that they present. At any rate, it is safe to assume that too many Canadians and Americans do not secure their computers properly if compromised machines account for so much of the spam.

Re:Much from compromised computers

[RetroGeek]

the abuse departments are too lazy^H^H^H^Hoverwhelmed to do anything about them

I sent them a log of IPs pinging my firewall, trying to connect using NetBUI, trying to pop-up net msgs, etc. I stated somewhere in the msg that my firewall was constantly writing ot the log from all the hits. A LOT of the IPs were from within the Shaw set of IP addresses.

The response?

"this is a common problem, turn off the logging in your firewall".

Turn off my logging? How does that stop the hits?

Re:Much from compromised computers

[anthonyrcalgary]

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work.

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Its no surprise.

[SpaceLifeForm]

Don't forget the main force behind spam, Microsoft.

It's those MS machines on broadband that are hacked into spamming zombies.

Poor research...

[Genjurosan]

The article indicates that the 'researchers' spent two days collecting information.

Only two days of research is a lame attempt at a research project.

For all we know, those responsible could alternate source every other week, thus invalidating this 'insightful' conclusion.

Also, the article fails to mention how they are so positive of the origin. Who knows how many open relays the spammers use.

I'd believe an article that indicates that the US has more open relays than any other country, as I would venture a guess that it's relative to total number of computers wired to the net.

my 2c

Re:Poor research...

[puhuri]

Of course, because there is large number of computers (and poor anti-spam laws), the US will have large number of poorly maintained computers.

I just made some research about spams I have received this month, and according to it, the top ISP list looks like following:

• AT&T WorldNet Services
• SBC Internet Services - Southwest
• Comcast Cable Communications, Inc.
• CHINANET-BACKBONE
• Cable & Wireless USA
• Korea Internet Exchange
• AOL Transit Data Network

(Based on AS numbers, names from whois db). One thing I noticed was that there were no significant difference in time of day when spam messages arrived, flow is steady throughout day and week.

Quite interesting, however, is the fact that I get most of virus emails from Europe (Italy and France).

Question

[fetus]

Does this include American "Businesses" that use overseas computers for spamming?

Re:How about normalizing that data?

[pvt_medic]

Excelent point but I think that that data could also be expanded even more. Think about having stats on some of the following items.

Number of computers on internet
NUmber of computers with high speed internet
Number of computers with upto date antivirus and patches
you get the picture

with a little more indepth research i think you have an excelent analysis of the spam epidemic and maybe be even able to more effectively battle it if we had the right statistics.

Re:How about normalizing that data?

[g0qi]

For too long, US Sys & Law Administrators have taken cover saying that the source of spam is almost always foreign and there's nothing they can do about it. This article is the wake up call. It doesn't matter what email traffic the US generates, but it just proves that much of the spam is from within.

canada's population

[Reinout]

Canada's population is 31.6 million (2003).

I looked at it as I wondered whether the Netherlands (16 million) would win in the spam/capita contest. Nah, canada wins. 3x the spam, 2x the population.

Reinout

Re:No.1 sender and hardest to block

[Troed]

.us ... you might want to think twice about why US companies aren't using it - and about whether companies all over the world are evil when they (also) want to use .com

Re:How about normalizing that data?

[Mr.+Underbridge]

For too long, US Sys & Law Administrators have taken cover saying that the source of spam is almost always foreign and there's nothing they can do about it. This article is the wake up call. It doesn't matter what email traffic the US generates, but it just proves that much of the spam is from within.

That's an interesting take, and if true it's the only take-home lesson - that over half of US spam is generated from within.

However, to look at this from yet another angle, who's "responsible" for spam - the sender or the asshat who left his server open? And which are they tracking? (I'm presuming servers).

I'd like to see a split of legal and illegal spam, ie cases where a server was or wasn't hijacked. I'd also like to see spam as a total fraction of a nation's mail - sent and/or received.

The US is the world leader...

[Trolling4Dollars]

...in a lot of crappy things.

Unfortunately, I can't afford to leave this damned country. If I could... I would. But, I have a duty to others of my kind who also feel trapped here. That duty is to try an get people who are on the fence to see the light and join our side in changing the direction that things have gone in. Trust me people, I'm willing to fight to get my country back if need be.

Re:So much for the AXIS OF EVIL...

[MCZapf]

We probably also have more "entrepreneurs" (spammers and their customers) who are trying to get rich quick. That is, after all, the American Dream.

More statistics I'd like to see

[petard]

This is a good statistic, as far as it goes. What I'd really like to see summarized is the breakdown of non-spam email on a global basis as well as a S:N ratio for each country.

For example, on a typical mail day lately, I seem to be getting around 100 messages in one of my mailboxes, not counting Windows worms and related crap. Here's my breakdown, based only on .tld, counting non country code TLDs as US-ian: About 60 are legitimate, business-related emails, and 40 are spam. Of the spam, 20 seem to come from the US or Canada, 8 from Europe, 2 from South America, and 10 from Asia. I also have about 40 valid messages from the US or Canada, 15 valid messages from Europe, and 5 from South America. So my S:N on messages from North America and Europe remains high, it's lower from South America, and 0 from Asia.

I'd be curious to see these numbers for a more global sampling of email. It seems unlikely that anyone would be in a position to provide them, though.

Re:An idea for curbing spam?

[Professr3]

This is a very interesting idea... Still, how do you propose to deal with the privacy issues? Having a limited number of trusted servers makes it a lot easier for communications to be monitored.

Re:Who Is Surprised By This?

[go3]

I'd probably base the "power" and "greatness" of a nation on more than just the land the occupied, but thats just me.

Statistics, my dear Watson.

[ClayJar]

The spam issue is such a large scale issue that the rules governing statistics should hold quite nicely (when you've got a sample size in the millions...).

The probability of a statistically significant number of spammers just happening to have said, "Let's use all our *US* zombies!" this particular day and then deciding the day after the study, "You know what, let's all go back to our Salmnonian zombies!" is so preposterous as to be humorous. It would be like having a majority of US voters wake up and decide for two days to vote for the Green Party candidate, then all of them switch back right after the primary. (If it were a small sample size, this could happen, but for a large sample size, it is *far* less likely.)

Spam per capita - the numbers favor Canada

[jrifkin]

If you normalize by population Sophos's reported national spam percentages things look pretty different. The scores are no longer so lopsided, and the winner is ... Canada?

COUNTRY.....PERC...........POP....PERC./POP.
Canada.......6.80......32207113...2.1113e-07
US..........56.74.....290342554...1.9542e-07
Netherlands..2.13......16150511...1.3188e-07
South_Korea..5.77......48289037...1.1949e-07
Australia....1.21......19731984...6.1322e-08
Spain........1.05......40217413...2.6108e-08
France.......1.50......60180529...2.4925e-08
Germany......1.83......82398326...2.2209e-08
UK...........1.31......60094648...2.1799e-08
Mexico.......1.19.....104907991...1.1343e-08
Brazil.......2.00.....182032604...1.0987e-08
China........6.24....1286975468...4.8486e-09

Re:Spam per capita - the numbers favor Canada

[gordguide]

An alternate title for the Sophos story might have been:
One-Third of all Spam due to Windows Security Failures

Just a guess, but Canada's broadband penetration rate (2nd worldwide) and the usual number of Windows users found anywhere translates to their high ranking, in my humble opinion, due to trojan-related control of these unprotected boxen.

From the article:
" ... Our intelligence suggests that a large amount of spam originates in Russia, even though it appears at only number 28 in the chart. Hackers appear to be breaking into computers in other countries and sending out spam via 'infected' PCs," continued Cluley. "Some Trojan horses and worms allow spammers to take over third-party computers belonging to innocent parties, and use them for sending spam. More than 30 percent of the world's spam is sent from these compromised computers, underlining the need for a co-ordinated approach to spam and viruses."

Re:While they're at it...

Given that the article ends with a link to Sophos' PureMessage product, you could be forgiven for smelling spam all over this thread!

Graham Cluely is an excellent shaman of the press and always seems to get Sophos' name into the hardcopy press - in the UK at least. He did the same for Dr Solomon before McAfee swallowed them up...

Re:Who Is Surprised By This?

[Pave+Low]

Your reply only demonstrated how the US isn't an Empire, where it's so fashionable to claim it is here.

You didn't refute any of part of my statement you quoted. We ARE the richest, most powerful, and most prosperous. There's really no debate there.

Re:No.1 sender and hardest to block

The vast majority comes from client*.comcast.net and rr.com and attbi,com (all broadband providers with little interest in informing users that their machines are now zombies).

Comcast are the worst offenders.
Here are some IPs to block:

24.1[0-9].*.*
24.2[01].*.*
24.[0-9].*.*
67.16 [0-9].*.*
67.17[0-4].*.*
68.3[2-9].*.*
68.[45][ 0-9].*.*
68.6[0-3].*.*
68.8[0-7].*.*
69.13[6-9] .*.*
69.140.*.*

Re:So...

[Don'tTreadOnMe]

It is a shame, I admit, but I didn't just block Brazilian e-mail, I blocked access from large chunks of Brazilian IP space from any access.

Every few weeks I'd open it back up and see what happened. Sure enough, very large numbers of port scans and attempts to see if my servers had been Zombified. E-mails with firewall logs sent to the abuse addresses for those IPs did nothing, so back into the block list they went.

I have to admit, I was fascinated by the question: Why is this particular ISP in Brazil such a haven for these types of attacks? I never found an answer to that, though. But it was bizarre to me that our network was scanned more times by Brazil than everywhere else combined.

Re:So...

[Rob+Riggs]

I have my own home network, and I do block email from a number of regions based on IP blocks, including Brazil. I never do this lightly. I only do it after sending spam complaints and having those complaints ignored. None of the ISPs in Brazil (along with China and South Korea) to whom I sent spam complaints ever responded to emails. Brazilian ISPs are very permissive about spam, and you are paying the price. I am sorry.

I will give you a counter-example. I do not block IP blocks from Argentina because I always received prompt replies from the Argentinian ISPs. And I don't receive spam from Argentina any more. The ISPs in Argentina, as a rule, do not permit spam to originate on their networks. The whole country benefits because of this policy. (Well, if you call being able to sent me email a benefit. ;-)

Blocking IPs is not something I did on a whim. But it was and is highly effective in blocking a great deal of all spam delivery attempts. I recently upgraded my email server and my relay rules were not applied -- I didn't really appreciate how well those rules were working until that point. It took me less than a day to realize that something was seriously wrong.

Sorry, but those rules stay until I am convinced they are no longer needed.

Re:So much for the AXIS OF EVIL...

Nah, it's just because we have so many more computers for the bad guys to zombify. (Or, more or less equivalently, we have so many more clueless computer owners.)

No, you have more clueless "businessmen" and criminal scam artists, paying criminal spammers to use hijacked machines from all over the world to send out spam with american english spelling, for products sold to americans, priced in US dollars. And while they're at it, they spew their shit out to the rest of the world, even advertising products useless outside the US (US cable descramblers, mortgages, discount phone plans). Here in the UK my spam mailbox is filling with more than 80% of the spam being for some useless american crap, about 5% for useless european crap, 419ers, idiot MMFers (usually american) and bestiality porn ads etc. making up the remainder.

Re:ISPs, please block egress port 25!

[metamatic]

Yeah, let's block outgoing SMTP at the same time as people are starting to introduce SPF (Sender Permitted From) to stop people from using their forwarding address when sending via their ISP's SMTP server.

That's the best idea I've heard since Michael Jackson and R Kelly discussed opening a daycare center.

Re:So much for the AXIS OF EVIL...

[tepples]

That's why worms and spammer trojans often include their own SMTP server implementations.

Why can't the government do something about spam?

[chicken_m]

We keep hearing a lot about spam and most people know exactly how the things are propagated. There was a story of that Connecticut spammer who got something like 45000 mails (snailmail)per day after his home address was published on the net. Why doesn't the fed wake up and close the loopholes? 70% of emails are junk and that's a big loss to the nation's economy..