Slashdot Mirror

← Back to Stories (view on slashdot.org)

71% of Spam Servers are Located in China

Posted by CmdrTaco on from the why-can't-that-wall-work-both-ways dept.

aspelling writes " We all know that majority of consumer electronics and other goods sold in US stores is produced in China. But China specialty extends beyond consumer electronics, clothes and automotive components. According to Commtouch Software research 71% of all spam servers are located in this People Republic. "Since Jan. 1, we've seen probably a 30% to 40% increase" in spam traffic" Commtouch CEO says. BusinessWeek reports about this issue."

20 of 410 comments (clear)

  1. Taiwan by LittleLebowskiUrbanA · · Score: 1, Informative

    We got hit by the 61. and 219. IP blocks hard from Taiwan

    --
    This guy is way out there
  2. Avoid the Noid, he ruins web experiences by ericspinder · · Score: 4, Informative
    The direct link want your e-mail address (*shudder*)
    Go to the press release (it is listed on the page) and click on the link for the white paper

    But surprise, surprise, the "best solution" is the one they sell, but it's still an interesting read.

    --
    The grass is only greener, if you don't take care of your own lawn.
    1. Re:Avoid the Noid, he ruins web experiences by Yokaze · · Score: 5, Informative

      Question: How does "71% percent of spam servers are located in China" quoted in the article correlate with the whitepaper stating "Figure 1: North America and International Spam Messages Sent Daily" depicting 2005: North America 8.5 billion, International 11 billion?

      Maybe it is in the subtle difference of spam messages sent, and servers used to send them.

      --
      "Between strong and weak, between rich and poor [...], it is freedom which oppresses and the law which sets free"
  3. blackholes by Feyr · · Score: 5, Informative

    there was a tip posted to NANOG this morning. you can use china.blackholes.us as a RBL (look at their page, they have other lists) to effectively block all mail from china's IPs

  4. Re:Use blacklists... by Bob+Zer+Fish · · Score: 5, Informative

    Just for other people's info... since I didn't know:
    Tarpitting discourages spamming without permanently blocking an offending IP address. Tarpitting works by monitoring traffic and applying sluggish responses to remote IPs showing spam-like behavior. For example, if an IP sends too many messages to users during an email session, tarpitting starts slowing MDaemon's response. If the spam-like behavior includes excessive unknown addresses during a session, the remote server can be suspended from access for a user-specified amount of time.

  5. Obligitory Spam, the food product, link.... by eltoyoboyo · · Score: 3, Informative

    Spam, the food, is made right in our very own third world city of Austin, Minnesota at the Hormel plant. (also Nebraska, Denmark, Korea and The Phillipines.) See the Spam museum.

    (Funny on slashdot how I have to qualify Spam as a food product...)

    --
    Have you Meta Moderated t
    1. Re:Obligitory Spam, the food product, link.... by eltoyoboyo · · Score: 2, Informative

      You are referring of course to "SPAM®" the registered trademark. Although, instructions for use of the mark are not on the site as you suggest.

      They are found here:

      Proper Trademark Use Guidelines.

      Please Do:

      Always put the trademark SPAM in all capital letters. Follow SPAM with "Luncheon Meat" or other descriptor. Remember, a trademark is a formal adjective and as such, should always be followed by a noun.

      --
      Have you Meta Moderated t
  6. Re:blacklist the netblocks? by y3wn1ck5 · · Score: 3, Informative

    Sure, right out of my pf.conf:

    # All China netblocks [ http://www.apnic.net/apnic-bin/ipv4-by-country.pl? country=cn }

    table <china> { 61.28.0.0/15, 61.48.0.0/13, 61.128.0.0/10, 61.232.0.0/13, 202.0.110.0/24, 202.0.160.0/20, 202.0.176.0/22, 202.4.128.0/19, 202.4.252.0/22, 202.14.88.0/24, 202.14.235.0/24, 202.14.236.0/23, 202.14.238.0/24, 202.20.120.0/24, 202.22.248.0/21, 202.38.0.0/20, 202.38.32.0/19, 202.38.64.0/18, 202.38.128.0/17, 202.90.0.0/22, 202.90.252.0/22, 202.91.0.0/22, 202.91.128.0/22, 202.92.0.0/22, 202.92.252.0/22, 202.93.0.0/22, 202.93.252.0/22, 202.94.0.0/19, 202.95.0.0/19, 202.95.252.0/22, 202.96.0.0/12, 202.112.0.0/13, 202.120.0.0/15, 202.122.0.0/19, 202.122.32.0/21, 202.122.128.0/24, 202.127.0.0/18, 202.127.128.0/17, 202.130.0.0/19, 202.130.224.0/19, 202.131.160.0/19, 202.131.192.0/19, 202.136.252.0/22, 202.192.0.0/12, 203.81.16.0/20, 203.87.224.0/19, 203.88.0.0/18, 203.89.0.0/18, 203.90.0.0/18, 203.91.0.0/18, 203.92.0.0/18, 203.93.0.0/16, 203.94.0.0/18, 203.95.0.0/18, 203.128.128.0/19, 203.184.0.0/19, 203.192.0.0/19, 203.196.0.0/18, 203.207.64.0/18, 203.207.128.0/17, 203.208.0.0/18, 203.212.0.0/18, 203.222.192.0/18, 203.223.0.0/20, 210.5.0.0/16, 210.12.0.0/15, 210.14.128.0/17, 210.15.0.0/17, 210.15.128.0/18, 210.21.0.0/16, 210.22.0.0/16, 210.25.0.0/16, 210.26.0.0/15, 210.28.0.0/14, 210.32.0.0/12, 210.51.0.0/16, 210.52.0.0/15, 210.72.0.0/14, 210.76.0.0/15, 210.78.0.0/16, 210.79.224.0/19, 210.82.0.0/15, 211.64.0.0/13, 211.80.0.0/12, 211.96.0.0/13, 211.136.0.0/13, 211.144.0.0/12, 211.160.0.0/13 }

    You would be amazed how many hits I get from this rule alone.

  7. Re:blacklist the netblocks? by benzapp · · Score: 4, Informative

    Check out this site

    --
    I don't read or respond to AC posts
  8. Its a small business by CdBee · · Score: 3, Informative

    "Since Jan. 1, we've seen probably a 30% to 40% increase" in spam traffic" Commtouch CEO say"

    This accurately mirrors what I've noted, I run the mail sweeper for a medium-sized enterprise and analyse spam to improve the quality of our filtering.
    I note a lot of the spam has similar formats (apart from the 419 scammers, but they're easy to filter out), leading me to suggest that spamming is dominated by a relatively small clique of big-time mailers

    This does at least make it easier to write rules to stop it. We don't use Bayesian filtering, a human-monitored system can be more efficient if done right.

    --
    I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
  9. Re:This may seem like an easy answer... by hopemafia · · Score: 2, Informative

    Yes, you are missing that the e-mails themselves are not coming from China. The website the e-mails point to are hosted in China.

    --
    If God had had a computer it would have taken him 7 months to create the earth...if he even bothered to do it at all.
  10. Re:Block .cn! by Grishnakh · · Score: 2, Informative

    You have to know what IP addresses are physically located in China and block those.

    Here you go:
    http://www.okean.com/asianspamblocks.html

  11. Re:This may seem like an easy answer... by asavage · · Score: 2, Informative

    Yup the spammers are still mostly americans.

  12. Re:Use blacklists... by Mysticode · · Score: 5, Informative

    That's not going to help too much. According to the article, 71% of the URLs appearing in spam messages point to websites hosted in China however 60% of spam messages are sent from the US. In fact, China (although second) is only the location of the mail servers sending about 6% of the spam messages that they analyzed. The post was not too clear on that but the source article is.

  13. Re:just say NO by taustin · · Score: 3, Informative

    www.blackholes.us has zone files to block, by country, all the major sources of spam (except the US, and there is has the major spamhaus ISPs).

    Implementing it by mailbox would be up to your ISP. The tools they need are readily available.

  14. RTFA! by koehn · · Score: 5, Informative

    Doesn't anyone read the article?

    It said that 71% of the URLs in spam go to web servers in China, not that 71% of spam comes from China!

    The vast majority of spam that hits my mail server comes from the US (comcast, rr.com, etc) machines that have been compromised.

    Tools like bigevil.cf (SpamAssassin plugin) help me to filter those spams with Chinese URLs.

  15. Re:just say NO by aelbric · · Score: 3, Informative

    You sir or ma'am, are my hero.

    "Your freedom of speech ends at my firewall" is a variation of something that I have said for years. These people who pull out the Bill of Rights to defend deplorable behavior disgust me. I don't care if they do it, just do it the hell away from me.

    --
    nos laetus epulor qui would domito nos
  16. here are proves: by dunkelfalke · · Score: 3, Informative

    http://sophos.com/spaminfo/articles/dirtydozen.htm l

    --
    Conservatism: The fear that somewhere, somehow, someone you think is your inferior is being treated as your equal.
  17. That's fine by Sycraft-fu · · Score: 3, Informative

    You are allowed to ban whomever you like. There are servers I control that are accessable from as little as one subnet (and others that are on a physically private network). That's my right.

    It also could work to help force people to get their shit straight. Many ISPs (domestic and foriegn) are just non-responsive to SPAM/hacking complaints. One proven tactic that works is the threat of mass bans. Between a proposed UPD and a ban by the members of Nanog, UUNET was convinced to become more responsive to complains of network abuse.

    The Internet does not have a police force so the community polices itself. If a group won't play by the rules, they shouldn't be supprised to find themselves excluded from a large part of it.

  18. Re:Obligitory.... by Kent+Recal · · Score: 2, Informative

    Look here.