Slashdot Mirror
Russia, China World's Biggest Spammers
An anonymous reader writes "According to this ZDNet article, The Spamhaus Project has warned that organised cirminal gangs in Russia are supplying U.S.-based spammers with details of compromised PCs that can be manipulated to send junk mail. According to Spamhaus director Steve Linford, the Russian gangs aren't constrained by any anti-spam or cybercrime laws in their home country and have no respect for legislation implemented in other countries. Also, apparently 70 percent of spam is sent from China by American spam outfits who in turn have hosting arrangements with Chinese ISPs."
It's interesting how the Russian Mafia is helping American Marketers take advantage of Chinese Equipment. My question is: How involved are the actual Chinese people? Are they all victims of circumstance, or are they helping in some way?
There was just an article on how it was infected windows PCs.... and I remember everyone assuming that it was PCs here, so are we talking about Windows in China, now? How do you plan on education in that case?
The other method is to go after the advertisers who hire the spammers in the first place. Spammers are bottom-feeders, for sure, but if you cut off their customers, then you cut off their income.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
I implemented some new spam fighting techniques last night. The most effective one from logs since implementation was making HELO checks mandatory in Postfix. If the sending client doesn't submit an EHLO response, Postfix rejects the client. Since this happens before message transmission, it seems that not nearly as much bandwidth is being used (haven't verified that yet.) I'm surprised this isn't on by default in Postfix, but it sure is funny to see all these hosts rejected. None of them even resolve, there's no way that it's legitimate mail. If it is, too damn bad.
"Why do you consent to live in ignorance and fear?" - Bad Religion
Thanks. It's people like you that block my mail (I live in Hong Kong) and make me have to use devious inconvenient methods just to send a normal message.
Even if you never publish your address, people you send to may do so inadvertantly by way of forwarding. Also, we have seen an agressive amount of username probing at our mail server, people cultivating valid email addresses dictionary style. If your email name prefix is common enough, then its not too suprising you get spam.
As a solution at my workplace, we deployed dspam at the mail server about 7 weeks ago. At first I was discouraged at the results so much that I thought I had made a worthless call. Gradually I saw improvment and now it is running at about %99.7 accuracy. I get something over 200 spam a day into my account. I now see about one spam in my in box every three or four days, the rest go into my spam folder. Our other users found the system to be far better than I did, faster learning even. One user reported near pefection in about a week, he gets 10 spam a day. Except for one user (but there is one in every croud), it has nearly fixed the spam problem at our orginization.
I expect this to be a more realistic and permanent solution far beyond what legislation will ever do to inhibit spam from using my time.
I mean, other than right now.
I think you underestimate just how much I just dont care.
They already do. If you try to trace the websites in "cheap oem software offers" you will notice that they are in fact compromised machines on DSL and cable spread around the globe. The last sample I followed was in US, UK, France, China and portugal and a name server doing load balancing in the US. Registered by a russian company. This about says it all...
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
The other method is to go after the advertisers who hire the spammers in the first place. Spammers are bottom-feeders, for sure, but if you cut off their customers, then you cut off their income.
I'm doing this with one spammer's customer right now. Since they are a legitimate company in my town, I have collected evidence that the spammers they do business with are using dictionary attacks, web page harvesting, and zombies. I've explained to them that all this is illegal and if any of my 20 email domains receives another spam from their business, all the evidence is going to the FTC for prosecution via CAN-SPAM. The law is far from perfect, but at least legit companies can be punished for breaking it. They are listening and reconsidering unsolicited commercial bulk email as an advertising route.
I know, many people would say fsck it and just turn them in. I figure I'd be nice first. I've explained the consequences and I've convinced them I will follow through. If others out there live in the same city (not necessary, but it IS easier) as a legit business that is spamming, be professional and courteous, but make them wish they never spammed you.
But why is the rum gone?
How do you track which business authorised the spamming then? For example, what if Ford wanted to up it's web presence in order to sell more of it's new car aimed at geeks - it pays an advertising firm who take out banners for this car on Slashdot and setup a mailing list on the Ford website. The advertising firm outsources list management for all clients to India, the Indian outsourcing center then mails every address they have with Ford Geekmobile information rather than just sending it to the people on the Ford-optin list.
Who gets the fine there? If you say Ford since they're the ones who benefit, what's to stop them spamming adverts for other car companies and getting them fined? The ad agency didn't actually spam anybody, so they don't deserve any fine. The Indians aren't bound by US law so they don't have to pay.
I just installed an anti-spam appliance yesterday. So far, over 80% of the Spam that is blocked has come from DSL and Cable lines, presumably from compromised machines.
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson