Spam's U.S. Roots

ahab_2001 writes "Notwithstanding how tired my finger is getting from deleting all of those unsolicited messages from China and Korea, Information Week reports that a study of filtered messages by the spam-blocking firm CipherTrust revealed that some 86% of spam originates in the U.S. Apparently, a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam, according to this study."

Me... Trolling?

[The-Bus]

Funny. My finger's not tired, I use SpamBayes. Sure, I miss out on great messages touting... "A great opportunity... New and spreading via the Internet in a very big way-It's FREE to join, and it promises a lot. Too good to be true?" ...but it makes it easier.

T-Systems connects Scott Richter's net

According to this, notorious spammer Scott Richter has his own netblock (69.6.0.0-69.6.79.255), which until recently was connected to the internet through Taiwan based ISP Chunghwa Telecom. After they gave up on him, Germany based T-Systems took over. If you have any problems with spam from this netblock, their security team would like to hear about it. They have announced that they will terminate the contract if Richter violates it.

I need your help

[Saint+Aardvark]

Weirdly enough, I just wrote about something like this in my journal. In a nutshell, I've been contacted by a list seller asking if the files on my site mean I know how to get in touch with The Bulk Club (you remember The Bulk Club, right?)

I'm looking for suggestions on what to do next. In the meantime, whatever you do, do not run this command:

while [ true ] ; do wget http://www.emailsupply.net/sample.txt -O /dev/null ; done

That's a 4MB sample of the lists the gentleman has for sale, and surely the Slashdot effect runs the risk of using up all his bandwidth. Don't do it, I beg you!

Amount is only message-wise.

[Tar-Palantir]

According to the article, Asia has a significantly higher number of spamming machines. It's just that the US, with readily available high bandwidth connections (and nutbars like Alan Ralsky) spews out a disproportionate percentage of all actual spam messages.

Re:Crush

[geminidomino]

AOL v. Cyberpromotions established that servers are private property.

Rowan v. U.S. Post Office Dept., 397 U.S. 728 established that forcing advertising upon unwilling recipients is NOT protected speech.

Spammers can *invoke* the first amendment all they like. (HINT: They also claim they are legitimate, ethical buisnesses). Rule #1: Spammers lie.

Re:not

[gorbachev]

Spamcop reports on SENDING IP addresses.

The study was reporting on who actually sent the spam.

It is widely known US based spammers use open proxies, zombies, open relays and paid foreign spammers abroad to hide their tracks.

So both studies are correct. It's just that they're reporting different things.

us top spammer, china top hoster?

[blanks]

http://spam.weblogsinc.com/entry/4463682046968893/ Link goes to quote, plus more links backing up this data.... "A study released this week by Commtouch reveals that about 55% of all spam originates in the United States, and that more than 73% of spam refers to websites which are hosted in China. Ninety-nine percent of all websites mentioned in spam sample analyzed by Commtouch were hosted in China, South Korea, the United States, Russia, or Brazil" Here is another link, with a more detailed article. http://www.securitypipeline.com/showArticle.jhtml? articleId=22103058

Re:Crush

[GreyPoopon]

We should add the entire American IP address range to the great blacklist and move along! :)

I know your comment was meant to be funny, but that's EXACTLY what I think other countries should do. They should contact the US government and tell them they have 30 days to fix the spam problem before a nationwide block goes into place. I predict the end to most of the spam within 5 to 10 days. I'm an American, BTW, and I don't think my country should be treated with any more consideration than some of the Asian countries we've advocated taking this approach with.

Re:Limited set of IP's?

[tokennrg]

Spamhaus will certainly help you out with a list of IP's to block. They'll also tell you what country spams the most and what ISP a majority of the spam comes from, just check the stats at the bottom of the homepage. Spamhaus is also one of the few DNS Blacklists around that you can actually work with.

Normally they list IP addresses that spam comes from , unlike some lists like the five-ten group that lists all but 1 IP address (127.0.0.1). Spamhaus will also remove IP's that no longer spew spam and so legitimate businesses don't get blocked erroneously.

Spamhaus also has a nifty thing called The ROKSO List which lists know repeat offenders and spam gangs so ISP's can keep from signing them up for service in the first place.

Re:Crush

[The+Ultimate+Fartkno]

> What the hell are you linking us to?

It's a "Lad Vampire" site. Some anonymous person coded the first one and used it to attack fake banks created online by 419 scammers and escrow cheats. "Artists Against 419" are still running one and organize flashmobs every once in a while to get hundreds of people using them all at once. The page links to just the images on spamvertised websites and reloads them over and over without caching, which sends the hosting costs of the server through the roof. Before long the site gets shut down for good and the spammer owes for some serious bandwidth costs. In cases where the sites are being served by zombied cable boxes then the ISP at least gets alerted to the problem and closes the user 'til their box is disinfected. The speed option allows you to change the reload speed depending on your bandwith. (Admins with access to fat pipes always get a grin out of opening it up all the way.)

> Thanks for wasting my time, I guess.

No problem. You seem like someone who doesn't feel complete without something to be angry about.