Slashdot Mirror
Spam's U.S. Roots
ahab_2001 writes "Notwithstanding how tired my finger is getting from deleting all of those unsolicited messages from China and Korea, Information Week reports that a study of filtered messages by the spam-blocking firm CipherTrust revealed that some 86% of spam originates in the U.S. Apparently, a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam, according to this study."
Oh wait, that's not a good thing in this case.
a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam
Crush those sites. Turn them off. Then repeat the study.
We should treat spam like a disease... and perform meaningful research on it.
Davak
Great, give me a list and I'll block them on my mail server.
Posted by a Debian GNU/Linux user
What do I do find morally distrubing is that there are geeks out there making assloads of cash providing a conduit for this spam with high powered servers and keeping the senders essentially nameless.
Why doesn't spam come under the same scrutiny and attempts to shut it down as P2P?
If it is mostly as centralized as this study indicates, it should be easy.
OK, I know the answer (nobody's precious "IP" is threatened by spam), but if there are going to be attempts to regulate the Internet, it seems like this is a far more productive place to start.
A house divided against itself cannot stand.
I skimmed the article, but couldn't find the answer to the question that, I'm sure, is on most /.ers minds: what are those IPS???
I thought the spam problem has been resolved
Funny. My finger's not tired, I use SpamBayes. Sure, I miss out on great messages touting... "A great opportunity... New and spreading via the Internet in a very big way-It's FREE to join, and it promises a lot. Too good to be true?" ...but it makes it easier.
Small potatoes make the steak look bigger.
We should start sending out "fake" spam with encoded music/movies in it. RIAA and MPAA would buy some new laws to stop spam.
What happens if/when the kingpins are taken down? Will the commercial anti-spam-solution market dry up?
Who's willing to bet that companies with spam-dependant business models won't want that happening?
(/tinfoil hat)
Has anyone ever thought of comparing the originating IP of an email against a blacklist? I'm not talking about the server that sent the message to the recipeint. I'm thinking of further along the relaying chain.
tasks(723) drafts(105) languages(484) examples(29106)
What CipherTrust REALLY means is 86% of their potential clients reside in the US.
Everyone blames the chinese, but the ads are written in english, for american products, and targetted at americans. The Chinese are just a relay, and being blamed as spammers, when they should be blamed for not keeping their computers secure.
And I suppose that the sanctions on software, language barrier, and lack of skilled people have nothing to do with it?
I have been using gmail since early July and the spam filter is the best I've used so far. I get very few spam in my inbox everyday and I haven't had a false positive in so long that I don't check anymore.
The spammers will continue to spam until they are ingored to the point that there is no money in it. But, you know, I just don't see that happening.
Cheers,
Erick
http://www.busyweather.com/
According to this, notorious spammer Scott Richter has his own netblock (69.6.0.0-69.6.79.255), which until recently was connected to the internet through Taiwan based ISP Chunghwa Telecom. After they gave up on him, Germany based T-Systems took over. If you have any problems with spam from this netblock, their security team would like to hear about it. They have announced that they will terminate the contract if Richter violates it.
Great, give me a list and I'll block them on my mail server. ...give us the list and let's block the whole freakin' netblocks at the router.
You are judged by the company you keep!
I'm looking for suggestions on what to do next. In the meantime, whatever you do, do not run this command:
That's a 4MB sample of the lists the gentleman has for sale, and surely the Slashdot effect runs the risk of using up all his bandwidth. Don't do it, I beg you!Carousel is a lie!
According to the article, Asia has a significantly higher number of spamming machines. It's just that the US, with readily available high bandwidth connections (and nutbars like Alan Ralsky) spews out a disproportionate percentage of all actual spam messages.
Give us the CIDR blocks of the whole ISP that the spammer is using. Block all packets from those ISPs. Once ISPs learn that they get blocked for tolerating spam, they will try harder to prevent them.
Get your own free personal location tracker
I could have sworn I just saw a slashdot article stating that 80% of all spam came from some country like Elbonia or something. does anyone else remember that? Maybe someone with the skills to find it?
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
Just yesterday I received spam from this guy at cybersmtp.com, advertising they can send bulk emails out. Check this out, I was surprised at the number of emails they have in their database, and the relative cheapness to send out nearly 300 million emails:
No Software to Buy - Nothing to download
Lowest cost for broadcast
E-Mail is a key component in maintaining contact with your customers
Email Broadcasting
Please choose from the following:
[ ] 1,000,000 e~mail sent $400
[ ] 5,000,000 e~mail sent $1,500
[ ] 10,000,000 e~mail sent $2,000.00
[ ] 56-70,000,000 e~mail sent $2,500.00
[ ] 224-280,000,000 e~mail sent $10,000.00
We use our own directory, so you do not need to pay one dime extra.
A study by the National Weather Service just found out sky is blue, most of the time.
In Soviet Russia, I ruled you
Now we can stop all the fingerpointing at foreign nations to blame those nefarious Asians, or the socialist Europeans, or the terrorist Arabs for our spam. We can honestly stop deluding ourselves and look at the problem and say,"It really is nothing more than American business alive and well." However, I find that the analyses are always going to be flawed. If the spam passes through even one illegitimate relay along the way it's pretty safe to assume that the relay has been doctored to rewrite connections. The latest spate of spam that I've received has seemingly come from IP addresses registered to Edward's Air Force Base and the USPS. Of course, the SMTPd signatures openly acknowledge that they're "misconfigured".
Really, until a proactive approach is taken to seriously investigate the businesses whose products are being advertised then tracking spam from the mail side is an exercise in self-delusion.
+++ATHZ 99:5:80
Spamcop reports on SENDING IP addresses.
The study was reporting on who actually sent the spam.
It is widely known US based spammers use open proxies, zombies, open relays and paid foreign spammers abroad to hide their tracks.
So both studies are correct. It's just that they're reporting different things.
In Soviet Russia, I ruled you
A lot of us in the IT world owe our jobs in some way to spam: the company I work for wouldn't need a 4-person server staff if we didn't have to
Would anybody else be out of a job if it weren't for spam?
All's true that is mistrusted
Spam won't stop until SpamAssassin becomes SpammerAssassin.
---
SCO is weenies
Gator is Spyware
Microsoft is thugs
Spam is more like a nuisance crime than a disease. Diseases are natural occurrences, unpleasant yes but a biological function. Spam is a deliberate attempt to pollute a public space for private gain.
In a sense it's the fault of the original e-mail/internet designers. By creating a nearly free and unlimited communications channel for themselves, they never anticipated that the channel would be hijacked by advertisers who are claiming the internet for their own private personal gain (as a open medium through which they can sell nearly unlimited access to advertising agencies).
By hijacking it is. Spammers are stealing a public resource.
A situation like this occured about 80 years ago when radio was becoming popular as a medium. Advertisers set up stations and broadcast ads and chatter over each other's frequencies. Eventually in the early 1930's, the US Federal Communications Commission (and similar agencies in other countries) was formed and clamped down harshly on unregulated broadcasting. That solved the problem of overlapping stations but eventually led to the situation that we have today of stagnant and insipid radio.
Spamming is also like grafitti, which is a nuisance crime of a person painting a private message in a public space that is too low in value to be protected against defacing by a full-time guard. The public space gets trashed by messages considered ugly to all except the miscreant. Other countries punish this activity harshly and they don't have defaced public spaces.
Spam will continue until the techno community creates enforceable guidelines to deal with this problem, and then actually enforces them. This could be banning sending messages beyond a certain number or actually selling licenses to spammers to allowing them them to send X million e-mails per month. The only actual realistic solution to spam is to stop allowing unlimited private use of a public communications medium.
Don't rely on governments to address this problem. Spam will be solved by the open source community coming up with a definition of spam, justification of restriction, and effective cessation of spamming activities when the spammers refuse to follow published guidelines enacted by the open source community. In fact, it's likely that the spammers will use the police against the open-source community's spam-limiting activities.
In other words, spam will lighten when the open-source community uses their technology and skills to shut the spammers down, regardless of whether or not the spammers have legal authority to flood the internet with millions of unwanted messages.
http://spam.weblogsinc.com/entry/4463682046968893/
Link goes to quote, plus more links backing up this data....
"A study released this week by Commtouch reveals that about 55% of all spam originates in the United States, and that more than 73% of spam refers to websites which are hosted in China.
Ninety-nine percent of all websites mentioned in spam sample analyzed by Commtouch were hosted in China, South Korea, the United States, Russia, or Brazil"
Here is another link, with a more detailed article.
http://www.securitypipeline.com/showArticle.jhtml? articleId=22103058
TruePunk | Games
Spamhaus published ROKSO list has always shown that most top spammers are U.S.-based.
All it takes is more vigorous law enforcement. Where are the prosecutors, when we really need them?
cpghost at Cordula's Web.
Most spam I get is full of spaces in the middle of words or weird characters or insane grammar that I can't even figure out what they want me to buy. So not only do I have to read the garbled subject of the message and mark it as spam (because their crazy message evades my filters) I get to sit there confused as to what they were trying to tell me.
It's just bad marketing to leave the customer confused. Maybe I should just stop using email all together until someone has a better system.
“Common sense is not so common.” — Voltaire
We need to tag them with orange glow in the dark safety tags so people can share their love with them. Behold the Spam Hunter:
Here we see the Spammer in his native environment, lets pull his network connection and see if we can get him rialed up. Crikey, look at em dial tech support!
My modest proposal is that we have to make it legal for people and service providers to charge spammers for the traffic they create. If you can make a profit in hunting down spammers, I bet a lot of people would jump at the chance. A federal spam license requiring spammer to register, etc, pay huge taxes to the government, complete with cute little orange tag for the ear. So we know where they live, and allowing people to charge them for the hassle. did I mention that yet? People would get rich off this, hunting down illegal spammers, collecting fees for ISPs, etc. And
"It is a greater offense to steal men's labor, than their clothes"
Over the years I have received more and more spam, and yet paid less and less for my internet connection (adjusted - barely!- for bandwidth).
Over the years, how much have computer costs, adjusted for performance and storage, dropped? The question isn't whether your absolute costs have dropped, it's how much they could have dropped were it not for spam.
Absolutely: spam costs ISPs big bucks. Absolutely: ISPs pass on these costs to their customers. But we're probably talking about cents per month per customer.
According to ISPs, the average cost, per month per customer, is between $2 and $3. That's $24 to $36/year, a significant sum. Businesses spend huge amount dealing with the spam problem. Take a look at NetworkFusionWorld's Spam Calculator" to see just how expensive spam is to businesses.
When you go to Best Buy, a percentage of what you pay for your purchase is to offset the cost of dealing with spam in the corporate offices. When you pay your taxes, a significant sum is paying government workers to deal with spam. When you order from Amazon.com, some of the money you spend there is to cover their costs for spam. I would not be at all surprised to see the total cost of spam per person averaging over $100/year.
BTW: bandwidth, servers, disks - none of these actually cost much money. The extra sysadmin or two to manage all of that... that's what costs money.
In general, I agree with that, but enterprise-class machines with RAID, tape backup, etc. is not the same as home PCs. The cost may be outweighed by the cost of system administrators, but it's still significant -- especially if it means that your connection is slower because their capital equipment budget on another mail server instead of additional broadband routers.
Rule #0: Spam is theft.
Rule #1: Spammers lie.
Rule #2: If a spammer seems to be telling the truth, see Rule #1.
Rule #3: Spammers are stupid.
YOUR freedom of speech ends, where MY freedom not to listen begins.