Spam's U.S. Roots

ahab_2001 writes "Notwithstanding how tired my finger is getting from deleting all of those unsolicited messages from China and Korea, Information Week reports that a study of filtered messages by the spam-blocking firm CipherTrust revealed that some 86% of spam originates in the U.S. Apparently, a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam, according to this study."

Yeah! We're #1! We're #1!

Oh wait, that's not a good thing in this case.

Crush

[Davak]

a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam

Crush those sites. Turn them off. Then repeat the study.

We should treat spam like a disease... and perform meaningful research on it.

Davak

Re:Crush

[wwest4]

> Crush those sites. Turn them off. Then repeat the study.

...this will be the sixth time we have destroyed them, and we have become exceedingly efficient at it.

Re:Crush

[halowolf]

Well its obvious what the rest of the world should do! We should add the entire American IP address range to the great blacklist and move along! :)

Its not like other countries havn't been blockaded...

Re:Crush

[mattjb0010]

Meaningful infectious disease research needs to take into account people who do transmit the disease a lot. Besides which, most of the spam coming from China and Korea does originate in the US -- either relayed through trojan boxes or properly owned boxes, but definitely advertising US "products" in US English. Looking at the last known good header IP address doesn't tell you a lot about the true origin these days.

Re:Crush

[geminidomino]

AOL v. Cyberpromotions established that servers are private property.

Rowan v. U.S. Post Office Dept., 397 U.S. 728 established that forcing advertising upon unwilling recipients is NOT protected speech.

Spammers can *invoke* the first amendment all they like. (HINT: They also claim they are legitimate, ethical buisnesses). Rule #1: Spammers lie.

Re:Crush

[The+Ultimate+Fartkno]

Crush those sites? A sound idea. Start here. It's a Spam Vampire site set up by one of the more vicious anti-spammers I've ever seen in action. Non-caching, image-reaping, website-burning, bandwith-sucking action, all with a scorecard and a throttle. Now if we can just get this modded up so that a few thousand people are all playing at the same time...

Re:Crush

[GreyPoopon]

We should add the entire American IP address range to the great blacklist and move along! :)

I know your comment was meant to be funny, but that's EXACTLY what I think other countries should do. They should contact the US government and tell them they have 30 days to fix the spam problem before a nationwide block goes into place. I predict the end to most of the spam within 5 to 10 days. I'm an American, BTW, and I don't think my country should be treated with any more consideration than some of the Asian countries we've advocated taking this approach with.

Re:Crush

[GreyPoopon]

But the rest of the world's economy would take a severe hit if they were cut of from America even in limited fashion like email.

Yes, most likely, but since the impact to the American economy would be similar, it's unlikely that the US would let that happen. Somebody ought to do a comparison analysis between the impact of loss of connectivity and the impact that fighting spam has right now. A few days of lost connectivity may very well be worth the cost savings to companies that have to spend money on dealing with spam.

Re:Crush

[Jesus_666]

It doesn't work under Firefox, either. I completely forgot to mention that. If it weren't for that site I'd never use IE at all...

Now you can use IE to hurt spammers... Oh, the irony!

Re:Crush

[The+Ultimate+Fartkno]

> What the hell are you linking us to?

It's a "Lad Vampire" site. Some anonymous person coded the first one and used it to attack fake banks created online by 419 scammers and escrow cheats. "Artists Against 419" are still running one and organize flashmobs every once in a while to get hundreds of people using them all at once. The page links to just the images on spamvertised websites and reloads them over and over without caching, which sends the hosting costs of the server through the roof. Before long the site gets shut down for good and the spammer owes for some serious bandwidth costs. In cases where the sites are being served by zombied cable boxes then the ISP at least gets alerted to the problem and closes the user 'til their box is disinfected. The speed option allows you to change the reload speed depending on your bandwith. (Admins with access to fat pipes always get a grin out of opening it up all the way.)

> Thanks for wasting my time, I guess.

No problem. You seem like someone who doesn't feel complete without something to be angry about.

Limited set of IP's?

[tpwch]

Great, give me a list and I'll block them on my mail server.

Re:Limited set of IP's?

[tokennrg]

Spamhaus will certainly help you out with a list of IP's to block. They'll also tell you what country spams the most and what ISP a majority of the spam comes from, just check the stats at the bottom of the homepage. Spamhaus is also one of the few DNS Blacklists around that you can actually work with.

Normally they list IP addresses that spam comes from , unlike some lists like the five-ten group that lists all but 1 IP address (127.0.0.1). Spamhaus will also remove IP's that no longer spew spam and so legitimate businesses don't get blocked erroneously.

Spamhaus also has a nifty thing called The ROKSO List which lists know repeat offenders and spam gangs so ISP's can keep from signing them up for service in the first place.

Are any of us suprised?

[TaintedPastry]

While I do get the few 'nigerian national' emails, most of them seem to be in pretty g00d 3ngli$h.

What do I do find morally distrubing is that there are geeks out there making assloads of cash providing a conduit for this spam with high powered servers and keeping the senders essentially nameless.

I'm confused

[pedestrian+crossing]

Why doesn't spam come under the same scrutiny and attempts to shut it down as P2P?

If it is mostly as centralized as this study indicates, it should be easy.

OK, I know the answer (nobody's precious "IP" is threatened by spam), but if there are going to be attempts to regulate the Internet, it seems like this is a far more productive place to start.

Re:I'm confused

[lunatik42]

Spam doesn't come under the same fire as P2P because it *promotes* consumerism and the "entertainment" industry, whereas file sharing circumvents the mass market etc. completely. Ergo, most of the war on spam is fought by the people - no one on top of the dogpile wants to regulate advertising. Besides, there are anti-spam filters being sold all over the place. That's another way to capitalize on the phenomenon.

What are those?

[Quixote]

a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam,

I skimmed the article, but couldn't find the answer to the question that, I'm sure, is on most /.ers minds: what are those IPS???

Me... Trolling?

[The-Bus]

Funny. My finger's not tired, I use SpamBayes. Sure, I miss out on great messages touting... "A great opportunity... New and spreading via the Internet in a very big way-It's FREE to join, and it promises a lot. Too good to be true?" ...but it makes it easier.

Re:Me... Trolling?

[mobby_6kl]

>Funny. My finger's not tired

Funny, my finger isn't tired either, but my hand is.

Oh...maybe I should stop visiting all those sites mentioned in the emails I get.

That's BRILLIANT!

We should start sending out "fake" spam with encoded music/movies in it. RIAA and MPAA would buy some new laws to stop spam.

It makes me wonder...

[Short+Circuit]

What happens if/when the kingpins are taken down? Will the commercial anti-spam-solution market dry up?

Who's willing to bet that companies with spam-dependant business models won't want that happening?

(/tinfoil hat)

Has anyone ever thought of comparing the originating IP of an email against a blacklist? I'm not talking about the server that sent the message to the recipeint. I'm thinking of further along the relaying chain.

Nice Advertisement..

[inkdesign]

What CipherTrust REALLY means is 86% of their potential clients reside in the US.

SPAM thrives best where it is consumed.

[erick99]

I think that SPAM does so well (so to speak) here in the United States because enough people read SPAM and buy the products to make it worthwhile for the spammers to do business. I had no idea there was such a market for "male enhancement," "payday loans," and the other similar ads.

I have been using gmail since early July and the spam filter is the best I've used so far. I get very few spam in my inbox everyday and I haven't had a false positive in so long that I don't check anymore.

The spammers will continue to spam until they are ingored to the point that there is no money in it. But, you know, I just don't see that happening.

Cheers,

Erick

Re:SPAM thrives best where it is consumed.

[multimed]

That's just not true at all--a very common misconception. If people just stop buying stuff from the spam, the success rates will go down low enough that spam will no longer be effective and go away, right? Hooey. The people doing the spamming and the crap for sale or whatever are two different things. Spammers don't care what the response rates are, they sell the service of bulk emails. They get paid no matter what. Of course that's not what they tell the businesses buying their services. They pitch how cheap it is to reach millions of people and the whole "if just 1% buys something" fallacy. The problem is the greed of the businesses continues to let them believe the sales pitch of the spammers. That's why legitimate companies don't do spam--not because it's immoral or illegal but because it already doesn't make financial sense.

That's why my answer is not to go after the spammers who are slime but often out of US jurisdiction, or even the ISPs because while some of them are evil & look the other way, a lot of them are trying, but it's hard work. No don't bother with them, I think they should go after the companies selling the crap. There's a contact in most of the spam for people to actually buy the crap. And that's a hell of a lot easier than tracking the spammers, nail the businesses paying for the spam. I guess it's kinda like going after the Johns instead of the prositutes.

T-Systems connects Scott Richter's net

According to this, notorious spammer Scott Richter has his own netblock (69.6.0.0-69.6.79.255), which until recently was connected to the internet through Taiwan based ISP Chunghwa Telecom. After they gave up on him, Germany based T-Systems took over. If you have any problems with spam from this netblock, their security team would like to hear about it. They have announced that they will terminate the contract if Richter violates it.

I need your help

[Saint+Aardvark]

Weirdly enough, I just wrote about something like this in my journal. In a nutshell, I've been contacted by a list seller asking if the files on my site mean I know how to get in touch with The Bulk Club (you remember The Bulk Club, right?)

I'm looking for suggestions on what to do next. In the meantime, whatever you do, do not run this command:

while [ true ] ; do wget http://www.emailsupply.net/sample.txt -O /dev/null ; done

That's a 4MB sample of the lists the gentleman has for sale, and surely the Slashdot effect runs the risk of using up all his bandwidth. Don't do it, I beg you!

Re:I need your help

[gptelemann]

while [ true ] ; do wget http://www.emailsupply.net/lists.php -O /dev/null ; done

Try this also: large file, and hit the PHP, not a static page!

Re:I need your help

[Kallahar]

It appears that his host is onlinehome-server.com which has a price list at here which shows their max monthly bandwidth as being between 25 and 100 gigs. At 90k/s bandwidth (their end) that's 324 megs/hour/person, so assuming 10 people do it it would take 30 hours each to hit their cap. 100 people could do it in 3.

Sounds like fun :)

Amount is only message-wise.

[Tar-Palantir]

According to the article, Asia has a significantly higher number of spamming machines. It's just that the US, with readily available high bandwidth connections (and nutbars like Alan Ralsky) spews out a disproportionate percentage of all actual spam messages.

iptables -I FORWARD -s isp/20 -j DROP

[caluml]

Give us the CIDR blocks of the whole ISP that the spammer is using. Block all packets from those ISPs. Once ISPs learn that they get blocked for tolerating spam, they will try harder to prevent them.

cybersmtp.com

[samsmithnz]

Just yesterday I received spam from this guy at cybersmtp.com, advertising they can send bulk emails out. Check this out, I was surprised at the number of emails they have in their database, and the relative cheapness to send out nearly 300 million emails:

No Software to Buy - Nothing to download

Lowest cost for broadcast

E-Mail is a key component in maintaining contact with your customers

Email Broadcasting

Please choose from the following:
[ ] 1,000,000 e~mail sent $400
[ ] 5,000,000 e~mail sent $1,500
[ ] 10,000,000 e~mail sent $2,000.00
[ ] 56-70,000,000 e~mail sent $2,500.00
[ ] 224-280,000,000 e~mail sent $10,000.00


We use our own directory, so you do not need to pay one dime extra.

In other news

[gorbachev]

A study by the National Weather Service just found out sky is blue, most of the time.

Re:not

[gorbachev]

Spamcop reports on SENDING IP addresses.

The study was reporting on who actually sent the spam.

It is widely known US based spammers use open proxies, zombies, open relays and paid foreign spammers abroad to hide their tracks.

So both studies are correct. It's just that they're reporting different things.

Re:From the US?

[Saluton_Mondo]

This might be what you're after: http://it.slashdot.org/article.pl?sid=04/05/20/165 0255&tid=111

According to this /. article 71% of spam servers are located in China

Well, it's an uncomfortable topic...

[Theatetus]

A lot of us in the IT world owe our jobs in some way to spam: the company I work for wouldn't need a 4-person server staff if we didn't have to

• manage spam filters and mitigate spam & virus damage for our POP clients
• audit our mailing list clients to make sure they're not actually spamming
• maintain our sendmail and bind clusters to prevent their use by spammers
• etc. etc. etc.

Would anybody else be out of a job if it weren't for spam?

How To End Spam

[bratgrrl]

Spam won't stop until SpamAssassin becomes SpammerAssassin.

us top spammer, china top hoster?

[blanks]

http://spam.weblogsinc.com/entry/4463682046968893/ Link goes to quote, plus more links backing up this data.... "A study released this week by Commtouch reveals that about 55% of all spam originates in the United States, and that more than 73% of spam refers to websites which are hosted in China. Ninety-nine percent of all websites mentioned in spam sample analyzed by Commtouch were hosted in China, South Korea, the United States, Russia, or Brazil" Here is another link, with a more detailed article. http://www.securitypipeline.com/showArticle.jhtml? articleId=22103058

That's not new, ROKSO

[cpghost]

Spamhaus published ROKSO list has always shown that most top spammers are U.S.-based.

All it takes is more vigorous law enforcement. Where are the prosecutors, when we really need them?