China and its Relation With Spam

smooth wombat writes "Asia Times has a nice article about why China is becoming the spam capital of the world. Steve Linford, of Spamhaus fame, is quoted several times in the article and offers some insight into how the Chinese ISPs operate. Steves quote at the end of the article pretty much sums up why China isn't doing anything to curb the hosting of spam website servers in the country: "They simply don't want to know - China Telecom doesn't care because they're government-owned and there is no pressure coming from the government. Meanwhile, our statistics on spam volumes and the number of spammers setting up in China are going up and up and up.""

Re:Why is this still an issue?

[r_cerq]

Yes, well, some of us do deal with Chinese, Taiwanese, Japanese, and other Asian companies.

In case you haven't noticed, most of our high-tech toys have at least a few taiwanese or chinese components in there; Most "modded" PC cases nowadays come from China; Many American and European manufacturers sub-contract asian assembly-lines.

And, obviously, they use e-mail to communicate with us Westerners.

Solution? Bounce with the 550 power.

[Tackhead]

> "They simply don't want to know - China Telecom doesn't care because they're government-owned and there is no pressure coming from the government.

550 - Thank you for your support of the steganographic communications payment protocol.
550 - Your continued support of Falun Dafa [Falun Gong] in the face of continued oppression from the butchers of Beijing is appreciated.
550 - The following token shall constitute both a receipt for your payment and a public key with which you may send your next message to your allies in the resistance.
550 - KEYBLOCK 6x5 F81IZ FOLG3 VOLSX CIOP3 F7JJ2 EYMNX

Now, is it my fault if my crontab edits the last line of that message to a different series of random characters every 30 seconds? Is it my fault if the owner of the spam-relaying machine is... dealt with... in the name of protecting his fellow citizens from mysticism and supersition?

Hmm, I suppose it is.

But hey, there's a critical shortage of corneal and kidney transplants. And a critical oversupply of server administrators who support spammers. I'm just the invisible hand of the market, smoothing out the discrepancies.

Blocking China and other rogue IP space

In addition to blocking spam, we mod our /etc/hosts.allow to keep these systems from connecting to many services:

ALL:61.0.0.0/255.0.0.0:deny
ALL:62.0.0.0/255.0. 0.0:deny
ALL:80.0.0.0/255.0.0.0:deny
ALL:81.0.0. 0/255.0.0.0:deny
ALL:82.0.0.0/255.0.0.0:deny ..etc..

It's better to block, then individually authorize. Most of the Chinese IPs are not only spamming, but constantly probing for vulnerabilities in SSL, SSH, FTP and other services.

What goes around, comes around...

[Zocalo]

I pretty much have all of China (and a few other countries) blacklisted, in the case of China this is both at the .cn ccTLD domain and their IP allocations from APNIC. Yes, it's draconian, but I can (and do) permit specific IPs if need be and it keeps the spam *way* down. If enough people were to do this, especially at ISP level, then that's going to start having an impact of the ability of Chinese companies to trade with the rest of the world. Should that happen, how long do you think it would take for the Chinese government to take notice, and subsequently some action?

Of course, that's when the payback happens, because it's going to take more than a promise to be good to convince many admins to remove a blacklist entry, null route, or whatever. It basically boils down to a choice between quick money from dodgy spammers now, or long-term money from serious business investments further down the road. At the moment, it sure looks like the Japanese are the only ones that have really grasped the concept of long term business plans being better than cash now; tomorrow's problems belong to someone else.

Re:no mail of value

[dubl-u]

So I don't feel bad about automatically trashing all mail that originates in Chinese netblocks.

I'm not willing to go that far, but I do assign a 1.5 point penalty (out of 5) to all Chinese and Korean IP space. It has made a substantial difference as spammers get smarter about skirting Bayesian filters.

My recent spam anecdote

[tacocat]

This is all very interesting, and I was even thinking to just block the asian nations would solve a lot of spam. But then I realized that I don't get much spam from there.

Most of my spam, greater than 90%, comes from the zombied US DSL machines as proof of their addresses when trying to connect I believe a large portion of the spam that exists also links back to chinese websites, not delivered from chinese mail servers.

I recently turned on greylisting and all the viagra/herbal/biggus diccus stuff is 100% gone. Not one in a week, normally there are >30 per day. Now all my spam is from France and somewhere in Asia. But that's like 2 a day.

Re:RBL

[hackstraw]

I run spamassassin, and I have a rule to score URLs that reverse back to Chinese or Korean netblocks.

Over 50% of the tagged spams hit this rule. Now if these mails were actually sent from China or Korea, that is a different story (and a different rule :). I know its a cheap and easy way to send spam from compromised Windows machines that can be located anywhere in the world, but many of these drone machines are probably sending mails from Chinese and Korean people.

Re:Well, okay...

[lowrydr310]

I prefer General Tso's Spam ...still haven't posted anything 'insightful' in three months as a registered slashdot user

Use The System Against Itselt ;-)

[ackthpt]

Have one of the chinese sites spam chinese addresses with seditious talk of democracy, human rights, freedom of speech, what a swell COUNTRY Taiwan is, etc.

May the ISPs live in interesting times...

Re:Why is this still an issue?

Problem: spam from China.
Problem: spammer websites in China.
Problem: Chinese ISPs don't care, because they're owned by the government and the government doesn't care.
Fact: The Chinese government does monitor email, especially email with certain subversive keywords.

So, how can we make the ISPs and/or the government care? How about, included free with every spam complaint you send to a Chinese ISP, you thank them for their help in distributing Falun Gong literature, or delivering crates of goods to their contact in the Free Tibet movement, or mention that for their application, Semtex is preferable to TNT, or just include a block of encrypted text. It'll make the ISPs rightfully nervous about receiving such mail, and, when the secret police notice, it gives them something to do. The secret police may not care about spam, but they do care about subversion, or delivery of secret goods for subversives, or people who are sending encrypted messages. Make some of the encrypted messages easy to crack, and make some of them straight random numbers, those will be really hard to crack.

A year or so ago, a Chinese ISP was raided by police and their equipment seized, for just such causes. The police did figure out that it was bogus, and gave the equipment back, but I bet that particular ISP doesn't want anything to do with spammers anymore.

Benefit: Wastes the time of the secret police, a good in and of itself.
Benefit: Raises the noise level for monitoring email for subversive words.
Benefit: Makes ISPs paranoid about the sort of mail theyll be getting if they host spammers.
Benefit: If a spam-friendly ISP goes down in the process, are not the blessings truly multiplied?

Re:Put the money where they belong!

[Vadim+Makarov]

Thank you very much for assessing the approach.

I respectfully disagree with the following items in your assessment:

(x) No one will be able to find the guy or collect the money
- This doesn't apply because money are collected BEFORE one is able to start getting the escrow tokens. It has to be a 100% pre-payment service.

(x) It will stop spam for two weeks and then we'll be stuck with it
- It has a chance stop the spam forever. We will eventially have other types of electronic scams instead, but email spam as we know it today will either be limited to the average of several messages a day that emanate from compromised accounts, or cease to exist.

(x) Requires too much cooperation from spammers
- It's true that spammers will immediately try to break any scheme devised or find a workaround in the least expected ways, which is a very valuable contribution we expect from them. If the scheme stands the test, however, no further cooperation from spammers is required.

(x) Anyone could anonymously destroy anyone else's career or business
- Exactly how?

(x) Lack of centrally controlling authority for email
- We have DNS. It has been introduced at some point in the development of electronic communications, not from the very beginning. It is a central controlling authority for several services, including email. It is a paid service. It works. It is possible for another central controlling authority to be introduced.

(x) Incompatiblity with open source or open source licenses
- Why?

I do not think the following items in your assessment are in principle possible to satisfy with any solution:

(x) Requires immediate total cooperation from everybody at once
- Chicken and egg problem is not new to this world. It gets solved all the time, however.

(x) Sending email should be free
- Impossible to satisfy beyond a small closed society where everyone knows everyone.

Furthermore, this is what I think about the assessment in general:

[x] Your assessment is mostly realistic.
[ ] You are taking constructive approach and try to improve the proposed imperfect ideas.
[ ] You are taking the spam problem seriously and genuinely want to solve it permanently.
[ ] You or your employer have means and market leverage to solve the spam problem permanently.

Also, the following may apply to the expert who has performed the assessment. Please excuse me in advance for taking things to the personal side:

[x] Spam war is a great fun for you as an IT specialist / system administrator / programmer, and you are not interested in peace for this reason.
[x] Spam war is a great educational environment for you as an IT specialist / system administrator / programmer, and you are not interested in peace for this reason.
[x] Spam war is probably partly or wholly justifies your own employment as an IT specialist / system administrator / programmer, and you are not interested in peace for this reason.
[x] Unfortunately we have no social mechanism in place to fix any of the three problems above. Overally the society loses, of course.

Re:Spam Originating In Asia

[CritterNYC]

I have partial blocks in 202. because some of those IPs are in Australia and New Zealand and not spammy.

Quite right, which is one great reason not to use wholesale blocks without understanding them. I'm more of a fan of using some of the blackholes.us country-based lists to block China, etc than full IP blocks is someone wants to block certain countries.

Re:no mail of value

[Miara]

If everybody did this, it could become a real problem for the Chinese. (duh)

Hmmm.

Maybe that's what they want.

The Chinese government seems to be doing everything they can to make sure that people in China don't have access to any information that is potentially critical of their regime. This is easy to do with websites (including Google it seems) but somewhat harder with email.

If they allow spammers to run free though, and every admin in the west blacklists all .cn sites as a preventative mesure ... that severely hampers email exchanges between Chinese citizens and the rest of the world.

I wonder ...

Re:Well, okay...

[EvilAlien]

I'll remember that next time I need to insult someone who is Chinese. "Hey man, I hear Teriyaki is a Chinese sauce... BOOYAH, IN YOUR FACE!"

Re:It's a good thing I don't know anyone in China

has anyone thought that the Chinese govornment might be trying to spam their way into isolation? Allow spam senders to accumulate until the entire country gets cut off from most of the world because people are blocking it, everybody wins ;(