China and its Relation With Spam

smooth wombat writes "Asia Times has a nice article about why China is becoming the spam capital of the world. Steve Linford, of Spamhaus fame, is quoted several times in the article and offers some insight into how the Chinese ISPs operate. Steves quote at the end of the article pretty much sums up why China isn't doing anything to curb the hosting of spam website servers in the country: "They simply don't want to know - China Telecom doesn't care because they're government-owned and there is no pressure coming from the government. Meanwhile, our statistics on spam volumes and the number of spammers setting up in China are going up and up and up.""

Well, okay...

[GillBates0]

But I was thinking more along the lines of Yummy Hot and Spicy Chinese Spam:

SPAM(TM) Hot & Spicy Stir-Fry
Makes 6 servings

Ingredients
1/3 cup reduced-sodium teriyaki sauce
1/3 cup water
2 to 3 teaspoons HOUSE OF TSANG® MONGOLIAN FIRE® Oil
1/2 teaspoon ground ginger
1 (12-ounce) can SPAM® Lite, cubed
1 cup broccoli florets
1 cup chopped onion
1 cup pea pods
1 red bell pepper, cut into strips
1 tablespoon plus 1-1/2 teaspoons vegetable oil
1 (14-ounce) can whole baby corn, drained and cut in half
1 (7-ounce) jar mushrooms, drained
6 cups hot cooked white rice

In small bowl, combine teriyaki sauce, water, Chinese hot oil and ginger; set aside. In wok or large skillet, stir-fry SPAM®, broccoli, onion, pea pods and bell pepper in vegetable oil 2 minutes. Add teriyaki sauce mixture; cook until bubbly. Add baby corn and mushrooms; heat thoroughly. Serve over rice.

Spam from Confusious

[teiresias]

Which is suprising considering the Government control on all things media.

From: Confusious
To: teiresias

Subject: Ancient Chinese Proverb

Body: "Increase your penis size with ginger root and secret ingredient. Act now and get a free webcam. Did I mention it make your wang huge!"

The source?

[AndyBassTbn]

Because of this, it is now meaningless to say that spam itself originates in any given place - it is truly a cyber-product.

No, I think the source has remained unchanged - the pocketbooks of those willing to actually pay for the schwag sold via SPAM email. As long as people are willing to pay for herbal Viagra, cheap mortgages, etc. based on spam, so too will spam annoy the rest of us.

Re:The source?

[jxyama]

>As long as people are willing to pay for herbal Viagra, cheap mortgages, etc. based on spam, so too will spam annoy the rest of us.

not quite. spam will exist as long there are advertisers who believe there are people who are willing to pay for junk stuff based on spam. advertizing - all it takes is the belief that it's doing something, at least until the money runs dry.

no mail of value

[lophophore]

I get no mail of any value from China. I don't know anybody there. So I don't feel bad about automatically trashing all mail that originates in Chinese netblocks. It's amazing the effect that has had on what spam I actually see.

If everybody did this, it could become a real problem for the Chinese. (duh)

Re:no mail of value

[Croaker]

What if you had a friend traveling over there, that had to get in touch with you?

Likely, that friend would use an internet cafe to connect to his/her hotmail or whatever account, and shoot of the email. The email would originate from the hotmail (or whoever) mail server, not from a chinese netblock. Not a problem.

Or someones company switches hosting to a .cn company.

The result is no different than if a company switches to an ISP that is known to be spam-friendly... they will usually get bounces stating "Your mail was refused because your subnet is blocked for spamming," or something similar. In which case, the company had best rethink its choice of ISP.

Or a mail gets relayed through a .cn mail server as the regular one is down for maintainence?

How often is mail rerouted these days? Especially to a server in a different country, likely on a different continent? I can't recall ever seeing this. Usually mail is held until the mail server comes back up. The mailserver going down is one of those things guaranteed to get the IT people awoken in the middle of the night, so its downtime isn't going to be long anyhow.

Oh, your mom called; you didn't reply to her mail about the free first-class tickets she was going to send you to visit her; so you missed out.

Any idiot who relies entirely on email for transmission of important information pretty much gets what he/she deserves when there's a snafu and the email is lost. That's why really important things, such as the "DMCA take down notices" sent out by lawyers are always sent both via email and snail mail.

Re:RBL

[Jucius+Maximus]

"Asia Times has a nice article about why China is becoming the spam capital of the world."

Funny, I thought almost all spam originated in the US (even though it is sent via Chinese webservers.) This is confirmed in the article, btw.

Solution? Bounce with the 550 power.

[Tackhead]

> "They simply don't want to know - China Telecom doesn't care because they're government-owned and there is no pressure coming from the government.

550 - Thank you for your support of the steganographic communications payment protocol.
550 - Your continued support of Falun Dafa [Falun Gong] in the face of continued oppression from the butchers of Beijing is appreciated.
550 - The following token shall constitute both a receipt for your payment and a public key with which you may send your next message to your allies in the resistance.
550 - KEYBLOCK 6x5 F81IZ FOLG3 VOLSX CIOP3 F7JJ2 EYMNX

Now, is it my fault if my crontab edits the last line of that message to a different series of random characters every 30 seconds? Is it my fault if the owner of the spam-relaying machine is... dealt with... in the name of protecting his fellow citizens from mysticism and supersition?

Hmm, I suppose it is.

But hey, there's a critical shortage of corneal and kidney transplants. And a critical oversupply of server administrators who support spammers. I'm just the invisible hand of the market, smoothing out the discrepancies.

My standard response

[acceleriter]

to a Chinese originated spam or to a Chinese spamvertised website. Since they ignore reports and are happy to collect spammers' dollars, I figure the outside chance one might get a bullet to the head is the best that can be hoped for:

(first in probably very bad Chinese, thanks to Babelfish)

Dear Spamhaus,

You have won our promotion in the FREE TIBET, Falun Gong, Remember Tiananmen, rebellion against the Glorious Communist State Sweepstakes!

The number on the bullet (free to you, billed to your family), which will hopefully go through your head when the censors in your godless heathen illegitimate bastard country who can filter out everything except spam see this, is 7417.

Congratulations!

Re:Why is this still an issue?

[mcleodnine]

While that will prevent SPAM that originates in China, you may want to re-think your strategy.

According to this report, most of the spam comes from North America, with thanks to Zombie PCs.

What goes around, comes around...

[Zocalo]

I pretty much have all of China (and a few other countries) blacklisted, in the case of China this is both at the .cn ccTLD domain and their IP allocations from APNIC. Yes, it's draconian, but I can (and do) permit specific IPs if need be and it keeps the spam *way* down. If enough people were to do this, especially at ISP level, then that's going to start having an impact of the ability of Chinese companies to trade with the rest of the world. Should that happen, how long do you think it would take for the Chinese government to take notice, and subsequently some action?

Of course, that's when the payback happens, because it's going to take more than a promise to be good to convince many admins to remove a blacklist entry, null route, or whatever. It basically boils down to a choice between quick money from dodgy spammers now, or long-term money from serious business investments further down the road. At the moment, it sure looks like the Japanese are the only ones that have really grasped the concept of long term business plans being better than cash now; tomorrow's problems belong to someone else.

My recent spam anecdote

[tacocat]

This is all very interesting, and I was even thinking to just block the asian nations would solve a lot of spam. But then I realized that I don't get much spam from there.

Most of my spam, greater than 90%, comes from the zombied US DSL machines as proof of their addresses when trying to connect I believe a large portion of the spam that exists also links back to chinese websites, not delivered from chinese mail servers.

I recently turned on greylisting and all the viagra/herbal/biggus diccus stuff is 100% gone. Not one in a week, normally there are >30 per day. Now all my spam is from France and somewhere in Asia. But that's like 2 a day.

Slashbot math lesson

[klipsch_gmx]

the people who are actually buying the crap is very small like 0.001% So that is 1 in a Thousand People who buy this stuff.

I salute you, sir.

You misunderstand.

[pavon]

The spam is not comming from china - china is simply hosting the spammer's websites. Here is the spam ecology:

American spammers pay Russian crackers to write viruses. These viruses infect Windows machines across the world. The spammers use the zombie machines to send spam which link to websites hosted in China. This has been the prototypical arrangement for many years.

Re:Solution? Bounce with the 550 power.

[andfarm]

For what it's worth, the Chinese government treats Falun Dafa / Falun Gong the same way you'd expect to treat a militant group.

Re:Put the money where they belong!

[taustin]

Your post advocates a

( ) technical ( ) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
(x) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!