Spam from Taiwan

TristanGrimaux writes "According to a recent study done by CipherTrust, two thirds of the world's spam is sent by Taiwan servers. The US follows with 24% and in a distant third is China with only 3% of the servers who actually sends the spam." The article cites easy access to broadband and lack of crackdown on offenders as the main contributing factors.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Whats specific about Taiwan?

[WinEveryGame]

So, what is so specific about Taiwan that causes this?

Availability of relatively cheaper computing power with good bandwidth?

Some legal stuff?

Availability of some skill set?

Re:Whats specific about Taiwan?

[kcbanner]

More people = more computes = more spam. Its a vicious cycle...

Re:Whats specific about Taiwan?

[Heir+Of+The+Mess]

Having been to Taiwan a fair bit I can think of some possibilities:-

Most people I know there earn about US$15k/yr, and upgrading the RAM in your Pentium3 machine and then the Hard Drive, and then the video card is sort of common practice. Forking out big $$ for Windows XP isn't real easy so a lot of people are running some SP1 version of Windows XP they bought for $1 off the street, and this version gets owned pretty fast, and can't be patched from windows update. So there are lots of bots.

Now 24Mbit internet access is like $5-$10 per month, so you can see there is quite a big engine there for generating spam.

The culture there is such that they love the latest thing, so I could imagine that there would also be a tendency for people to install software off the net that has malware in it as well.

Another thing I noticed is that your average grandmother there seems quite good at using a computer. So I could imagine that there might be more pensioner types sitting there doing some amount of spamming for a little bit of money.

Re:Whats specific about Taiwan?

[Spikeman56]

"The culture there is such that they love the latest thing, so I could imagine that there would also be a tendency for people to install software off the net that has malware in it as well."

I second that. The personal computers I have looked at are so loaded with "download managers" and "toolbars" it makes me sick. Piracy is big here too, so everyone has the standard ISO mounting software, strange p2p network applications, compression tools. Piracy can get you on some sketchy sites and convince you to install some sketchy software. Botnets anyone?

Re:Whats specific about Taiwan?

[clokwise]

Taiwanese receive a lot of spam and many of them appreciate it. There is a growing backlash against spam recently, but it's still the norm. Taiwan has something like 97% IE usage, which would also account for so many bots. Most users here have no interest in switching to FF or other browsers because so many websites here only work in IE. It's a vicious circle.

Re:Whats specific about Taiwan?

[CrazyGuy]

I live in Taiwan.
Here's some info for you.

An average person earns like US$150~200k a year.
The 8M/640k ADSL line from Hinet, taiwan's largest ISP, is US$33/month, with 1 fixed IP+ 7 floating IP addresses.

People here are used to DIY PCs. But not so used to pay for software.
Part of the problem is that lot's of people just scared to do Windows Update, because they're using pirated copy.
Another part of the problem is that infomation about computing here are very easy to get. So lot's of people are using Linux or some shareware/software running their own servers. But these people really don't have the skills to secure that server.

Re:Whats specific about Taiwan?

[ketamine-bp]

no way. there is nowhere in taiwan where the 'average' earns US$150-200K/year, if you want it's around US$15-20K/year. talking about NT$35K/month, that is around 1.2K/month. (Sorry for poor currency conversion, i think these figures are reasonably accurate.)

if you don't think so, see:

google search

Re:Whats specific about Taiwan?

[yaiba]

Taiwan: 1. cheap bandwidth 2. cheap hardware 3. cheap software 4. open relays for everyone

Re:Whats specific about Taiwan?

[Yvanhoe]

Some legal stuff?

Maybe so. If you speak to a taiwanese official, you angry China, fearing that you might recognize Taiwan as a political entity different from mainland China. The political correctness wants that you complain at Beijing that the chinese province of Taiwan is sending a lot of spam. Of course they can't do anyhting about it but don't want you to meet the people in charge there.

I guess they have a lot of P2P there too...

Re:Whats specific about Taiwan?

[Jussi+K.+Kojootti]

I'm quite surprised that your estimate of the average income is so different (like over 1000%) compared to any numbers found on the net. So what's the explanation? Are your friends or your home area so different to the average, or did you just get the conversion wrong?

Re:Whats specific about Taiwan?

[Heir+Of+The+Mess]

Hi there er CrazyGuy,

I'm moving to Taiwan in February 2007, and I was wondering if there would be a place in the company you work for. I have 5 years C++ experience, 4 years C#, and 6 months WPF/Avalon. My qualification is Bachelor of Electronic Engineering. I'm serious. Where should I apply?

Re:Whats specific about Taiwan?

[Aokubidaikon]

So, what is so specific about Taiwan that causes this? My guess would be that by most countries it is not considered a "real" country (due to pressure by mainland China).

Re:Whats specific about Taiwan?

> So, what is so specific about Taiwan that causes this?

The fact that some spam farms there hit Ciphertrust more than others?

The study's bogus, the stats from companies much bigger than ciphertrust don't bear out their facts. Perhaps I'd believe that it nearly ties with mainland China. Korea probably sends more.

Sorry about your poor penetration in the Chinese market, Ciphertrust.

Re:Whats specific about Taiwan?

I come from Taiwan, and you're full of it. $150-200K a year? Are you frackin' kidding me?

Taiwan suffers from what most developing, industrialized 2nd-world nations suffer from - a very low income for the everyman, with a large group of urbanized elites. I have no doubt some exec living in a tower in downtown Taipei is rolling in $150-200K, but to say the everyman is doing this is absurd. Have you BEEN to the outskirts of Taipei, or worse, any one of our many cities? Cost of living in the urban centres of Taiwan is comparable to most American cities, which only makes the avg $15K/yr worse for normal Joe Schmo.

And as for internet - yeah it's cheap, but it's also slow as hell. Networking within Taiwan is blazing fast, but as soon as you have to cross that big body of water known as the Pacific, everything slows to a crawl. Probably fast enough to set up a botnet though...

Re:Whats specific about Taiwan?

[7ft_Big_Guy]

Want to stop the spam from Taiwan??? Blackhole EVERY domain for the country, basically turn them into an INtranet... Will that stop the spam? no Will it reduce the spam? for a short time until they access bots elsewhere...

Re:Whats specific about Taiwan?

[marcelk]

Most people I know there earn about US$15k/yr [...]
Now 24Mbit internet access is like $5-$10 per month,


I live in Taiwan.
Here's some info for you.
An average person earns like US$150~200k a year.
The 8M/640k ADSL line from Hinet, taiwan's largest ISP, is US$33/month, with 1 fixed IP+ 7 floating IP addresses.

Funny. I also live in Taiwan. Here is some information extracted from the CIA factbook for both of you:

First look at the Gross Domestic Product (GDP) per capita:

USA: $41,800
European Union: $29,100
Taiwan: $27,600

Now correct it for purchasing power parity:

Taiwan: $53,800
USA: $41,400
European Union: $26,600

Taiwan is a wealthy country.

Second: Your Hinet.net rate must be a very special deal. 33 USD is about 1000 NTD.
For 1,200 NTD/month you barely get 2M/512k dynamic IP. This hasn't changed much
over the past two years that I have lived here.

Your 8M is on the hinet
website and it costs 5,000 NTD or $150/month)

Re:Whats specific about Taiwan?

[CrazyGuy]

I must be sleepy or out of my mind...

Sorry about the mistake.
It's around 15k~20k/year income in Taipei area for an average person works for a company.

And my ADSL deal is not special at all. You just paying too much.
http://www.promotion.hinet.net/hot2.htm
For the first 10 months, it's NT$990/month, then it's NT$1090/month, which is about US$33.

It's weird but 8M/640k is actually cheaper than 2M/512k.

Taiwan China ...

[layer3switch]

So Taiwan isn't part of China now? OK, I'm confused.

Re:Taiwan China ...

[kclittle]

Have you been under a rock since 1949? :)

They're part of China sort of (but not exactly) the way the South was part of the U.S. between 1861 and 1865, except the war to resolve the issue hasn't happened yet. Pray that it doesn't...

Re:Taiwan China ...

[layer3switch]

So it's part of China or not? "Maybe" doesn't really make much sense to me. US and UN says Taiwan is part of China, EU is saying Taiwan is not part of China, Taiwan is saying it's its own country, China is saying it's part of China. Google says it's part of China. WTF.

Re:Taiwan China ...

Hi, yes, apparently you haven't been awake for the last half century... In the context of a discussion about Taiwan and China, "China" refers to "Mainland China" (this is the big land mass that is directly connected to the rest of Asia), and "Taiwan" refers to this little island off the coast of the Mainland where all the non-communists escaped to after losing the civil war.

Thank you. Next week I will explain the difference between "United States" and "Puerto Rico" for you.

Re:Taiwan China ...

[Zeebs]

Taiwan and China are actually both China. Taiwan is the Republic of China. While what most people(unless you happen to be from Taiwan) call China is of course the Democratic Peoples Republic of China. The DPRC does consider Taiwan a rouge province, while Taiwan doesn't consider that to be the case. As the other reply said, lets hope the war to resolve this doesn't happen any time soon.

Re:Taiwan China ...

[kclittle]

Well, we have shades of red and red here. :)

Does the People's Republic of China collect taxes in Taiwan? No, the Republic of China does.

Does the PRC actually try to enforce its criminal laws in Taiwan? No, but the ROC enforces its laws.

Does the PRC define the commerce regulations, health regulations, education standards, voting laws, aviation regulations, etc. within the borders of Taiwan? No -- but the ROC does.

Does the PRC have military bases on Taiwan? No ... but the ROC does!

What the U.N., U.S. and Europe say in polite diplo-speak is one thing. The working reality (and the *money* reality) is that Taiwan is a separate country, perhaps not in name, but in operational fact.

Re:Taiwan China ...

Taiwan goes to great lengths to avoid saying it is its own country!

Re:Taiwan China ...

[Zeebs]

Funny how people will avoid doing things that will cause them to be invaded.

Re:Taiwan China ...

[dafoomie]

Its a very politicized situation.

Taiwan is effectively its own country. China says its not. China will not trade with any country that recognizes Taiwan's statehood, therefore most countries don't, but also don't recognize China's (PRC) rule over Taiwan (ROC).

In 1949, the communists (PRC) fought a civil war with the then Chinese government (ROC), the communists won, and the ROC fled to Taiwan. China (PRC) claims Taiwan, and Taiwan (ROC) until recently claimed all of China.

It gets a little complicated with the Taiwan Relations Act and the Six Assurances, but we're pretty much hoping the communists go away before a war breaks out over it. Taiwan has been assured that we (USA) will intervene in the event of a Chinese invasion. We've also been selling them a great deal of arms for the last 30 years, you always take care of your best customers. We've created a situation similar to the one in Korea, where our forces there are a deterrent, a tripwire for American intervention in case of an invasion. The 7th Fleet is very conveniently positioned for that reason.

I don't see anything changing until China is no longer ruled by an oppressive communist regime, the people of Taiwan should decide what to do after that. The US doesn't want Taiwan to fall into China's hands, Japan considers the prospect a grave threat as well. Taiwan certainly doesn't want to be under oppressive communist rule, either.

Re:Taiwan China ...

[Beryllium+Sphere(tm)]

>does consider Taiwan a rouge province

So Taiwan is actually Red China?

(I apologize. I transpose keys too. But that one was just irresistible.)

Re:Taiwan China ...

[Heir+Of+The+Mess]

Taiwan has a different government to China. Somewhere around 1945, Taiwan was taken from the Japanese, and given back to China which was ruled by Chang Kai Shek (sp?). I think it was around 1949 that the Communist Party (run by Chairman Mao) overthrew the CKS government and drove the Nationalist forces back until they retreated to Taiwan. So ever since then Taiwan has been run by the KMT party (Chinese Nationalists), until a few years ago when they were voted out in favour of the DPP (Democratic Progressive Party).

Now CKS had planned to take back China as he built Taipei (the capital was Tainan) to be a city of big streets that could be used as runways for bombers, but that never happened.

For about the last 20 years China has been making noises about bringing Taiwan into the communist fold. The DPP party in Taiwan has been making noises about declaring Taiwan independent from China, and so China has responded with bigger noises. I would say that nothing will happen until the Olympics are over..

Re:Taiwan China ...

[kclittle]

In other words, this is a case where even the proverbial elephant in the room doesn't want to acknowledge its own presense! :)

Re:Taiwan China ...

[Zeebs]

*headdesk*... but a golf clap for you indeed, well played sir :P

Re:Taiwan China ...

[LostInTaiwan]

Saying Taiwan and China are both China is like saying both England and Australia are Great Britan. Taiwan was a part of China till China forked it over to Japan 100 years ago. Go back a few more hundred years, Taiwan belonged to the Dutch, whom I think is the first county to officially plant their flag and call it their own. . . . Most Taiwanese are ethnic Han Chinese, but so are most Chinese Americans. . . and most Australians can trace their roots back to GB but that does not mean they are British.

Taiwan is Taiwan. Taiwan is is a completely separate policital entity, way different from China. . . . I think they're trying to impeach their president right now. . .lol. . . I like to see that in China. . . .

regarding spammer from Taiwan. . . . base on what I saw the geeks to nerds ratio is too low to product a sizable indigenous hacker population. . .

John

Re:Taiwan China ...

[Zeebs]

Ask a person from Taiwan where they are from and they will say China. I know that because I've worked booking appointments for visas to the U.S. One of the things to get straight when someone said they were from China was that the Democratic Peoples Republic of or Republic of. They both refer to them selves as from China.

Re:Taiwan China ...

[l-ascorbic]

Surely communist china is the rouge china...

Thank you, thank you, I'll be here all week.

Re:Taiwan China ...

[KiloByte]

The DPRC does consider Taiwan a rouge province, while Taiwan doesn't consider that to be the case.

In fact, it's the DPRC who's a rogue province there :p

We have a revolution where a government gets ousted by rebels once per like 1-2 years in the world, and in quite a bit of cases the rebels fail to grab control of the whole country. However, it's not every year when this happen in a billion+ country with nuclear weapons.

Re:Taiwan China ...

[jiawen]

Two porbelms with your post: One, as others have already noted, you mean "rogue", not "rouge"; two, there's no such thing as the Democratic People's Republic of China. Perhaps you're thinking of the full name of North Korea (DPRK)? With mainland China, the correct/full name is People's Republic of China -- no "Democratic". Thus, the two sides of the Taiwan Strait are officially the PRC and the ROC.

And yes, I know there's a typo in the second word of my post. :)

Re:Taiwan China ...

[jiawen]

Ask a person from Taiwan where they are from and they will say China.

Unless, that is, they're pro-Taiwanese independence, in which case they'll probably say they're from Taiwan. Yes, it's complicated.

Re:Taiwan China ...

[Zeebs]

Ok it's early and you are right I am adding Democratic cause I'm some form of monkey. Damn you communists and your tricky name tricks. Anyway :P while I ment rogue as EVERYONE has pointed out, what I said was no less true, the PRC does consider them 'red' :P Ok yea I'm grabbing at straws there.

Re:Taiwan China ...

[jo3c]

pro-taiwanese independence? haha
saying us taiwanese from china is like lowering our social class

funny all the people i know gets angry when people say they are from china

and no we don't ever say we from china..
we from taiwan

Re:Taiwan China ...

[jiawen]

Like I said, two problems: that's it, no more. Everything else you said was quite correct.

Re:Taiwan China ...

[lxt518052]

No point starting a flame war on this issue on Slashdot.

Let's hope this issue will be resolved by ourselves. I, for one, welcome political parties in Taiwan back to mainland to takeover the regime. But it seems they're currently only interested in fighting one another on this Taiwan Independence issue.

Re:Taiwan China ...

[Dracil]

That's because it's the official name on our passports (surprise surprise when you're doing visas!) Ask any regular Taiwanese where they're from in any othe context, and they'll say Taiwan.

Re:Taiwan China ...

What is also amusing is that China does not have a legal basis. Technically by international law, Taiwan is still under a US Military Government from World War 2! We just haven't gotten around to officially determining its sovereignty (mostly because of the political situation with China).

Re:Taiwan China ...

Its a very politicized situation.

Taiwan is effectively its own country. China says its not. China will not trade with any country that recognizes Taiwan's statehood, therefore most countries don't, but also don't recognize China's (PRC) rule over Taiwan (ROC).

In 1949, the communists (PRC) fought a civil war with the then Chinese government (ROC), the communists won, and the ROC fled to Taiwan. China (PRC) claims Taiwan, and Taiwan (ROC) until recently claimed all of China.

It gets a little complicated with the Taiwan Relations Act and the Six Assurances, but we're pretty much hoping the communists go away before a war breaks out over it. Taiwan has been assured that we (USA) will intervene in the event of a Chinese invasion. We've also been selling them a great deal of arms for the last 30 years, you always take care of your best customers. We've created a situation similar to the one in Korea, where our forces there are a deterrent, a tripwire for American intervention in case of an invasion. The 7th Fleet is very conveniently positioned for that reason.

I don't see anything changing until China is no longer ruled by an oppressive communist regime, the people of Taiwan should decide what to do after that. The US doesn't want Taiwan to fall into China's hands, Japan considers the prospect a grave threat as well. Taiwan certainly doesn't want to be under oppressive communist rule, either.

That is the simplified crap you get from the end of news articles in the west relating to Taiwan-China relations. The history is a lot more complicated. Taiwan was largely ignored by China until it became of interest to the western powers in the late 1800's. The Sino-Japanese War ended with China giving Japan Taiwan and other islands (which are still in dispute). The Japanese occupation of Taiwan is the reason why older generations of Taiwanese people can speak fluent Japanese. They were educated by the Japanese system from 1895 to 1945. The Allies in WWII needed to keep Chiang Kai Sheik(CKS) in the war to keep the Japanese occupied while they focus on the real purpose for US entry to the war, namely Germany. SO the allies promised Taiwan to CKS to keep him going. The man was so corrupt and focused on killing Mao that he ignored the Japanese for a long time. SO when WWII ended, Japan gave up control of Taiwan to the allies and the Kuomingtang (political party of CKS, controlling and only political party of ROC at the time.) took over the island without official treaty stating such turnover. Since the west was into fighting communists after WWII, CKS was allowed to keep Taiwan so that he can pillage the island for resources to feed his troops and keep his corrupt regime alive. Situation like this would be played out again in Vietnam with the US supporting so called democratic dictators. since the Taiwanese never really liked foreign control, a revolt happened in Febuary 28, 1947. The revolt was crushed when CKS sent troops to Taiwan and massacred tens of thousands of Taiwanese, mostly leaders and scholars. This began martial law that was not lifted until 1987 after the death of CKS and near the death of his son. When the KMT lost the civil war in China, CKS left China and retreated to Taiwan. He and delusional Chinese people in Taiwan still believe to this day that they will someday conquer the communist and take back China. CKS was not the first to have this delusion since the last pretender to the Ming throne tried the same thing in the 1400's. So now the population of Taiwan consists of about 15% Chinese(mostly those who came with CKS in 1949). The rest are of Chinese who have been there for centuries who speak Hakka or Minnan and Aboriginals who have been there for even longer time. The PRC never ruled Taiwan so they have no claim on Taiwan. If they want to finish the civil war, Taiwan should just send back the Chinese who want to go back to China. But since they won't be able to live the luxury life they have in Taiwan if they go back to China, they just stay in Taiwan to bitch and whine. D

Re:Taiwan China ...

[clickclickdrone]

I would say that nothing will happen until the Olympics are over..

During which the Taiwanese govt enter every member of the population who then briskly run thataway.

Re:Taiwan China ...

Dude, I have been married to a Taiwanese woman for not quite two years and I can definitely tell you that she does not say she is from China. She says she is from Taiwan. And so has every one of her relatives and friends that I have met.

Re:Taiwan China ...

[smitingpurpleemu]

There is no such thing as the Democratic People's Republic of China. It's the People's Republic of China. There's no need to misname China, it doesn't make you look insightful, it makes you look stupid. And why the parent post is modded informative is beyond me, when such a glaring error is made.

Re:Taiwan China ...

[overbaud]

I've set up my email server to run over IEEE 802.11i, its completely free of spam from China.

Re:Taiwan China ...

[chiao]

1861 to 1865 is 5 years. As far as I know, Taiwan was under Japanese rule for the first 50 years of the 20th century, and the current government in China, the Chinese Communist Party, has actually never set foot in Taiwan.

Re:Taiwan China ...

> Ask a person from Taiwan where they are from and they will say China

No, they'll say they're Chinese. And from Taiwan. If you start talking about PRC stuff, they'll probably tell you again that they're from Taiwan. "Taiwanese" is something an independence-minded fellow might say, but they certainly don't mentally blank out their home state.

Do you even know any Chinese people? I work with four, their political affiliation is largely "don't give a shit", and they all give the same answer. Except the one from Hong Kong, who says the same thing with Hong Kong instead of Taiwan.

Re:Taiwan China ...

The grandparent post was probably thinking PRC (Peoples Republic of China) as DPRC, but was really thinking DPRK (Democratic Peoples Republic of Korea, i.e. North Korea).

China has cheap broadband access

[JohnGrahamCumming]

One thing that surprised me in TFA was the claim that China has cheap broadband access. Perhaps I suffer from some cliched view of China, but it surprises me to hear that China has cheap broadband. Any knowledgeable person like to fill in the details? Here in France we have very cheap broadband, but doesn't seem like France is producing much zombie spam.
John.
Visit SpamOrHam and help in the fight

Re:China has cheap broadband access

[Telvin_3d]

Heh, these days, everywhere except North America has cheap broadband. All the other governments see it as an important investment.

Re:China has cheap broadband access

[Technician]

Here in France we have very cheap broadband, but doesn't seem like France is producing much zombie spam.


Read past the headline.. Look to the part where they mention ISP's are slow to disconnect. I imagine in France, most ISP's are quick to disconnect a bot spewing stuff.

Re:China has cheap broadband access

[layer3switch]

France
*Total Population: 60,876,136
*Internet Users: 26,214,174

China
*Total Population: 1,313,973,713
*Internet Users: 111,000,000

I think, that number speaks for itself.

*ref. from CIA World Fact Book

Re:China has cheap broadband access

I think, that number speaks for itself.

*ref. from CIA World Fact Book

It's a slam dunk. Oh wait...

Re:China has cheap broadband access

[layer3switch]

Is that why rest of the world pay so much for traditional voice line? Curious.

Re:China has cheap broadband access

[_merlin]

Australia doesn't have cheap broadband. It's a rip-off here, just like in the US of A.

Re:China has cheap broadband access

[upside]

Taiwan is one of the Asian Tigers, like South Korea. They are a multiparty democracy and have a standard of on par with Western Europe. Why are you surprised?

Re:China has cheap broadband access

[linj]

Broadband is cheap in concentrated city areas of China. Think about it. If you have most of your subscribers in one very small location, typically in business districts and high-rise condominiums (we're talking about the large cities such as Shanghai, Beijing, and if you want to include Hong Kong SAR), it's not hard to provide cheap broadband access.

Of course, the broadband here isn't that speedy for individual users. I'm typing this on (stolen) wifi access from an apartment in Shanghai and I can barely hit 100kBps, tops. Typically, accessing US sites is slow, with around 10kBps transfer rates. But e-mail isn't time-critical, so I'd assume that an always-on connection of any speed encourages spam as in this case.

Re:China has cheap broadband access

[Korin43]

Seems like if you're sending billions of spam emails, slow internet connections start to matter.

Re:China has cheap broadband access

[nihaopaul]

i currently live in china, computer repairs can be done for a fraction of the cost and piracy is so rampant that virus software exsists for us$0.50 same with the latest windows version.

not only that, on the servers on the chinese backbone, they are tested once a week by chinatelecom for openrelays and if found they are portblocked untill the owner does something, this can be a pain if you run a smtp node in a cluster who accepts mail for the domain and then sends out an failed email if the address doesn't exsist. i'm not sure if this is good or bad, all we need now is for them to take out the site harvesters.

Paul

Re:China has cheap broadband access

No spam from France? HAHHAHAHAAHAHAHAHAHAHAHAHAH

Right.

Since implementing a IP block on France, my spam has gone down. I dont need anything from France, ever, let alone spam from your yellow spined country. Quick, surrender, someone has a board with a nail it in.

Re:China has cheap broadband access

I don't think so. A large provider in France is called "wanadoo", and I get a lot of zombied spam via them.
They operate locally here as well, and are well known to do *nothing* about complaints.

Re:China has cheap broadband access

[weekendli]

Actaully It's really cheat comparing with uk. My parent get a 512 dsl connection for about 40usd/y.

Re:China has cheap broadband access

[kestasjk]

You could argue that Australia has a better excuse; a massive, empty country makes laying down telecom infrastructure a less fruitful investment, and we're in the middle of nowhere so we have to connect through other countries.
But yes, it's terribly expensive, and hopefully that'll change when the country gets upgraded with DSLAM.

Re:China has cheap broadband access

In the United States some frustrated folks of either left or right leaning political persuasion sometimes say, "if xxxxxx happens/wins/etc..., then I'm moving to Australia!"

What they don't seem to have observed is that Australia is one of the few places in the world that seems to be even nuttier than the U.S. All the ridiculous laws, entrenched interests, and piss-away-your-rights mentality of the US, but without the US Constitution's theoretical protections of basic rights. I think the only reason Australia hasn't gone around and f****d up the rest of the world like the US is that Australia literally doesn't have enough population and money to do it -- not because of any lack of desire. Australia might even be the source of some of the problems with the United States: Rupert Murdoch is Australian.

Australia would probably be a pretty good place for a lot of American right-wingers, but it seems like a pretty piss-poor place to plant yourself if you've had it up to here (gesturing above nose) with Bush, let alone protectionist telcos!

Re:China has cheap broadband access

[magores]

Re: Cheap broadband in China

I live in Beijing. I have DSL from CNC (China NetCom).

I pay 105RMB/month for unlimited hours on the net. Normal price is 120RMB, but I signed up during some promotion or another.

105RMB is cheap to me, and totally worth it. For many Chinese in rural areas, 100RMB is their TOTAL monthly wages, so it would be considered expensive by them.

For what it's worth, 1USD is about 8RMB, so I pay the equivalent of about $13USD per month for DSL in Beijing.

Oh, and btw... the DSL speed isn't that great. I had WAY faster back in the States. (I guess the NSA's computers sift through online traffic more efficiently than the PRC's do.)

Re:China has cheap broadband access

[kestasjk]

Examples?

I find Australia a better place to live than England (and I like England too). I'm satisfied/impressed with laws, taxes, police, employment, public services, culture, etc, etc. The only thing I'm not impressed with is internet access, but as I said I think we have a good excuse (and they're rolling out 24mbit at the moment too).

I don't know what you're referring to, or why you got modded up.

Re:China has cheap broadband access

[Neoprofin]

Usually they say Canada, because it's close and closer to the "Socialist paradise of freedom and equality for all" that they see Europe to be. The jokes on them though, I'm sure about 90% don't meet Canada's rather stringent(in comparison) immigration requirements.

I've done tests with HoneyBOT

[Spy+der+Mann]

http://www.atomicsoftwaresolutions.com/honeybot.ph p

With this software emulating an open SOCKS proxy, I've been able to detect several scans of port 1080, and then attempts to send e-mail to different servers around the world (i.e. Israel).

I don't remember if I got requests from Taiwan, but I did get them from South Korean IPs.

Re:I've done tests with HoneyBOT

[BrynM]

That's a cool project for a Windows honeypot. Thanks for the link. Outside of honeypots, I've been blanket filtering addresses from APNIC on my mail server for about a year now using some ideas I learned from this project (I filter at the mail request level rather than iptables). It's sad to filter an entire geographic region like that, but my users never talk to people from the Pacific Rim that I know of. My server (running XMail) is small, but my logs for the filtered emails constantly show the spam blocked exceeds the number of legit mails by a factor of four.

Since I started filtering, I've turned a couple of other admins onto the idea. I wonder if TW/KR will find themselves in some odd form of network segregation in the future as more people adopt the practice of filtering their IPs. That might push the authorities into a little more action.

Re:I've done tests with HoneyBOT

[TorKlingberg]

You mean you block one legit mail for every for spam mails?

Re:I've done tests with HoneyBOT

A factor of four means 10 000 to 1 (or one to ten thousands). A factor of three would be a thousand to one (or one to a thousand)

Re:I've done tests with HoneyBOT

[BrynM]

You mean you block one legit mail for every for spam mails?

After reading the AC who replied to you, it would be a factor of THREE that I meant then. Roughly anwhere from 500-1000 blocked APNIC SMTP connections per legit email on my bi-weekly log checks. A couple of my users used their accounts for sites like collegehumor.com, so they are basically spam honeypots without filtering. In fact, I use one of them that was abandoned by the user to feed spamassassin learning (it only has the APNIC filter and no other protection on that account)

Got my factors all fandangled - sorry!

Re:I've done tests with HoneyBOT

[jrumney]

It's sad to filter an entire geographic region like that, but my users never talk to people from the Pacific Rim that I know of.

You've made damn sure of that, haven't you. Personally, I have never encountered a company that did not need to communicate with someone on APNIC from time to time, but maybe you're a sysadmin for a small company that only deals with people in your own hick town.

Re:I've done tests with HoneyBOT

[mcbridematt]

That's a cool project for a Windows honeypot. Thanks for the link. Outside of honeypots, I've been blanket filtering addresses from APNIC

ALL of APNIC?

You do realize that includes us poor Aussies and New Zealanders too? (I assume since you mentioned Pacific Rim, yes)

Horray! We're part of the western world and considered careless already!

Has someone started a DNSBL to block those who use blocklists yet? Sure its useless, but it would be fun.

Re:I've done tests with HoneyBOT

[BrynM]

You've made damn sure of that, haven't you. Personally, I have never encountered a company that did not need to communicate with someone on APNIC from time to time, but maybe you're a sysadmin for a small company that only deals with people in your own hick town.

FYI: It's a privately owned (by me) server, so what I say goes. Regardless, I check the logs mainly to spot when/if my users ever trigger it by chance (hasn't happened once). Further, I can only think of two companies I have worked for that ever did anything that needed APNIC. Like I said, it saddens me to filter those IPs but the usage generated by those spams was quite a burden for spamassassin and my other services. I spent quite a while trying to decide whether it was a good idea or not.

and... If San Francisco is considered a hick town now, then the major cities must be huge! I never knew that hick towns could generate millions on tourism. You could have made your comment without putting your foot in your mouth. Thanks for the speculation on something you had absolutely no idea about - made for a good laugh (unfortunately at you, not with you).

Re:I've done tests with HoneyBOT

[BrynM]

ALL of APNIC? You do realize that includes us poor Aussies and New Zealanders too? (I assume since you mentioned Pacific Rim, yes)

I whitelist some countries through a conversion to IP number (see this for info). So far there are four entries (JP,AU,NZ and IN) in my whitelist. The rest are blanket filtered for now. Don't worry, I don't consider you careless - You replied because you care ;)

Re:I've done tests with HoneyBOT

[commanderfoxtrot]

Thanks for that link - very useful.

I keep getting POSTs from a web spammer in Malaysia- I've blocked several subnets but your country codes could help this.

The guy looks like he's still learning how to use Perl's LWP to post spam- as spammers go, he's not very good at it.

Re:Survey Says?

[NeuroManson]

More like follow the offshore bank accounts, Grand Cayman Islands, etc.

Hmm...

[blank89]

Instead of figuring out where most of the spam comes from, they should figure out which geographic location churns out the most humorous spam. It could be a world wide competition.

Re:Hmm...

I do not think that humorous spam exists. It's maybe just your pathetic attitude.

Dr. Ben Oguejiofor of the Nigerian Army

Re:Hmm...

[javachip]

Perhaps it's his apathetic attitude.

Re:Survey Says?

[Short+Circuit]

As for following the money...I let the SEC do that. About once a week, I get a spam message pushing one stock or another. I forward them to enforcement (at) sec.gov. The message gets looked over by a lawyer.

I don't know that it does anything about the spam, but hopefully whoever paid for the message gets paid back.

China sending spam

[VincenzoRomano]

China with only 3% of the servers who actually sends the spam.

I was pretty sure that there was no way for China spammers to send email outside their borders!
And they don't need to. With their billion+ population, one fifth of the world can be reached without passing the invisible borders!

Re:China sending spam

[Antique+Geekmeister]

But they're not a good market: while there are lots of them, the money to rip off is in the US economy, not the Chinese. So the spam is still targeted mainly at US victims.

Re:China sending spam

For those who have not been paying attention...
Taiwan is part of China...

Re:China sending spam

[VincenzoRomano]

Taiwan is part of China

This is really news! They surrended finally!

Overachievers

[Doc+Ruby]

Taiwan makes more than 66% of the notebooks on which we read that spam, so they're actually overperforming on the content:reader ratio. I wish they'd get more into eBooks.

Must not lose!

[Umbral+Blot]

Impossible! Go USA! Go USA! We can win the spam race!

Re:Must not lose!

[dwater]

Don't you mean, "Must not loose!"? You are from the USA, right?

Re:Must not lose!

[Umbral+Blot]

I was educated by foreigners. (just kidding)

Re:Must not lose!

[Tim+C]

Well, if it's any consolation, pretty much all the spam I get (~1000/day) is for products or services from American companies, so you're at least causing it to be generated, even if it's not actually originating from machines on US soil.

Re:Must not lose!

[IHC+Navistar]

"Mr. President, we cannot allow a Spam gap!"

Ya know, just about any line from Dr. Strangelove makes a great one-liner in IT.

-----

Sig Sauer

Re:Must not lose!

[kesuki]

wow you must be lucky, 95% of the spam i get are for pyramid schemes, nigerian scams etc... with a couple 'great loan' or 'hot women' etc...

Then again I did opt out of most of the legitimitate spammers lists so, if all I get are the scam artist spams that's probably why.

Re:Must not lose!

[anaesthetica]

We can win the spam race!

I think we should look at this from the military point of view. I mean, supposing the Taiwanese stashes away mass spam, see. When they spam us in a hundred years they could take over! In fact, they might even try an immediate spam attack so they could take over our spam zombies. I think it would be extremely naive of us to imagine that these new developments are going to cause any change in Taiwanese spammer expansionist policy. I mean, we must be increasingly on the alert to prevent them from taking over other spam zombies, in order to spam more prodigiously than we do, thus, knocking us out in superior numbers when we emerge! We must not allow... a spam zombie gap!

Re:Must not lose!

[spike+hay]

I'm not quite understanding "Must not loose!" Would it be bad for the USA to throw something?

[OT: Your sig]

"Shoes for industry! Shoes for the dead!"

"Hi. I'm Joe Beets. Say, what chance does a returning deceased war veteran have for good paying job, more sugar, and that free mule you always dreamed of? Well, think it over. Then take off your shoes. Now you can see how increased spending opportunities mean harder work for everyone, and more of it, too! So do your part today, Joe. Join with millions of your neighbors and turn in your shoes!"

"For INDUSTRY!"

(Happy motoring on the freeway which is all ready in progress.)

Re:Survey Says?

[Technician]

More like follow the offshore bank accounts, Grand Cayman Islands, etc.

I lived there. Internet access is expensive as it was a government protected monopoly. Check the rates. Cable and Wireless is the company. To visit, see www.candw.ky.

When they first put in internet, they got 2 satelite T1 links for the whole island. Little Cayman and Cayman Brac still did not have internet. They charged $0.25/minute for access on dial up.

Needless to say I didn't get internet until I returned to the states.

They have since gotten a Fiber Optic cable to Jamaca and they now offer DSL. They are running a promotion for $25/month for the first year. That is CI $ not USD. The price is close to US $30/month. Restrictions such as can't compete with the phone company by using VOIP is the norm.
The plan appears to be capped at 256K unless you upgrade to a faster plan. For example the 1024 plan is CI $74. The 512 plan is $59.

Cayman Islands is a nice place to go for diving and sun, but not for internet based business.

Re:Whats specific about Taiwan? -- Outsourcing!

[ahodgkinson]

So, what is so specific about Taiwan that causes this?
Availability of relatively cheaper computing power with good bandwidth?
Some legal stuff?
Availability of some skill set?

All of the above, and more. Taiwan is a great place to outsource technology intensive operations. Perhaps spammers have discovered this. In a nutshell, spamming is just another technology driven business.

Maybe it's so great that even China outsources their spam generation there too. Hence their low spam generation figures.

Re:Survey Says?

[Firehed]

You don't do the business itself from the Caymans, just your under-the-radar finances.

Hinet Lax Policies

[Spikeman56]

I believe the main issue is that broadband here is pretty much monopolized by Hinet. If you have a phone (landline), chances are you have a Hinet e-mail address. For some reason Hinet never, ever, authenticates their e-mail servers allowing them to be used from anywhere for any purpose. As a result a lot of companies (like AOL possibly) have just banned the whole entire Hinet domain, which often results in e-mails going outside of Taiwan never getting to their intended recipient. Hinet is a mess, I don't why they're so bloody awful at maintaining their servers responsibly, but its providing to be a huge problem both worldwide and for Taiwanese people themselves.

Re:Hinet Lax Policies

[jiawen]

I had Hinet as my ISP my entire time in Taiwan. Terrible, really terrible. There are other ISPs around, but they're even dodgier, and hey, Hinet is the government, so it's gotta be trustworthy, right?

Re:Hinet Lax Policies

[Myen]

Hinet is so bloody awful because there's no meaningful competition. IIRC, they own the out-of-country lines anyway (since they are the ISP arm of the national telecommunications company), and everyone else have to rent their lines.

... Doesn't help that, when I was there, the APOL (one of the cable companies) had a sucky line. Plug in the NAT box ("router"), nothing on the other end, and watch the lights blink from the various worms looking for a host.

Re:Hinet Lax Policies

[XSforMe]

...don't why they're so bloody awful at maintaining their servers responsibly
Makes you wonder how they manage to keep the "great firewall" running tightly and yet can not seem to be bothered to fix their own mail server.

Maybe it is all intentinally being done this way to discourage private information exchange through mail. By letting the rest of the world do the filtering, they can insure a controlled flowed, while coming up as good guys ("we are not censoring mail exchange").

Re:Hinet Lax Policies

Makes you wonder how they manage to keep the "great firewall" running tightly and yet can not seem to be bothered to fix their own mail server.

You're really showing your ignorance, trying to lambast Taiwan (ROC) using mainland China (PRC)'s "great firewall".

I don't really believe...

[Snipergrunge]

So, what about Russian, Ukranian, India spammers. I bet that each county sent at least 10% of spam letters.

CipherTrust? nothx.

[deepb]

CipherTrust operates a service called "Trusted Source" - it allows anybody to input an IP address, searching CipherTrust's DB to see if any spam has come from that IP recently. Aside from being generally useless, here are some of the funnier results:

http://www.trustedsource.org/query.php?q=255.0.0.0 255.0.0.0 - "Spam"
http://www.trustedsource.org/query.php?q=0.0.0.0 0.0.0.0 - "Spam"
http://www.trustedsource.org/query.php?q=224.0.0.1 224.0.0.1 - "Unverified"

Since they have most of my favorite subnet masks listed as a "Spam" source, I'm not sure that I trust any "research" that comes from these guys.. YMMV.

Re:Survey Says?

[Mr+Z]

Ok, I know you're trying to be clever with your "Content Restriction, Annulment and Protection" acronym, but it doesn't make any sense. Why not just "Consumer Rights Annulment Provision"? Much less ambiguous, and much more direct.

That said... Yes. The Cayman Islands and a couple other small nations serve as fiduciary havens, not infrastructure.

--Joe

You can easily fight with spammers.

[Snipergrunge]

By the way... Most spammers who sent you letters to visit their web pages want's you to click their Google adSense ads. So, help them! Keep clicking Google banner untill your arm get tired and guess what happened. Google will close their account in one second because Google systems will decide that advertiser trying to cheat. It is impossible to open account again! SPAMMER DEAD!

Re:You can easily fight with spammers.

[jamesh]

I don't know that i've ever seen such a spam... but that may be because my spam filtering does url scanning...

I'm sure they can find a way to open another google account, just like they will find another mail server to relay from.

Re:You can easily fight with spammers.

[Snipergrunge]

Not really, they can not open google account because information such as SSN, bank, adress etc requied!

well lets hope...

that china will try to take taiwan and that all the spam servers will be destroyed in the war that follows. //is it a bad sign that the confirmation image says battler?

Re:CipherTrust? nothx.

[someone1234]

If a mailer manages to supply those crippled IP's then the mail is definitely fake, and most likely spam (or virus). Don't confuse a legitimate subnet mask with a fake IP.

Re:Survey Says?

[ciscoguy01]

Let the SEC do it.

The SEC. Ha. A worthless three letter agency, if you ask me.
The SEC's lawyers wanted my help on stock tout junk faxes. I told them I had the information they wanted and I could get the rest and testify- but only if they were going to put the junk faxers out of business. They had no intention of doing anything. They are just going through the motions, drawing government salaries. I declined to help them.

Like the FCC, another worthless three letter agency.
They fined Fax.com $5.4 million for sending out junk faxes. The FCC's lawyers wanted my help too, if I had bothered with them the fine would have been $240 million. I have files full of those junk faxes.
The FCC did nothing whatsoever to collect. NOTHING
If you or I owed the government money I can assure you they would be collecting from us.

Where's Nigeria?

[RetroRichie]

Prince Desmond Okotiebor Etete himself MUST account for at least 10% of all spam...

Re:Survey Says?

[Korin43]

But if there was less spam, there wouldn't be anything for them to do!

Tie One On

[tiktok]

Somedays I almost wish that some of this Taiwanese spam showed up in a character set I could read so at least I could have a good laugh at it, or at least learn how they are trying to extract money from illicit private bank accounts!

"Dear Sir or Madam,

This email may to you as a surprise, but I am Mr. Chen Liao, son of former Taiwanese president Lin Liao, who was murdered by ninjas, and I need your help recovering $25 million Taiwanese Dollars..."

Re:Tie One On

[Pope]

Are you a bad enough dude to rescue the President?

It Makes Sense!!!

[Mysteerie]

That is why my spam has typos and leet speak in the subjects and email message, for example: buy cheap c1alis, /i@gra and other best pharmaceuticals =-= gghgtmn

Re:It Makes Sense!!!

[HaydnH]

Are you talking about the 24% from the US? =P

SPAM origins

[__aanonl8035]

I run my own mail server for my private email that I only use with friends.
Lately, I have been getting spam about stock investments, and I notice that
it was pretty consistent so I started investigating what was going on with
my server. I started marking down ip addresses of the offending servers
and blocking them if I felt they were not legitimate mail servers or if it
was from a country that I know I will not get email from on my personal email
account.

I have been blocking a new server every day for 2 months.

Here is the scarey part. I still get the same email spam every day, but
only once.

My hunch is telling me that the purveyor of this message is using some
sophisticated means of harnassing zombie machines to send messages, and is
only sending a few messages at a time so that automated blackhole lists
never catch on fast enough. (such as spamhaus)

I have noticed that these machines are almost always located in Asia,
Latin America, or Eastern Europe...

It got so bad, I just started block entire class A's from countries I know
I am not going to email to or from.

59
61
80
81
83
84
85
87
88
201
211
218
221
222

Re:SPAM origins

[pe1chl]

Welcome to the world of the spam victims. There is nothing, I repeat nothing, particular in the events that you report.

Spammers operate via hacked Windows PCs (zombies) distributed all over the world. So many that blocking them is not going to help you.
Spammers repeatedly send the same or similar thing, over time.

That is just the way they work.
Try SpamAssassin, it does quite a good job without having to do so much useless and manual work.

Re:SPAM origins

[the+packrat]

My hunch is telling me that the purveyor of this message is using some sophisticated means of harnassing zombie machines to send messages, and is only sending a few messages at a time so that automated blackhole lists never catch on fast enough. (such as spamhaus)

It's not a 'hunch'. I try to stop spam coming from a large devolved university network with a great number of varyingly maintained windows boxes and many different mail servers. A little over a year ago, spam zombie machines stopped flooding tens of thousands of messages an hour and started leaking out a handful every now and then. A few months later, the email-borne virus folks caught up.

It makes them a lot harder to spot.

For what it's worth, blacklists are effectively useless. Almost all spam now comes from poorly secured workstations and personal machines attached to ISPs and other organisations. All you're going to do with a blacklist is irritate organisations who have users with poorly configured machines. This includes practically everyone. The spammers are just going to move on to another part of their massive botnet, only legitimate email will be blocked.

Likewise, your blocking of entire class A-sized-blocks, particularly as with tight IP space, a lot of blocks are being broken up and moved round, is pretty pointless. Reminds me of a post some years ago by someone who claimed you could stop lots of spam for no loss by blocking mail from all TLDs other than .edu, .gov, .edu, and .net. Ho ho ho. B>

Re:SPAM origins

[__aanonl8035]

I want to emphasize that this is for my own personal email, (not a work or isp related mail server)

I do not think automated blacklists are useless. Spamhaus does a pretty good job of blocking known spammer ip addresses. Some of the old blacklists use to block on a class C (or higher) basis without regards to how the ips were broken down. Their philosophy was one of collateral damage will just cause the problem to get solved more quickly. I do not think it is a good philosophy myself, but as I stated, this is just a private server with a private email address for friends and family.

As I have been making my list, I have been keeping SpamAssassin in mind. One of my thoughts was that I could incorporate my list into the filter and give it different weights based off ip address. I know that they are breaking down ip addresses, but it was my understanding that they are still striving to keep blocks along country lines. Way back in the day, ip addresses were not assigned along country lines, but it was determined that routing could be done more efficiently if blocks were kept to certain regions. Perhaps with todays routers, they no longer strive for that? I would be interested in reading about that.

I think the really interesting thing about this botnet, is how it is primarily (99%) using foreign countries, Eastern Europe, China, and Latin America.

Re:SPAM origins

[__aanonl8035]

I should have mentioned that I am aware of SpamAssassin (though I think it is not coded very well)
and bayesian filters.

I was just commenting along the lines of the story, they seem to be using botnets, sending just
a few messages per machine, and concentrate on sending from foreign countries.

Re:SPAM origins

I think the really interesting thing about this botnet, is how it is primarily (99%) using foreign countries, Eastern Europe, China, and Latin America.

It's a big world. Even with a purely random distribution, the chances of a randomly-selected computer being in the USA would be pretty low.

Re:SPAM origins

[Haeleth]

It got so bad, I just started block entire class A's from countries I know
I am not going to email to or from.
[...]
81

I think you have a fundamental misunderstanding of the IP allocation system. Class A networks are not associated with single countries, but with registries. 81, for example, is one of the networks administered by the RIPE NCC; an IP address beginning with 81 could be located anywhere within Europe or the Middle East.

In fact, my very own IP address begins with 81. I live in Britain, which - as you may be aware - is not in "Asia,
Latin America, or Eastern Europe". It's a good thing I don't want to email you, isn't it?

Re:SPAM origins

[__aanonl8035]

Correct.
I was just generalizing.

But they do tend to stick close to one another.
81 being under RIPE, should be in Europe, which sad to say... I have no friends there.

Re:SPAM origins

[walt-sjc]

Actually, blacklists and blocking entire class A spaces still works QUITE well, and will continue to work well for a long time. 90% of my spam is blocked by blacklists before it even hits spamassassin. If I didn't blacklist and just ran everything through spamassassin, I'd need another 5 mail servers. Spamassassin is nice, but is a CPU pig. It is MUCH easier and more cost-effective to whitelist as needed for individual machines / domains / addresses inside a blacklisted zone.

Maybe you are bitter because you have been blacklisted...

Re:SPAM origins

[the+packrat]

Actually, blacklists and blocking entire class A spaces still works QUITE well, and will continue to work well for a long time. 90% of my spam is blocked by blacklists before it even hits spamassassin. If I didn't blacklist and just ran everything through spamassassin, I'd need another 5 mail servers. Spamassassin is nice, but is a CPU pig. It is MUCH easier and more cost-effective to whitelist as needed for individual machines / domains / addresses inside a blacklisted zone. Maybe you are bitter because you have been blacklisted...

It's easier and cheaper to do as you describe, but how much mail do you throw away incorrectly? The thing about blacklisting is that it's near impossible to work out when it's causing you errors.

You're right that I'm bitter. If you're trying to be a good 'net citizen by scanning for viruses etc on outgoing mail then all your mail from what can be an incredibly heterogenous network will tend to come from one of a small number of machines. Those machines are prime targets for inclusion in blacklists, particularly when your mail traffic levels are many tens or hundreds of thousands of messages per hour. Even more so because the blacklist providers have hairtrigger reactions and frequently blacklist servers merely because people who are automatically forwarding their mail to some other location then submit it as spam.

Blacklist providers are, frankly, dangerous cowboys. While a lot of the simpler solutions to spam work nicely for single people or very strict business monocultures, as soon as you deal with large numbers of users with very disparate usage patterns you find that the simple solutions just don't scale, and that other people's simple solutions cause you real angst.

Re:SPAM origins

[orkysoft]

I have noticed that these machines are almost always located in Asia,
Latin America, or Eastern Europe...

Coincidentally (or not so...) those are areas where many people can't afford to pay for software as well as hardware, and will be running pirated Windows versions, for which Microsoft does not supply patches.

Re:SPAM origins

[AaronW]

I was using blackholes.us as a RBL to block countries like China and Russia,
though sadly it looks like they shut down.

I did find a nice script to grab the IP blocks of various countries, though:

#!/usr/bin/perl
$ctry = shift || 'tw';
$_ = `wget -O - http://www.apnic.net/apnic-bin/ipv4-by-country.pl? country=$ctry`;
print join "\n", /([0-9\.]+\/[0-9]+)/g;

This will grab all the IP blocks of Taiwan.  Just use 'cn' or whatever.

Re:SPAM origins

[edunbar93]

Wow. That's a rather impressive body of work.

Of course, if you had bothered to google for "origins of spam", "stopping spam", or for that matter just went to spamhaus.org, you would have discovered inside of a half an hour's reading that they've been using that method for the past 5 years.

As for "somehow harnessing zombie machines" who the fuck do you think *makes* the viruses that build the botnets in the first place, hm?

Manually blocking one offending IP address at a time is an exercise in futility and is a boneheaded move that hasn't worked for about 10 years now. Even in the early primitive days of spamming, spammers would lose their internet accounts in a matter of hours, and re-subscribe with the same ISP or another one before the day was done. You may as well block e-mail based on the "From" line in the headers of the message.

Re:SPAM origins

[krray]

In fact, my very own IP address begins with 81. I live in Britain, which - as you may be aware - is not in "Asia, Latin America, or Eastern Europe". It's a good thing I don't want to email you, isn't it?

Haven't you been paying attention? WE'RE AMERICAN. We **SUCK** at geography. You're blocked.

Re:Survey Says?

[melonman]

Cayman Islands is a nice place to go for diving and sun, but not for internet based business.

Surely it depends rather a lot on what sort of Internet-based business we are talking about. Running a spam empire only means sending one relatively short bit of text once - the machines doing the spamming could be anywhere in the world, and, indeed, if I was planning a semi-legal or illegal business, I'd be keen to keep the servers as far away from me (both physically and in terms of hops and audit trails) as possible.

Time for a history lesson?

[l-ascorbic]

After WW2 and the end of the Japanese occupation, a civil war was fought between the Communists under Mao and the KMT under Chiang Kai-shek. The KMT were effectively defeated by 1949, and Chiang evacuated to Taiwan. For much of the Cold War, "Free China" (ROC) was the only government of China recognised by most states and international organisations. However, as part of the 'detente' in the 1970s, most countries switched their recognition to Communist China (PRC). The ROC is obviously a state in all but name, but the situation is maintained to avoid nuclear war. The PRC has said that if the ROC declares independence then they will invade, while the US has stated that it will defend Taiwan, and has meanwhile provided large amounts of military aid. So, basically, it's a mess.

Those numbers sound about right...

I would have expected the spam numbers from China to be larger, but then I remembered; the Chi-Com's are spending all their time trying to hack my server, not send Spam to it.

Spam solutions

[Antony-Kyre]

I'm not really sure how to deal with that, but let us focus as one method of spam. The method would be sending to a variety of e-mail addresses. Those kind of dictionary attacks or whatever they are killed. If e-mail providers were to make some dummy addresses which if hit, could block the e-mail server and/or IP address(es) for a given period of time, wouldn't that work?

(Fine, mod me down if you think this is off topic.)

Re:Spam solutions

[pe1chl]

Although there are some dictionary-like attacks, for example appending some characters to an existing address or subsitituting one or more characters by others, I think the vast majority of spammers just use existing addresses they get from spidering the web.
When an address appears somewhere on the web, especially in discussion forums, guestbooks, and foremost: IANA listings, it is guaranteed to receive spam.

I think the "dictionary attack" story is mostly folklore. When someone receives spam on a never-used never-published address they often cry "dictionary attack" without further research.

Of course, using spamtraps is a known technique. It may work a little, but there is not much you can block as there are so many addresses in use that blocking one is bringing you almost nothing.

Re:Spam solutions

[Antony-Kyre]

I guess the solution is education.

Websites, guestbooks, and forums shouldn't publically display e-mail addresses. Maybe showing them in a picture file, a graphic, would make it a bit more difficult and could be an okay compromise.

People shouldn't sign up for unwise things lest they use a safety e-mail address where junk can end up at. The creation of services, like paid to surf sites and other sites that promise rewards, can sucker people into signing up to only sell their lists to spammers.

Re:Spam solutions

[grogglefroth]

I've done this in the past. In 1997, I posted a single message containing only ":q" in the body to 19 (not 20!) newsgroups. Within a few hours, the first spam started rolling in. My smtp filter would automaticallly blacklist any sender+ip combo that sent mail to this bait address. This was very very effective for many years. A few years ago, I finally stopped using this method, as the use of using zombies made this practice no longer effective.

Greylisting is currently the most effective means I'm using right now for spam control; but I'm sure that'll change over the next few years too.

Re:Spam solutions

[Mr.+Freeman]

http://www.mailblocks.com/ does this, they set up a bunch of honeypot email addresses that capture spam. They use this data to block certain servers from sending email to any mailblocks customer (both free and paid members).

Re:Spam solutions

[myowntrueself]

Greylisting is currently the most effective means I'm using right now for spam control

When I enabled greylisting, over 90% of incoming email was greylisted and expired from the greylist; they never came back.

Then I looked at the logical structure of the ACLs (this is exim) and made a simple change; the first thing I now check is the HELO/EHLO syntax. If this fails, they are dropped immediately. The next thing is DNSBL checking, if they are on these then they are dropped.

Now 90% of hits on the greylist come back again later and get onto the whitelist.

There are still some greylist hits that get expired (ie never come back) and there is still some (tiny fraction) of mail that actually makes it as far as spamassassin itself.

Spamassassin and greylist are now producing hardly used at all.

Greylisting is great but it shouldn't be the first line of defence.

Re:Spam solutions

[Jussi+K.+Kojootti]

Websites, guestbooks, and forums shouldn't publically display e-mail addresses. Maybe showing them in a picture file, a graphic, would make it a bit more difficult and could be an okay compromise.

I don't think that's a real solution. First, it makes legitimate use more difficult (I guess soon someone starts to print e-mail addresses like captchas...). Second, all that 'security' is blown away when one of your acquaintances does something stupid (like installs a trojan that sends all addresses in his address book to spammers). Remember, just one mistake by one person is enough here.

Re:Spam solutions

[mcguire]

I have a catch-all address at my personal domain so I can create one-time addresses for each company I do business with. It's easy to see which addresses leak out that way. Three things I've found:

A surprising number of addresses are taken from private "we will never sell your information" lists (never published anywhere on the interweb). The companies I have contacted about this have always refused to believe that their email lists are involved; perhaps stolen by an ex-employee? I'm not sure.

Second, much of my "spam" (50%?) is actually bounces where my domain was used as the From: header in the email. Luckily this is easy to detect and delete automatically. (Procmail's ^FROM_MAILER contruct is quite nice.)

Third, by now most of the other half of my daily spam is to email addresses at my domain that I have NEVER used -- they're made up. I can only assume that some spammer is indeed trying all the common names at a domain in the hopes of getting through. Luckily procmail and SpamAssassin block all that, but I can guarantee to you that it's happening. If it's not a "dictionary attack", what would you call it?

Re:Spam solutions

[stu42j]

http://fut.patch.com/

Re:Spam solutions

[dotdevin]

Mailblocks got the shaft some time ago when they were purchased by AOL. It was a good service with a good team of developers that.

-D

Re:Spam solutions

[TheGratefulNet]

you're an idiot.

OF COURSE dictionary attacks happen. folklore? sheesh, get your head out of your ass!

get a gmail account. wait a day or two. see the extra stuff that is appended to your username and yet still delivered to you by gmail (I understand why, too - but that's beside the point).

I also ran smtp at home (dsl) for years and years. I finally gave up and now run my mail off another ISP. I can show you PAGES of mail logs where there were invalid usernames to my 'site' (which has only me as its single user).

I just can't believe you say with a straight face that D.A's are folklore.

(are you a senator or congressman or in the government at all? cause I can't think of any other reason for your cluelessness other than that).

Re:Spam solutions

[Blakey+Rat]

So grandma typos an email address by a single letter, and she's blocked from sending email to that server ever again? Wow, that's an asshole policy you thought up there.

Re:Spam solutions

[pe1chl]

I run several mailservers myself and I don't agree with you.
I don't see more "random" mail addresses that would look like a dictionary attack than I see misspellings of existing mail addresses by legitimate senders.
There are far less of those two than there are attempts by spammers to deliver mail to addresses that exist or have existed.
When dictionary attacks were real (and were a real problem), there should be far MORE attempts to deliver to nonexisting addresses, as it would take many attempts to "guess" an existing address, and any "dictionary attacker" would know that.

Re:Spam solutions

[pe1chl]

Second, much of my "spam" (50%?) is actually bounces where my domain was used as the From: header in the email.

Now *that* is a problem I recognize. I have this on one domain as well. It (probably) originates from complaints about spam ending up in the hands of the spammer, and your domain being put on a "joe job" list.

Indeed, in *this case*, random addresses at your domain will be used, and you may consider the bounces to be a dictionary spam attack.
However, they aren't. The destination address is still an address that existed before, it just has ceased to exist. And the software handling mail for the domain is seriously broken (usually it is Exchange with some virusscanning frontend) and sends "bounce" messages after it has initially accepted the mail.

I don't get much spam to addresses that are made up. Apparently your mileage may vary, maybe it depends on how you leaked your base address.

Re:Spam solutions

[Antony-Kyre]

You've obviously misread what I said. I said dummy e-mail addresses. The e-mail provider would have something like emailme29@domain and spamandban32@domain and so on. A bunch of stuff that a dictionary attacker would hit and get banned maybe for 2 weeks.

Re:Spam solutions

[Blakey+Rat]

What's the difference between a spam program trying to email to "happygurl1@domain.com" and grandma mis-typing "happygirl1@domain.com?"

Maybe what you think of as "dictionary attack" is different than what I'm thinking of... otherwise, I don't get how what you're saying is different than what I'm saying. When I think "dictionary attack" I think of a program randomly combining words to look for valid addresses.

Re:Spam solutions

[Antony-Kyre]

Less likely usernames would be used to catch the spam. Less likely usernames as in names people are less likely to use, but a dictionary attack would still hit. SpamMeAndDie21@domain would be one that people probably don't have.

Re:Survey Says?

Almost all the spam comes back to good old USA in one way or another.

Thats alway why I have South America, Africa and all of Asia, all blocks with iptables.

Cool so

we could cut 90% of the spam just by blocking Taiwan and the US from the internet.

Oh, crap.

misinformation

[lxt518052]

There isn't a country in this world called Democratic Peoples Republic of China. The 1.3 billion population live in a country called PRC(People's Republic of China).

ROC used to rule the whole China, mainland and Taiwan combined. They lost the civil war in 1949 and retreated to Taiwan. Neither PRC nor ROC see each other as a ligitimate government of China. At least both constitutions claim largely overlapping territories. It's a stalemale over half a century.

How people are so casual about the facts is beyond me.

Re:misinformation

[Zeebs]

How people are so casual about the facts is beyond me.
You should try it sometime it can be loads of fun.

Other then adding democratic to the name because as I mentioned above I am some form of monkey, I really didn't go into anything you said. Thanks for adding to the discussion, but I didn't cover any of the facts you're claiming I'm casual about.

Re:misinformation

[lxt518052]

You should try it sometime it can be loads of fun.

Will try it later.

...adding democratic to the name because as I mentioned above I am some form of monkey..

No problem, mate. Me too. :)

Thanks for adding to the discussion, but I didn't cover any of the facts you're claiming I'm casual about.

Agreed. That should've been another post. But, hey, I'm just too lazy to be a karma whore.

Seriously, by the last sentence of my previous post, I meant the moderators too. On Slashdot, it seems to be the norm that people don't check the facts when they post. Specifically, I was really annoyed by someone called himself "Darkman, Walkin Dude", who pretends I-know-it-all but turned out to be a fuckwit. If you check the thread below, you know what I mean. http://slashdot.org/comments.pl?sid=186932&thresho ld=1&commentsort=0&mode=thread&cid=15426830

Re:misinformation

[readin]

ROC used to rule the whole China, mainland and Taiwan combined. They lost the civil war in 1949 and retreated to Taiwan. Neither PRC nor ROC see each other as a ligitimate government of China.

Actually Taiwan does see China as the legitimate government of China, not of Taiwan. Taiwan's "official" position may say differently to avoid war with China, but Taiwan's publicly stated position is that they no longer consider themselves the rulers of China.

At least both constitutions claim largely overlapping territories. It's a stalemale over half a century.

The stalemate has been over for almost 20 years. The Chinese dictators who were ruling Taiwan have died and the country has become a thriving democracy with Taiwanese leaders who have no interest beyond trying to avoid an invasion and trying to persuade other countries to stop allowing China to pressure them into treating Taiwan like an outcast.

Taiwan is a sovereign independent nation with more people than Australia, but it can't get into the UN. And people wonder why Americans have so little respect for the UN.

I've seen this recently.

[Ivan+Matveitch]

They have taken to serving spam alongside the scorpions, rats and cats.

Re:CipherTrust? nothx.

[deepb]

"If a mailer manages to supply those crippled IPs" ... well that's the trick - a mailer can't supply those IPs because they're simply not valid public IPs. If one of CipherTrust's collection points is reporting traffic from any of those IPs I listed, they have a very obvious network configuration problem (or they're getting spoofed, which is 100% avoidable).

Regardless of what the actual cause is, this is the reason why I don't trust any network-realated research they publish.

Made in Taiwan

[Joebert]

Spam, Made In Taiwan ?
Why doesn't that supprise me ?

Re:Survey Says?

[HaydnH]

"Any wagers on USA being said location?"

From the article...

"Spammers themselves, of course, may be located somewhere completely different, such as Boca Raton, USA (for example)."

Any wagers on not RTFA as the cause of this comment??

China + China

[renrutal]

According to the Chinese gov, the correct news would state that they make 69% of the world's spam, USA 24%, and less than 7%, the other 200+ countries that import from them.

Well, even is one country is at 0.001%, I'd still bet they deliver billions of emails a day.

Re:China + China

[mlewan]

The article is not about senders of spam but of servers that control them. There is a huge difference.

Re:Survey Says?

[nettdata]

Except it's hardly ever the company itself that is doing the promotions... it's third-party people that target them and convince others, via spam, to invest in the company, which drives the prices up, which allows them to unload their own stock at a profit.

All while being 100% unrelated to the company.

Uh, Taiwan IS CHINA !!

Welcome to 1999 !! Taiwan is SPECIAL, but it's still CHINA !!

Re:Uh, Taiwan IS CHINA !!

[iamplasma]

Welcome to 1999 !! Taiwan is SPECIAL, but it's still CHINA !!

No, that's Hong Kong that became part of China. Taiwan is that island off the coast that the Communists never captured in the civil war. For various political reasons it is rarely referred to as being a different country, but for all practical purposes it's a totally seperate country.

Re:Uh, Taiwan IS CHINA !!

Welcome to 1999 !! Taiwan is SPECIAL, but it's still CHINA !!
Anything completely separated by a body of water or a country can be listed as 2 separate objects since it indicates location. The states, Alaska, and Hawaii are an example.
The Democratic Progressive Party got Chen in by just over 300,000 votes and he almost declared independence. Now he says he will only do it unless they come under military attack. That's not exactly 100% China owned and loyal.

- Uninformed American

Re:Survey Says?

Any wagers on USA being said location? Russia? Africa? Are there any statistics on where this crap is actually sent from? Follow the money instead of the mail headers? Question marks?

ALL of the spam I get is obviously aimed for american audiences and I live in europe. Wonder if having my email address end with .org is a contributing factor though.

Obvious question...

[Godwin+O'Hitler]

Is there a quick and easy way to block all e-mail transiting via a Taiwan server?
It's not as though I know (or envisage knowing) anybody in Taiwan.

Re:Obvious question...

For iptables, dropping all mailserver connections attempts it will be:

#wget http://blackholes.us/zones/country/taiwan.txt
#for IPRANGE in `cat taiwan.txt | awk '{print $2}'`; do iptables -I INPUT -s $IPRANGE -p TCP --dport 25 -j DROP; done

For Sendmail, add this to your sendmail.mc file, and re-create sendmail.cf with it:

FEATURE(`dnsbl', `taiwan.blackholes.us', `"E-mail from " $&{client_addr} " refused - Taiwan"')dnl

While at it, you might also want to consider adding China and Korea to the same list.

Another way to create awareness among chinese

[himanshuarora]

Send spam to Chinese people. These people should not be deprived of any knowledge about their government. For the first time spam could be used for good purpose.

How to block Taiwan?

[Yez70]

Ok, so how come all the spam blockers don't just block the entire Taiwanese IP range?

Anyone care to disclose the ranges? :)

Re:How to block Taiwan?

[Zemran]

Ok, so how come all the spam blockers don't just block the entire Taiwanese IP range?

and then,

US follows with 24%

all the servers block US mail and you have hardly any spam at all... Great idea Baldrick

Re:How to block Taiwan?

http://blackholes.us/zones/country/taiwan.txt

Ahh, good then.

[StarkRG]

Now our ISPs can block everything from said countries to eliminate spam once and for all...

You forgot the legal reality

[lxt518052]

The two political bodies still don't see each other legally representing China. Territories in both constitutions overlap, if not identical. The citizens cannot travel to the opposite area by passport like most countries do. They need special arrangement. PRC issues Taiwanese Citizen Certificates to citizens from ROC. ROC issues Entry to Taiwan Certificates. These are the only legal travel documents if either people want to enter the other side. Note, the travel document issued by ROC is not called Entry to ROC Certificate, because mainland is legally also part of ROC. Taiwan, by ROC's own definition, is just the name of a region, not a country.

Legally, the civil war in the 40s has not finished yet. Neither side of the war has been eliminated. No treaty or cease-fire agreement was signed. Both sides just prefer not to fight for now.

This situation is very complicated. Indeed, it's getting more complicated as more political powers want to get involved in it. I think the best way to resolve it is to leave it to the Chinese people of both sides to sit down and talk. Any open foreign involvement and provocation from the Taiwan Independence side will risk a full-blown war in the region.

Re:You forgot the legal reality

Absolutely right!

Unblock Them

[ObsessiveMathsFreak]

Were I you, I would simply unblock those addresses and let it all in. Use a bayesian spam filter, such as the one found in Thunderbird. I'm achieving enormous success rates with it and I'll be recommending it to all the lusers in my fold when the next upgrade cycle comes around.

Doesn't tally with my experience

[jazman]

They must be good at identifying USA email addresses then. The vast majority of spam I get is from the USA. But then I'm in the UK, so perhaps Taiwan doesn't spam me as much as they spam Americans. Hey, perhaps this is another form of terrorism, is Taiwan on the Axis Of Evil?

Re:Doesn't tally with my experience

[Denny]

They're talking about where the servers are physically located, which doesn't necessarily have anything to do with the (often fake) email address in the 'To:' field.

Re:Doesn't tally with my experience

[idonthack]

...is Taiwan on the Axis Of Evil?

No. Taiwan is the remnant of China's old democratic government.

Made in Taiwan...

[fahrbot-bot]

Everything else is made in either Taiwan or China, why not SPAM. All the US spammers probably outsource their spam to these countries to get their costs low enough Walmartize the product :-)

Re:Made in Taiwan...

[klang]

heh!

Designed in California, assembled in China.

Re:Survey Says?

[mgblst]

I don't think the article writer was insinuiting that all spammers are located in Boca Raton, USA.

I think in the early days of Spam, most spammers were from the USA, but I think that it is spread globally now.

On another note, what is the deal with so many internet scammers being located in Nigeria, or of Nigerian decent??

That's just broken Unicode

[Opportunist]

It's some strange Chinese letters that should actually give you good fortune and a cookie and whatnot. It just so happens to display that crap in our alphabet.

Why not block the whole country?

[UncleMantis]

If most of the spam is coming from this Taiwan then why not add the whole block to a spam black list? I for one never go to any sites that are being served from Taiwan and I don't have any friends their either so if one could OPT-In for country sized spam filtration I am one for the idea. Maybe a combonation of keywords and Geo2IP or something. At least we now know where all the junk is coming from!

Genius born every minute

Gee, you're smart.

I'm going to photocopy your tip and mail it anonymously to my business competitors, so when they try it, not only will google blacklist the ad account of the website, but they'll also permanently blacklist the subnet of the offending clicker, and any related ad accounts related to the ip of where the offending clicker logs in from. What an idea!

Also, after more than a half dozen years of my filtering spam and never having followed a spam link to a website, it appears you have the higher mental skill set to actually follow the spam links, letting the spammer know your email account is functional and worth spamming. Thanks for taking the flack for the rest of us.

One thing I've noticed is that the spammers themselves must be incredibly afraid of the power the SEC has to put them out of business. If the SEC puts the power they have to go after insider trader violators (and believe me, the laws they have to prosecute them are incredibly effective at "turning" violators and getting them to implicate others), and put that power to work going after spammers, they could lock them up for tens of years each and very quickly. Take a look at every OTC and pink sheet stock scam spam you get. At the bottom, they include the SEC safe harbor language that exempts them from prosecution for promoting stocks without a broker license, among other safe harbor exemption language. So to understand this, you realize that the spammers have no fear of getting caught sending porn spam without the "SEXUALLY EXPLICIT" notice in the subject line of the spam, they have no fear of going to jail for pushing fake or real Viagra or international internet narcotics sales (not legal in any way shape or form in the US no matter what, not even intra-pharmacy), they have no fear of the departments of state or state attorneys general for selling fake diplomas, they have no fear of state banking departments, departments of state, or state attorneys general for soliciting for mortgages without being licensed mortgage brokers in every state they advertise in, they have no fear of local, state, or federal prosecution for fraud for deceptively low interest rates quoted in their spam, fear of other fraud prosecution for their other fraud scams, yet they are so afraid of the SEC laws that they are sure to include safe harbor language in every spam they send.

I think the easiest thing the feds can do to prosecute the spammers is to remove the safe harbor shield for spam promoting public traded companies if the spam hides the originating server, hides the return email address, forges headers, doesn't provide a street address, full legal name, full phone number and any related license number in every spam body, or if they misspell any part of the safe harbor language, or improperly use caps. This would enable the SEC (and other federal enforcement agencies) to use federal laws related to stocks for prosecution of the spammers, which bring long term jail sentences, and would also enable mail server administrators to block spam which does use the safe harbor language effectively without worrying about the spammers dodging their way around the filters by misusing caps, by words intentionally, etc.

Re:CipherTrust? nothx.

[Tony+Hoyle]

They're probably trusting the received lines...

Of course only the one added by your server is trustable - the others can be anything the spammer wants them to be - including perfectly legitimate IP addresses.

Re:Survey Says?

[jabuzz]

I don't think so. Most of my spam is also aimed at a north American audience and my email address ends in .uk Mostly it is Viagra or similar, which would be illegal to ship to the U.K. Combined with stock manipulation stuff which is flat out illegal anyway, but pointless sending to someone in the United Kingdom when the stock they are trying to manipulate is in the U.S.A.

If all this was removed my spam volume would be less than a quarter of it's current volume. If all the other foreign language spam was removed (I ask what is the point of sending say spam in Hebrew or Chinese or Korean to a .uk address!!!) all that would be left would be phishing and AFF, at less than a tenth of the current volume.

Re:Survey Says?

[Antimatter3009]

I remember the good old days of 50 hours for $50 on 56k. Ah, gotta love Cayman ;)

Re:Survey Says?

I used to forward spam to enforcement@sec.gov or whatever the email address was. My spam forwarding is semi-automatic. I still have to review every forwarded spam, but I don't have to mark the email as spam, set up the forwarding, or take any other actions. My mail client is KMail, and I've set up filters for spam. I'm on a lot of tech mailing lists, so I get a couple hundred spam messages a day sometimes, sometimes just a few dozen. My isp uses Spamassassin, and rewrites every incoming email header with spamassassin scores. He (my isp) bounces some spam automatically that score really high (over 15 or 20 maybe), but I've found virtually no false positives for scores 5 or above and sometimes less. So I've set up my filters to mark all incoming mail as spam if it has a score of 5 or above, any with a score of 4-4.9 as another filter, any with a score of 3-3.9 as another filter. The lower score filters are at the bottom of my filter list. The one with 5 or above is near the top. In between are key word filters for mortgage spam, stock spam, drug spam, diploma spam, and other spam. If they find enough of the keywords, the mail is also marked as spam. Due to the tactic of misspelling the spammers use, I have enough keyword filters to catch nearly every spam. The spam has to get by every filter, starting with the spamassassin score filters, the keyword filters, and other filters.

If the mail is flagged as spam, it is automatically tagged as spam, moved to a spam folder, a copy is set up to be forwarded to the ftc (spam@uce.gov is the current address, the UCE@ftc.gov is no longer working), if it is software spam, carbon copies of the forwarded spam are sent to piracy@microsoft.com, piracy@adobe.com, tip@macromedia.com, and personal inboxes at the BSA since they don't have an email address for reporting spam, they only have a form to fill out on their web site which I don't have the time for.

If the spam involves diploma mills or mortgages, the Department of State regulates and licenses mortgage brokers and schools in my state, so they get a cc of the spam that goes to the ftc.

After fiddling with the spam filters, rearranging them so they work very well, getting them to avoid false positives yet also getting them to move mailing list mail to the proper subfolders, I'm quite happy with the way its working. I only have to review my outbox to make sure all forwarded spam is really spam (and not automated responses from Microsoft answering about previously forwarded spam for example), and the spam is going to the proper addressees, then my only step is to send all the mail sitting in the outbox.

The FTC has stated during the last couple of prosecutions of spammers that they did use spam forwarded to them for their investigations prior to prosecution or settlement. I have no power over whether they prosecute or settle, but I suspect that the reason they changed the email address for receiving email has something to do with not wanting to receive any more forwarded spam for their current cases, and wanting to start over fresh for new cases with the new spam forwarding address. The changeover to the new address seemed to coincide with their announcements not too long ago about current spam cases they were about to prosecute or had just settled.

And whether the spam address or forwarding spam to the FTC actually works or not, I get some satisfaction whenever I forward spam soliciting software to the BSA, to Microsoft, to Adobe, to Macromedia, or for diplomas and mortgage spam, to the departments of state for my state. The departments of state are notorious in my state for being pitbulls when it comes to violations related to fake accreditation for schools, or for violations related to banking and mortgage laws for individuals and companies soliciting mortgages in the state, especially if doing so without a license or being deceptive about it. And any software reporting is also great because it will help drive more people to FOSS when they figure out they can't pay real

What kind of a moron buy stock from spam?

[crovira]

First, you have to be set up to even buy stock (not every Tom Dick or Harry is tied to a stock exchange or is equipped to be a day trader) then you have to be stupid enough to fall for the pump & dump scheme.

The rate of return must be damn near nil.

I say give up the fight against spammers and go after the clients instead.

Follow the money.

If somebody's supposed to benefit from this, let them pay $0.32USD per email that's sent.

Otherwise, I'm going to spam myself to promote my podcast.

Re:What kind of a moron buy stock from spam?

[x2A]

"Otherwise, I'm going to spam myself to promote my podcast"

That's well considerate! Forget spamming everyone else, just spam yourself! Get the feeling of sending loads of emails, without annoying anyone. Question is, would you also bother setting up your spam filter to block your emails?

Re:What kind of a moron buy stock from spam?

[nettdata]

Huh? It doesn't take much to be able to buy stock online... hell, my MOTHER can do it with her online banking.

And who the hell would buy ANYTHING from spam? Oh yeah... lots of idiots. Same goes for Nigerian scams, etc.

It's just a different product, with next to no money trail because you're only benefitting from the idiots pushing the price up.

And as to the stock scam, just what money do you follow? People are making legit purchases, of a legit stock. The only bitch is that someone OTHER than the company is marketing it to push the price up so that they can sell at a profit.

wall of china

[chrisranjana.com]

What with the great (fire)wall of china it is suprising that 3% spam actually goes through !

Re:Survey Says?

[Cat_Byte]

I ask what is the point of sending say spam in Hebrew or Chinese or Korean to a .uk address!!!

No kidding. I still wonder why I get so many Russian 'Learn to read english' spams in the U.S. I need a class just to read this Russian spam.

Re:Survey Says?

[Frosty+Piss]

As for following the money...I let the SEC do that. About once a week, I get a spam message pushing one stock or another. I forward them to enforcement (at) sec.gov. The message gets looked over by a lawyer.

Do you really think so? I bet it ends up in a gient queue for a quick automated "than you, and good bye".

I'm going to send some spam myself. TWIT

[crovira]

Actually, I've just realized that I don't know (apart from in the theoretical sense,) how its done or even how to get in touch with the kind of creature who does it.

Strikes me as a very closed off world. (Probably because of all the death threats. :-)

Actually, the spamming (as opposed to the spammers) are highly vulnerable.

It would be easy to shut them down and/or fine them ($1.00 per email message) and have the various postal services collaborate to sue them into oblivion for mail fraud.

I don't imagine you'd find much political opposition to a source of free revenue. Somebody spams, the postal service in the country of origin collects the fines.

That would take care of the problem. Attempt to steal from me, you're an idiot. Steal from some tin-pot dictator in the process, you're mulch.

Re:I'm going to send some spam myself. TWIT

"Actually, I've just realized that I don't know (apart from in the theoretical sense,) how its done or even how to get in touch with the kind of creature who does it."

A lot of the bigger / more professional spammers will have custom apps written to suit their needs, usually something scalable across multiple servers. The current expectation (last I heard) was about 1 million messages per minute per machine.

Most of the smaller ops (people in their basement trying to make a few extra dollars) probably just use darkmailer or something.

Re:Survey Says?

good near-realtime stats at http://rss.uribl.com/

Any DNS lists for Taiwan?

[yuna49]

I've used cn-kr.blackholes.us with SpamAssassin to give extra points to messages originating in China and South Korea. Obviously it would make sense to do the same for Taiwan. However a query for tw.blackholes.us returns NXDOMAIN. I've also looked at countries.nerd.dk for a solution to this, but didn't see an obvious answer. Is anyone out there using a DNSBL to identify IPs in Taiwan? If so, what are you using?

Re:Any DNS lists for Taiwan?

They might be considering Taiwan and China a single entity.

It all makes sense now!

[KefkaTheMad]

It's true! My fiance is from Taiwan, and she's always telling me that I need to 1NCREA5E MY P3RF0R|\/|ANCE 1N BEDD!!!!!

War on... Spam?

[Crazyscottie]

I say we just nuke Taiwan. It's a small place, right? We must make sacrifices for the greater good...

Re:Survey Says?

[Pope]

So, you're trying to say that every single person living in the United Kingdom speaks and reads ONLY the Queen's English? Rather naive of you, don't you think?

Re:CipherTrust? nothx.

[fmoliveira]

The site identified correctly that addresses, you made a lame interpretation that it received bogus info, without reading nothing that was presented at the screen: "Broadcast addresses These addresses cannot (should not) be routed on the Internet." And "The IP is part of a reserved netblock and should not be sending any emails." And "First seen: Never"

Re:Survey Says?

[XSforMe]

Rokso keeps track of the major spammers. Most of them reside in the US, though they typically offshore their servers to other countries.

No kiddin...

[LilGuy]

I'd have to agree with that as I blocked a couple /16s this morning that were spamming the hell out of a client. Knocked out a couple /12s from Korea as well. Annoying bastards...

Re:Survey Says?

I, for one, do not consider Boca Raton to be part of the USA.

The Solution

[rawg]

Stop using email. I'm almost ready to just turn off all my email accounts. RSS feeds, IMs, VoIP, and the telephone work much better anyway.

Re:The Solution

[gr8dude]

RSS feeds are a one-way communication method. What if you want to contact THEM?

IM? hah, are you telling me you've never received spam via ICQ & co? This is a common phenomenon; the difference is that most IM clients allow you to "receive messages only from people in my list" and silently ignore all the other requests.

Re:Survey Says?

[nacturation]

As someone else pointed out, the reason it's called an offshore banking account is because they don't live there.

Re:Survey Says?

[ColdWetDog]

The message gets looked over by a lawyer.

"Ping - you have mail"

Lawyer - "Damn, more spam", *Delete*

Shh

[LuminaireX]

Shhh. Don't tell China - they might invade

I used to support TW's independance...

[RecycledElectrons]

I used to support TW's independance, but after reading this, I no longer support them. The deaths of a few million in slave labor camps is a small price to pay to stop SPAM.

Andy Out!

Re:CipherTrust? nothx.

[deepb]

I just checked again and the site says "Reputation: Spam" for those IP addresses. I didn't make a 'lame interpretation'; that's exactly what I stated and that's exactly what's listed on the site.

Re:Survey Says?

He just did. Where do you think that came from?

Re:Survey Says?

oh - nothing to do with it being off shore then?

Oh, that's right ... I remember from when I lived in the US. 'Overseas' means anywhere not in the USA. IIRC, Mexico was considered overseas.

Re:CipherTrust? nothx.

From the FAQ (http://trustedsource.org/faq.php):

Spam: The IP address has either been used to send spam or should not send any e-mail messages in general.

Read, then complain.

Re:Survey Says?

[ciscoguy01]

Actually, today I wouldn't count on that. That used to be true.
My research indicates that the largest junk faxers faxing stock touts are actually the company involved or closely related, in at least some cases.
The pink OTCBB stocks are not well regulated, so what those companies apparently do is just issue more stock to cover whatever is sold. It's fake.
They apparently make millions doing it, or at least thousands.
One player is reportedly named Tom Heysek. Google that name and you can read all about it. http://www.junkfax.org/fax/profiles/wsp/wsp.htm

Re:Survey Says?

[nettdata]

"in at least some cases"

Sure, I'm not saying that some of them aren't doing their own marketing... but how do you even BEGIN to think about policing that? Or determining when they are or aren't involved?

The ROI just isn't there... too much work, too many unknowns, and too little gain to be had to justify the effort, IMO.

Think, then post.

[deepb]

Read, then complain.

I'm well aware that my subnet mask is not a major source of spam. You seem to be missing the point - Trusted Source is obviously using an algorithm that does not sample actual network traffic to calculate IP reputation. For that reason, I don't trust statistical information coming from CipherTrust -- especially when they publish some conclusion that would have required sampling of actual network traffic to prove.

That's a fantastic FAQ entry, but instead of redefining the word 'spam' (and consequently triggering the need for clarification in their FAQ), they could have just used more appropriate wording. Again, very sloppy- which is a reflection of what goes on behind the scenes.

For an example of how to do this right, go take a look at 'Senderbase'. They make no such assumptions about the intent of an IP; they simply provide you with the undisputed facts about the IP (network info, netblock owner, other networks owned by the same person, etc), plus the outbound email volume over the past day/week/month. I've been checking IPs there for years - whatever methodology they have in place for sampling network traffic, I can say from experience that it is consistent and accurate. Their website gives me a headache, but it's a small price to pay for a true peek into the looking glass.

Those who defend Trusted Source are either CipherTrust employees or have never used Senderbase.. and since I'm replying to an AC, my guess is the former.

FYI: Email postmasters, please block 70.252.29.129

[iamcf13]

FYI: Email postmasters, please block 70.252.29.129 (adsl-70-252-29-129.dsl.austtx.swbell.net)

The computer at that IP address has been compromised and is spewing 'bozo spam'. I got 3 of them recently for some kind of weightloss product.

[Victim email addresses have been sanitized -- except mine :) Had to get rid of the 'angle brackets' as well -- the HTML entities for them don't seem to work anymore when posting a message here.... :( ]

+OK 1084 octets
Return-Path: spamvic@rezwanul.every1.net
Received: from rezwanul.every1.net (adsl-70-252-29-129.dsl.austtx.swbell.net [70.252.29.129])
by mx2.hotpop.com (Postfix) with SMTP
id E7DF2343611D; Mon, 19 Jun 2006 19:54:58 +0000 (UTC)
Message-ID: 5A98D872.B32E785@rezwanul.every1.net
Date: Tue, 20 Jun 2006 06:42:23 +1000
From: "Francisco" spamvic@rezwanul.every1.net
User-Agent: QUALCOMM Windows Eudora Version 5.1
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Dee" spamvic@hotpop.com
Cc: spamvic2@hotpop.com, iamcf13@hotpop.com, spamvic3@hotpop.com,
spamvic4@hotpop.com, spamvic5@hotpop.com, spamvic6@hotpop.com
Subject: (CF13-SMTP [SpamByte=000:]) everything ok
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-HotPOP-Delivered-To: iamcf13@hotpop.com
X-MTA: CF13-SMTP(TM) / CF13-POP3(TM) http://www.cf13.com/
X-CF13-SMTP-ID-Message: 20060620152600.CF13-POP3@254.168.168.192.in-addr.a rpa

You still looking the idea of getting into shape?

I so want to be, that's why i'm so surprised i stumbled upon .

I sincerely apologise for being so late with this info but it is worth it.

than of did learns that earlier sand in was investigations

Through the on somewhat careful

.

[Slashdot trollfilter bypass - ignore]
Important Stuff Important Stuff Important Stuff
Please try to keep posts on topic. Important Stuff
Try to reply to other people's comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said. Important Stuff
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Important Stuff

+OK 1140 octets
Return-Path: spamvic@ratplanet.every1.net
Received: from ratplanet.every1.net (adsl-70-252-29-129.dsl.austtx.swbell.net [70.252.29.129])
by mx2.hotpop.com (Postfix) with SMTP
id C483535712D4; Tue, 20 Jun 2006 17:29:36 +0000 (UTC)
Message-ID: 360801c694ef$a5904d30$4765564b@jarred
Reply-To: "Kennith" spamvic@ratplanet.every1.net
From: "Kennith" spamvic@ratplanet.every1.net
To: "Kesimir" spamvic@hotpop.com
Cc: spamvic2@hotpop.com, spamvic3@hotpop.com, iamcf13@hotpop.com,
spamvic4@hotpop.com
Subject: (CF13-SMTP [SpamByte=000:]) Time is now
Date: Wed, 21 Jun 2006 05:00:42 +1100
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-HotPOP-Delivered-To: iamcf13@hotpop.com
X-MTA: CF13-SMTP(TM) / CF13-POP3(TM) http://www.cf13.com/
X-CF13-SMTP-ID-Message: 20060620152835.CF13-POP3@254.168.168.192.in-addr.a rpa

It's been yrs since we have talked. I'm sorry I've been so spaced out.

I've been on this program that has been helping me get back into shape.

You should glance at . right learned Most to we of e