Slashdot Mirror

← Back to Stories (view on slashdot.org)

US and China Top List of Spam-Relaying Countries

Posted by Zonk on from the don't-forget-the-eggs dept.

jcatcw writes "On Thursday Sophos released a new set of global statistics pointing out the biggest spam relaying countries in the world. Toping the list between April and June of this year were the US and China. 'Sophos senior security consultant Carole Theriault said that while the U.S. remains the top spam dog, there results show an urgent need for countries to join together and take global action. "Once a machine is compromised, it is often used to send out spam for a variety of campaigns," she said. "In a matter of seconds, we can see compromised systems send messages on a dozen different topics from stock scams to diet drugs." Paul Ducklin, Sophos Asia Pacific head of technology, said that spammers are ready to "borrow" any computer illegally to send e-mail regardless of the location.'"

15 of 92 comments (clear)

  1. Great Firewall needs Reconfigured. by Gabrill · · Score: 3, Insightful

    Too bad that "Great Firewall" doesn't work both ways. Shame, really.

    --
    Always going forward, 'cause we can't find reverse.
  2. Europe getting in on the action too by antifoidulus · · Score: 3, Informative

    If you want to count the EU as one country(which the EU seems to want to do for things that benefit it, but seem wont to do when the statistics are less than flattering) Europe reigns supreme:

    Europe now has six entries in the Dirty Dozen, which when combined, account for even more spam-relaying than the U.S.

    --
    Monstar L
    1. Re:Europe getting in on the action too by Tim+C · · Score: 2, Insightful

      You do realise that the report was released by Sophos, don't you? This isn't a governmental thing, so trying to make it sound like the EU is trying to paint itself in a better light isn't really a valid point this time.

      (Incidentally, Sophos is a British company, and we Brits are generally somewhat Eurosceptic; it's not at all surprising to see them not consider the EU as a whole. Mind you, the whole "not being a single country" thing might have something to do with it too...)

      --
      It's official. Most of you are morons.
    2. Re:Europe getting in on the action too by El_Muerte_TDS · · Score: 2, Informative

      EU is not Europe
      Just like the USA is not America

      (but that doesn't change the fact that there are 5 EU countries in that list totaling to 17.9%, less than the USA)

  3. Whoa by Anonymous Coward · · Score: 3, Funny

    But you don't understand. In America, we're free to send spam. In China, they send spam because their government is evil.

  4. In other words ... by ScrewMaster · · Score: 4, Insightful

    the countries with the most bandwidth available to the general population, and which also have the greatest number of Windows installations and open mail relays, also produce the most spam. Hardly a surprising conclusion.

    --
    The higher the technology, the sharper that two-edged sword.
  5. Yay! We're still #1 at something!!! by Anonymous Coward · · Score: 2, Funny

    Yeah! We're still #1 in SPAM relaying!

    How do we rank in:

    1. freedom of press
    2. quality of journalism (ratio of quantifiable facts vs propaganda)
    3. K-12 education
    4. healthcare and life expectancy
    5. government oversight and accountability
    6. nonfiction national security (e.g., preventing unauthorized access across our borders)

    Any ideas?

  6. Those statistics are EXTREMELY misleading by tempestdata · · Score: 5, Insightful

    As a mail provider I wouldn't be surprised that the US and china were the source of a significant chunk of spam. They (the US especially) have a LOT of email users. What I'm interested is the ratio of good email to spam email. For instance, if the US makes up for 90% of all email sent, then is it really that bad if it makes up 25% of the world's spam? On the other hand Mexico may make up 1% of the world's email, but 90% of the email coming from there could be spam.

    The volume of spam should be taking in the context of the usage of email. The RATIO of legit emails to spam is a better indicator of where the spammers are coming from than volume alone

    --
    - Tempestdata
  7. Our efforts seem to be paying off by aszaidi · · Score: 4, Informative

    I'm glad to see no mention of Pakistan in there. It used to be one of the biggest sources of spam until recently. I work for a large ISP here and we take spam seriously. We recently started blocking all outbound emails from customers, restricting them to our state-of-the-art (Linux + Exim + SA etc.) servers. Even now, a single Spamcop report can have offending customer's email completely blocked. Corporate user or no corporate user.

    The bigger task is getting all the other ISPs in the country to agree to implement this instead of bending over backwards to please their customers and allow them to broadcast whatever their virus-infected PCs can conjure. The major technical players have formed a network-admins group which discusses such topics and so far, the response has been quite positive.

    It will likely take a while before these types of policies are enforced in countries which are only just starting to get online.

  8. Re:Since spam relays have shifted from servers.... by ptbarnett · · Score: 3, Informative
    And the solution to zombies on broadband is really simple.

    Blocking port 25 outbound is a strategic nuclear strike, where all that is needed is a carpenter's hammer.

    However, I wouldn't be opposed to it as long as:

    • Applying for an exemption is as simple as filling out a online form, without talking to someone in an India call center and explaining why I want it done.

    • Third-party mail servers universally implement port 587 (the Mail Submission Agent port), while requiring username/password authentication.
  9. Instead of Top Overall by Nom+du+Keyboard · · Score: 3, Interesting

    Instead of just giving a top overall count of who's sending spam, how about a figure weighted by how many connected computers are in the country overall? If China sends a bit less than the USA, but the USA has 10X as many broadband connected computers, then Chinese computers are far more vulnerable to this sort of activity, and focus preventative measures there to mitigate the problem. Under those circumstances, the USA problem might be dealt with in a different way than the Chinese problem, but without this curcial information, who knows?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  10. Not that simple by Anonymous Coward · · Score: 2, Interesting

    Maybe I could brag here a bit...

    I live in Finland. It's not on the list. That's hardly surprising because our population of 5 million would have hard time relaying enough spam to make it there even if we tried it. However...

    The broadband penetration here is around 60%, which is in the top20 or maybe top10 in the world. The exact figure is rather irrelevant. Let's just say that it's within a few percent compared to the other top countries. Now, look at the zoomed map.

    http://www.sophos.com/images/common/misc/zombie-ea rth.png

    If you can find Finland, you'll notice that there's exactly one single dot on the whole map. That's Helsinki region and its about one million inhabitants. One dot there, nothing elsewhere. Compare that to - say, Portugal. It has ten million people and it's riddled with dots. Sweden has 8 million people and plenty of dots. Even taking the population into account, you could say this broadband-heavy country is practically clean of spam machines. How's that possible?

    Two words: responsible ISPs. If they spot a private machine spouting 5000 e-mails every minute, they kick you out and ask you to fix your machine. Often they even provide the necessary software. Try another ISP and it will happen again. We don't want to contribute to the spam problem. At some point your tubes will be cut. Period. Also, there are quite strong laws against spamming. Definitely nothing like the US you-can-spam act but a true ban on unsolicited e-mail marketing. Therefore domestic spam is nearly inexistent too.

    This is not a perfect country. No need to get into a mudflinging contest, OK? I'm just using us as an example against the assumption that broadband penetration == lots of spam relays. There is something you can do if you really want. To get on the list, there must be ISPs who are willing to turn a blind eye. We don't.

    No, I don't feel my freedom of privacy violated a slightest bit if they monitor my e-mail amounts. Tunnelling and encryption are perfectly legal here. And the ISPs hardly care about the content of my actual e-mails. Keep on killing the zombies. You have my full support.

  11. Re:Since spam relays have shifted from servers.... by nacturation · · Score: 2, Insightful

    I think at this point, a nuclear strike is what's required. If people want to run their own SMTP servers, they can apply for permission to do so. Otherwise, whitelist individual SMTP servers as you suggest, or use your ISP's servers where spam checking can be centralized.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  12. Re:Here's What I Don't Get About China by eck011219 · · Score: 2, Interesting

    Actually, why would they? China has proven itself to be quite pragmatically self-serving when it comes to money, and if more people are making money in China (above board or below), that's more money going into the general pot through purchasing power. So even if there are spammers in China reaping the rewards of an outgoing-only setup to bilk consumers, they're still spending more than other citizens on groceries, cars, homes, electronics, and so on. Just a guess, though -- I'm certainly no sociologist or economist.

    --
    It is pitch black. You are likely to be eaten by a grue.
  13. Why would an ISP do it? by hadaso · · Score: 2, Interesting

    If all ISPs block port 25 then botnet operators would program their zombies to use whatever email settings are there on the PC and send through the ISP's relay. As long asa few ISPs block port 25 sending directly is a better strategy for spammers. When the percentage of networks blocking port 25 would get higher than some threshold sending through the ISP servers with whatever filtering it has would become a better option for the spammer and the spammer would switch. This would be much more problematic for ISPs: dealing with a massive amount of spam trying to get out of their servers (instead of directly) might overload their outgoing email servics, would require huge resources in filtering outgoing mail, would create false positives with customers' legitimate outgoing mail being blocked on the way out.

    So as much as blocking outgoing port 25 sounds nice and effective, it doesn't scale. On ther other hand port 25 "sniffing" might be good, expecially if it can lead to connecting the hijacked PCs to whoever uses them. But for this to work abuse fighters first need to abandon the idea that the most important goal is to catch the people that actually control the botnets. If a botnet is used to send spam on behalf of someone that paid someone else that hired yet another guy that paid a botnet operator for the service of using stolen resources then the one that provided the money for the operation should go to jail. And t's quite easy to determine who the advertiser is. So what's needed is to collect the data on actual spam messages going out of zombie PCs, choose those that are easier to locate, and put them in jail because they hired a criminal to work for them. If they can make excuses that they "didn't know" a crime is commited and without providing enough info to get the criminal then they should end up in jail. With just a few such cases there would be much less money flowing into spammers' pockets, and they'd be looking for another job...