The US Continues Its Reign As King of Spam 118
An anonymous reader writes "The United States continues its reign as the king of spam, relaying more than 13% of global spam, accounting for hundreds of millions of junk messages every day, according to a report by Sophos. However, most dramatically, China – often blamed for cybercrime by other countries – has disappeared from the 'dirty dozen,' coming in at 15th place with responsibility for relaying just 1.9% of the world's spam."
According to Sophos (Score:3, Insightful)
Not saying they are wrong, but I suspect a more accurate measure of the problem would require many more sources of data.
Since they rely on statistics generated from their products (not mentioned in TFA but I can't imagine where else they got their data from), there is an automatic bias introduced there.
SB
Not hard to fix... (Score:4, Insightful)
I know two ways that most of this spam can be reduced so the US doesn't remain #1 here, but it takes a clued system administrator to do so.
#1: Block outgoing port 25 at the routers other than for the ISP's official mail server, and for clients who have signed a form taking full responsibility for their mail servers, and that any spam originating from them will come back onto their heads, not the ISP's.
#2: Sane mass mail rules on the mail server. Of course, this doesn't apply to mailing lists, but in general, an average Joe won't be sending thousands of MAIL TOs, nor sending out a 10,000 person bcc mail.
I don't think the problem is ISPs with open relays like which was the issue in years past, but private companies who have PHBs running the place that have no interest in spending for even the basics in security. I personally have encountered a lot of SMB owners who have told me, "Security has no ROI, so I am not interested in wasting my money on it" when presented with a proposal for even just the basics of network security such as outgoing spam filters on the company's Exchange server. They believe that they can call Geek Squad (or some random computer consulting firm that has the most TV ads) to fix anything if they find a problem. Of course, this means that when (not if) the business gets compromised, spambots can end up on numerous machines, and remain there indefinitely until the Windows Malicious Software Removal tool gets run on a patch day (assuming they even bother turning on Windows Update/Microsoft Update), company data gets destroyed, their ISP cuts their access off for TOS violations, or they find their IP range in a blackhole list and all their E-mail bounces.
Just to point out the obvious (Score:5, Insightful)
It's not that the king spammers are in the US, it's that the US has the most machines permanently connected to the internet and infected by spambots. The whole statistics is a bit skewed because spam is one of those crimes where the one executing it is not necessarily also the one wanting to do it.
Just because the machine sending the spam is in the US doesn't mean the one wanting to send the spam is.
Surprise, surprise. Wait, maybe not so much. (Score:4, Insightful)
Not a shocker. According to an antivirus company, most spam comes from a place where people use Windows and are clueless about preventing infections. The zombie Windows machines are a big part of the problem, but the command & control systems seem to mainly be overseas. As are a lot of the products/scams being pitched.
What this says is that in the US users need to do a better job of securing their computers. And all around the world spammers need to be killed.
Re:The real question is... (Score:1, Insightful)
The origin of most spam is foreign countries using unpached versions of windows
With the United States ranking first among those. It would be nice if they could get there spam problems under controll instead of harassing other countries.
Re:The real question is... (Score:5, Insightful)
I'm an "old-timer" in a variety of meanings despite my ID, and I know about Cantor and Siegel. Nevertheless, Terry asks the right question and points out how uninformative this article is.
The article reports that 13% of hosts "relaying spam" reside in the US. But what should we compare that 13% to? According to the figures in the CIA Factbook [cia.gov], some 57% of worldwide Internet hosts are located in the US. So I'd say the article's entire premise is flawed. If the conditional probability of a host spamming were equivalent world-wide then, using the Factbook's figures, US hosts should account for 57% of spam relays, not 13%.
On top of that, relaying tells us nothing about how spamming works. Spam doesn't come from computers; it starts as some back-alley deal and spreads relentlessly across the globe. Those zombied machines with the ISO country-code domains we all see pummeling our servers aren't the source of the spam either. They're just drones that take their orders from masters far away.
As Woodward and Bernstein were told, "follow the money." Looking at distributions of Internet hosts tells us nothing about the business of spamming or its effects.
Re:Low spam from China? (Score:3, Insightful)
Using the logic I described above, computers located in China spam at about the norm for all computers worldwide. The article reports that 1.9% of relaying hosts are located in China; this is actually slightly better than China's overall share of computers worldwide, 2.1%. (For the US the figures are 13% and 57% respectively.)
Re:The real question is... (Score:3, Insightful)
Spam was the logical outcome of low sending cost and extremely few consequences. The niche exploited by people like Canter&Siegel, and by AOL's incessant spamming, has its origins in junk mail advertising, and before that in the wars for public billboard space in the cities of Europe, and doubtless had counterparts in ancient Rome and Athens and Jerusalem. and Babylon. In fact, the Tower of Babylon is a good metaphor for what happens now with spam flooding desirable traffic.
The problem isn't a technical one. It's a social one: The cost of individual messages is very low, especially if the resources to send them are stolen. And the consequences of sending them in bulk are, so far, insufficient to discourage the spammers or the professionals who provide them the tools. Even though spam seems to be rarely profitable, the _expectation_ of profit is enough to lure numerous hopeful or larcenous participants. Prosecutions remain rare, and the upstream providers seem happy to take the cash since they so rarely face consequences for hosting professional operations, and the newer zombie nets are too expensive to bother cleaning up.
There have been legal attempts to reduce spam. But spam is built on such a classic business model, that of junk mail, that any legislative effort runs headlong into the Direct Marketing Association and their lobbyists, or the equivalent in other countries. As individual technical fixes are applied, other versions of spam services expand to quickly fill the economic niche. So unless the technologically based approaches or the social approaches such as reasonable laws get so effective that the _apparent_ profit is eliminated, we're going to continue to see the deluge.
USA #1 (Score:5, Insightful)
We're #1, we're #1. YEAH! Go USA! :D
Re:One man's spam . . . (Score:1, Insightful)
Ham is dead pigs. Spam is a mix of 90% cheap stuff with 10% dead pigs. Spam is all filler and no content.
I think the generally accepted story of unsolicited bulk email being called "spam" has to do with a Monty Python sketch involving Spam. And I'm not citing a reference to this, as it really doesn't matter if the story is apocryphal or not. Spam is mostly dead pigs. And you do realize that a great quantity of material in dead pigs is "cheap stuff?".
It is more like 90% dead pigs and 100% cheap stuff... and if you can't figure out why this does not add up to 190%... well, logic is apparently not for you.