Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Sophos Reveals Latest Spam-Relaying Countries

Posted by Hemos on Mon Jul 24, 2006 11:14 AM
from the spam-ham dept.
Spam The Internet
An anonymous reader writes "For the first time in more than two years, the United States has failed to make inroads into its spam-relaying problem. The U.S. remains stuck at the top of the chart and is the source of 23.2 percent of the world's spam. Its closest rivals are China and South Korea, although both of these nations have managed to reduce their statistics since Q1 2006. The vast majority of this spam is relayed by 'zombies,' also known as botnet computers."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Sophos Reveals Latest Spam-Relaying Countries 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • I'm not sure why they divide by country. Are they implying that the laws and regulations of these companies should be stricter? Is this some sort of international contest to see who can restrict the rights of its internet users the fastest? The fact is that these nations are just relaying the spam. They might not be the origin of the spam so it's not like targeting a nationality will help.

    Furthermore, these percentages don't appear to be normalized in any way. Does the United States contain more than 23% of the world's internet traffic? Probably. What about the sheer number of IPs assigned to citizens? Again, probably more than 23% of the world's total user population. Even if it isn't that high, it'd still show that countries like China are doing ok relative to the sheer number of users they have. I think this study only showed that spam is directly proportionate to internet usage. And nothing more.

    Logically, you would divide by source or company or--better yet--ISP. I think the penalties should come from the companies that make money providing the internet service to the sources of the spam. Even if it's a bot or open relay for spam, the ISP should investigate it and shut it down. I honestly wouldn't be surprised to see Cox & Comcast show up on that list as they are so unbelievably careless.

    I think laws against the internet service providers are in order to force this but it's difficult to track. That's why Sophos should publish names of internet service providers and drag them through the mud, I don't care about countries. And how about making the penalty for the ISP a bit tougher as in you get one warning about a particular user and then you're restricted from providing internet service?

    In the end, you have to ask yourself--do we really want to make this a responsibility of all governments? I think the answer is 'no' considering that they can always just open up some operation in another nation and find an ISP dying for cash. Then you have to chase them there.
    • I'm not sure why they divide by country. Are they implying that the laws and regulations of these companies should be stricter? Is this some sort of international contest to see who can restrict the rights of its internet users the fastest? The fact is that these nations are just relaying the spam. They might not be the origin of the spam so it's not like targeting a nationality will help.

      Once I saw some statistics that USA is the originator of most of the spam.

    • Re:Why Divide By Country or Continent? (Score:4, Insightful)

      by yourOneManArmy (986080) on Monday July 24 2006, @11:19AM (#15770316)
      You're assuming media statistics are actually logical; they're designed to give 'convincing and unbiased' proof of the source's opinion.
    • It would be interesting to see this arranaged by the operating system of the infected computer. Given the frequency of infections by OS and the frequency of the OS on the internet, I can use Bayes theorem to deermine how suceptable a computer is to become a Zombie spammer. Im just guessing that this would not be flattering number for Microsoft, espicially the older versions of Windows. This sort of information could be used by Microsoft to encourage upgrades and by everyone else to recommend migrating fr

    • Re:Why Divide By Country or Continent? (Score:4, Insightful)

      by klaun (236494) on Monday July 24 2006, @11:56AM (#15770591)

      You don't seem to have much evidence for your assertion that ISPs are reluctant to deal with bots. I know that both ISPs your mention have aggressive programs to battle spam that is generated or relayed by users. It is really a very tough problem to deal with.

      How do you identify a bot infected computer? What do you do to a customer with a bot infected computer that he is probably not aware of? What preventative steps can you take that will not interfere with legitimate customer traffic?

      While technical savvy folks can generally think of solutions to problems, they often neglect the issue of scalability... every solution has to work in an environment that may deal with a million emails a second! Customers get very irate when they are disconnected, sandboxed, and refused further service until they run (free) anti-virus software on their computer. Customer care organizations within an ISP are generally very resistant to any program that will involve turning off customer service or restricting it, because that causes tremendous expense for them in terms of customer calls. ("What does this web page mean? How do I get rid of it?") It is not just about engineering a solution but also deploying it holistically within a company that has issues other than technology.

      Other solutions that make managing the problem easier are also very expensive and slow to implement across a customer base of millions. SMTP AUTH deployments are tremendously expensive in terms of customer care, customer education, and engineering efforts. Everything is complicated by scale and working within the confines of a business with other requirements apart from just technical ones.

      ISPs spend millions on efforts to combat spam. The anti-spam industry is expected to hit $1.7 billion in revenues by 2008. If you have the answer to all these problems, start a company and sell it. You will be very successful.

      • Customers get very irate when they are disconnected, sandboxed, and refused further service until they run (free) anti-virus software on their computer.

        In other news, drivers get very irate when they aren't allowed to drive their unsafe car on the road until it's been fixed. However, banning people with unsafe cars makes everyone else safer, so is a Good Thing. Same with infected computers. If a computer is actively attacking other systems then drop it's connection ASAP - this is good for two reasons:

        1. It stops the infected system from doing any more damage to any other systems/people (this may be relaying spam, DDoSing someone, trying to infect other systems with a worm, running a phishing site, etc).
        2. If someone loses their whole connection every time they get infected they might actually start giving a damn about their system's security.

        that causes tremendous expense for them in terms of customer calls.

        If all the ISPs started taking these measures then it would surely *reduce* the number of support calls since the number of infected systems would be reduced. Sure, there'll be a short term peak in the number of support calls but the long term picture is much better. Sadly, most businesses these days only seem to care about the short term bottom-line.

    • In the FA, they explained that the theory is Zombie PCs that are relaying spam, and suggest that the solution is tighter individual security on PCs in the U.S.. The originators are broken out by continent - North America is not at the top.
    • You asked very good questions, so I have an answer for some of them. You noted, "Furthermore, these percentages don't appear to be normalized in any way." AKA the "Is It Good, Or Is It Whack?" question.

      I normalized them (roughly). I found the number of Internet users per country at http://www.clickz.com/stats/sectors/geographics/ar ticle.php/5911_151151 [clickz.com] and then calculated what that was as a percentage of the world total.

      On the left is the percentages of spam from the article; on the right is the percenta
      • The old saying goes, "You can lead a horse to water, but you can't make him drink."

        Updated, it'd be "You can lead a user to clue, but you can't make him think."

        As it applies here, the average user isn't going to understand (or want to understand) what benefit these free items will give him/her. They've never heard of a firewall or a rootkit. All they really care about is how much it costs.

        Now if a service could show better profits through these steps (from reduced expenses, including bandwidth, support, e
        • Well I always go back to the example of a relative of mine who asked "What in the world would some hacker want with my PC"? They don't have a grasp of what access to even a Pentium 100 on a dial-up can be used for. They don't realize that spamming is pulled off with a "death by 1000 paper cuts" approach. How many average users could even grasp the concept of a computing cluster? Not everyone can or wants to understand this stuff. To them, it's just more time wasting useless crap when all they want to d
        • I see this illistrated every time I listen to the podcast of Leo Laporte's KFI radio show. Every show he has at least one call about spyware where he tells people the exact same things: Get a router, run spybot, adaware, windows defender. The people seem so clueless when he tells them that. I can understand that people aren't experts on things, but it is litterally the same advice every week. Weren't these people listening last week? If they've never listened before, then how did they know about the show in the first place? It just baffles me. Whether or not you think that is the best advice, I just don't understand how these people haven't heard it before.

  • Deep Throat Knows (Score:5, Insightful)

    by ackthpt (218170) * on Monday July 24 2006, @11:22AM (#15770340) Homepage Journal

    "Follow the money"

    What's so hard here? The US has pushed for having banks and financial service companies to be more open with governments on who is doing what with transactions.

    There's always the content, too. Just look in the emails and they have telephone numbers, web sites, the various means of seeing what these scumbags have to offer and how to contact them.

    Educating the public is failing. Why? How many public service ads have you seen advising people how to protect themselves from being scammed, preventing identity theft, etc.? I've seen none. I see private ads OF the voice overs of the big dude with the girl's voice, where his identity has been stolen, I think it was for a paper shreader of all things.

    Sophos must be with the terrorists as they are not proclaiming victory in the war on terror. Enough has been made of the suspicion (has anything been proved?) that terrorists raise funds this way. I wouldn't put it past them, but I also wouldn't put it past some russian teenagers with limited career potential in Putin's New And Improved USSR.

    • Just look in the emails and they have telephone numbers, web sites, the various means of seeing what these scumbags have to offer and how to contact them.
      No they don't, not anymore,

      Sophos estimates that 15 percent of all spam emails are now pump-and-dump scams, compared to just 0.8 percent in January 2005. These scams are email campaigns designed to boost the value of a company's stock in order for spammers to make a quick profit. Many of these spam messages contain images rather than traditional text.

      and t

  • No wonder (Score:5, Funny)

    by traveller.ct (958378) on Monday July 24 2006, @11:25AM (#15770364)
    No wonder the tubes are jammed.
  • ...is how many of the zombie systems are actually deliberatly set up by the owner. Not some accidental "gone to the wrong web site" setup, but some "I'm gonna make some bucks serving spam" and then claiming they didn't know they were infected.

    • ...is how many of the zombie systems are actually deliberatly set up by the owner. Not some accidental "gone to the wrong web site" setup, but some "I'm gonna make some bucks serving spam" and then claiming they didn't know they were infected.

      Probably very few. If it is your own system you have to pay for the bandwidth. Or for even less money you can rent time on a botnet that runs on two thousand exploited Windows boxes. There are even Web based interfaces that will walk you through sending your spam. P

  • I've often wondered... (Score:4, Interesting)

    by Osrin (599427) * on Monday July 24 2006, @11:29AM (#15770390) Homepage
    ... if you just opened up port 25 on EVERY machine and put some dummy SMTP recieve code behind it that did nothing else other than accept mail and then discard it, could we make it 500 million times harded for spammers to find an active and working open relay?

    • We can do better than that! (Score:5, Informative)

      by jd (1658) <imipak AT yahoo DOT com> on Monday July 24 2006, @12:25PM (#15770838) Homepage Journal
      TCP is based on packet acknowledgement and it is very doubtful that spammers have thought to check their software for deadlocks or timeouts. Instead of dumping the data, just have the connection hang after it is fully established, or send deliberately malformed acknowledgement packets. The idea here is to try and crash the zombie by either running it out of resources or giving it replies it can't handle.


      Alternatively, if the spammer/zombie computer has port 25 open itself, have a netfilter rule that rewrites the destination address to that of the sender, increases the TTL, and sends the packets back in duplicate. Again, this is a resource-draining scheme. If it's an open relay, it'll get the spam and resend it. I believe the hop count for SMTP is something like 30 and each packet will go two ways along the wire, so it'll take 2^31 as much bandwidth overall, if a sufficiently large number of users set up this kind of loopback. Companies that simply don't care if their machines are zombies will suddenly notice a degradation of their networks but any packet monitoring they do will show all of the packets to have the IP addresses of their machines for both source and destination. At least some will zombie detox to save their sanity.

  • Imagine... (Score:3, Insightful)

    by fragmentate (908035) * <(jeff.webster) (at) (zooloo.com)> on Monday July 24 2006, @11:30AM (#15770403) Homepage Journal

    ...if all ISPs simultaneously switched SMTP to another port... At least the existing "bugs" (as in malicious code) would break immediately.

    Sadly, any trick (even as drastic as I've suggested) would only be temporary. People still click on random .exe files (and scripts) as fast as they come in. Any Dilbert, South Park, or Pokemon screensaver will be clicked on my some nitwit. I see the forum posts about how certain screensavers don't work. Well, of course they don't -- they're not screensavers, they're little servers designed to relay spam.

    Given the vast numbers of idiots, and amateurs online here in the U.S., of course we're in the lead. (I have two teens -- both of them have clicked on evil .exe's -- firing off malicious code warnings on the Windows machines).

    Educating the gajillion newly techno-blessed is the only way to get this under control.

    How hard is it to understand, "If a stranger gives you an apple -- DON'T EAT IT!"

  • Do Americans have more, or just less secure, PCs (Score:3, Interesting)

    by supabeast! (84658) on Monday July 24 2006, @11:32AM (#15770419)
    At first I was looking at the numbers and wondering if Americans just have so many more Windows machines than the rest of the big relays out there, but once the numbers get into the single digits (everything after the US and China) I quickly realized that most of the people in those nations are probably using the same OS - Windows - as people in the US. So is it simply that the US comes out on top because we have so damned many computers - as opposed to other nations where they're sometimes uncommon in households and people use internet cafes? Or is it not a PCs-per-capita issue, but an issue of people in the USA simply being to stupid/lazy/etc. to secure their Windows machines? If the former is the case, we're in for some nasty spam as PCs per capita increase, and there are ever more systems begging to be infected. If the latter case is true, what will it take to finally get Windows users to start securing their Windows boxes?
    • Well, even though he mostly wrote it for British consumption at the time, I think that Charles Dickens pretty much nailed it on the head when he said that Ignorance and Greed were the watchwords of the future.

      And why not stop and look at your comment and others: other than *ownership* of computers, the other major common factor here is Windows. It certainly isn't as though Microsoft isn't complicit in this. Look at the security holes and exploits and everything else that can be laid at their doorstep over

  • I for one... (Score:3, Insightful)

    by Siberwulf (921893) on Monday July 24 2006, @11:47AM (#15770526)
    As impractical as it might be, I, being a software developer think the best way to go about removing this crap isn't on the receiving end. It won't be fixed by filters. It won't be fixed by blockers. The way to fix it is through putting some sort of tax, fee, whatever you might have it, on email getting sent.

    Before you flip out and throw the "OMGOOSES MY FREEDOM" argument around, answer me this:

    If you were being sent text messages to your cellphone, and being charged ten cents per text message, how long would you tolerate that?

    The reason nothing is being done to combat this is due to the fact that when people spend hours cleaning off spam, they aren't even thinkinga bout the "Time = Money" equation. If they were, I think they'd be pretty hot about getting the senders punished.

  • Spam Sources (Score:5, Informative)

    by AaronW (33736) <aaron,slashdot013&doofus,org> on Monday July 24 2006, @11:48AM (#15770534) Homepage
    My experience is that around 60-75% of the spam I receive comes from China. On my home mail server I finally broke down and started blocking the worst offending subnets and the amount of spam I received dropped dramatically. There is a RBL for China, cn.blackhole.us, or a combination of China and Korea (cn-kr.blackhole.us), though these are no longer listed and will likely disappear soon.

    I also use several other RBLs which have helped a lot.

    I also decided to add the worst offending subnets in China as rules for my firewall to block. The worst offending subnet is 221.208.208.x where my firewall reports an almost constant barrage of IM spam, and from what I've read, this subnet has been a problem for years.

    For your own blocking, the following script will get all the subnets used by China (or any other country you're interested in, just change $ctry):

    #!/usr/bin/perl $ctry = shift || 'cn'; $_ = `wget -O - http://www.apnic.net/apnic-bin/ipv4-by-country.pl? country=$ctry [apnic.net]`; print join "\n", /([0-9\.]+\/[0-9]+)/g;

    At work, where I cannot do this, most of my spam is also received from China.

    Out of the rest of the spam I receive, the US is actually pretty far down on the list of sources, though still much higher than places like the UK, Germany or France. The rest seems to come from places like Poland, Romania and Estonia.
  • America was found to have the highest number of zombies and bots per capita....
  • I haven't been keeping up on my anti-spam measures, lately, so I'm not sure if this has been considered, yet. Wouldn't it be possible to simply add a DNS record that allows a mail server to verify that the machine trying to send it mail is authorized to do so, for that domain?

    A machine that supports it could ask the sending domain "Is this machine allowed to send email on your behalf?" The sending domain could simply answer "yes" or "no". That would immediately eliminate all the zombies, for those people wh

    • Re:Eliminate the zombies (Score:4, Interesting)

      by vux984 (928602) on Monday July 24 2006, @12:14PM (#15770740)
      It already exists, its called an SPF record. Its been around for years now and 95% of domains don't have one.

      There is also nothing stopping the spammers from using SPF, and they do. In fact, in many surveys the spammers are registering domains and using SPF *more* than legitimate users are. SPF does mitigate some spoofing issues, but that's about it.

      On its own its proven worthless. As part of more cohesive anti-spam strategy it might prove to have some value.

        • Every time a spammer needs to register a new domain, it'll cost him money

          Yeah. Sure. Like maybe $1.99. Domains are cheap; a spammer can quite easily register a domain, possibly even on the credit card of a random luser that got phished, configure some hosts and SPF records and send several tens of millions of spams in a few hours. All it takes is one valid order with a profit margin greater that $2 from all that and they are in the black, and if they get the timing right then with some registrars th

  • Its articles like these that lament people's basic misunderstanding of statistics. They use percentage of spam sent by countries in order to try to prove that spam is not being reduced in the United States. The problem is that simply relaying a percentage of total spam does not prove or disprove this point. It simply shows whether the US is changing more or less in proportion to other countries. Did the total number of spam messages go up or down? What about the total number of bot nets? The reality i

  • Whether it is a zombie, which is not supposed to have an SMTP server at all, or a legitimate mail-server fooled into relaying spam to you, my milter [virtual-estates.net] will black-list it for a few hours after your spam-detectors issue their first verdict against the relay.

    Unlike with most blacklists, though, the damage from a false-positive is merely a delayed, rather than rejected (or, worse, dropped) message...

  • If the ISP's implemented a system whereby port 25 was closed and the average John Q. Public had to send mail through it's servers, or something else like GMail, then the vast majority of zombie spam would disappear overnight.

    Then each customer could be limited to __ number of emails each day (perhaps 20). Beyond that they would have to log in and manually re-enable their account for another 20. People regularly exceeding their amount could apply for a higher threshhold.

    A little inconvenient? Yes. More i

      • Re:ISP's and Open Ports (Score:4, Insightful)

        by DigitalRaptor (815681) on Monday July 24 2006, @01:45PM (#15771413) Homepage
        Who says it has to be one or the other?

        Your mom probably doesn't need to run an email server. Neither does 99% of other ISP users. The far less than 1% (of which I'm included) that need specific ports opened up can do so by working with the ISP.

        That would eliminate 99% of zombie spam right off the bat, without significantly affecting anyone. It may take you 5 minutes on the phone with tech support, but it closes a HUGE whole that is actively exploited by the spammers.

        Bye-bye spam. It also takes a way a LOT of the motivation for creating zombie machines, so bye-bye much of the spyware and viruses (not all, but probably a noticeable amount).

        So we aren't sacrificing freedom for security. We're tolerating a 5 minute phone call for 1% of users so that everyone can enjoy the internet far, far more.

        Well worth it, if you ask me. Absolutely nothing is lost. A whole lot is gained.

      • Re:ISP's and Open Ports (Score:4, Insightful)

        by DigitalRaptor (815681) on Monday July 24 2006, @02:16PM (#15771620) Homepage
        The internet is very analogous to the highway system in most countries. Commercial drivers create increased risk to all drivers on the road, and thus require training and registration for the safety and benefit of everyone involved, including each other.

        The commercial drivers could (and may) complain that it's unfair that they have to go through the hassle of getting licensed and registered, after all, each thinks he is a perfect driver and poses no risk whatsoever. But I think most people would agree regulation of commercial drivers is a good thing and everyone benefits.

        Likewise, those (myself included) wanting to do more than normal with the information super highway would likely complain if we had to take an extra step before being able to do what we want on the internet, such as running a web server or email server. But again, I think the benefits outweight the inconvenience 100 times over. I could call my ISP and be added to their open ports list in 5 minutes (ONCE), but I easily spend 10 minutes A DAY on spam, and often more.

        Mind you, this is only on dial up and broadband accounts. Most T1 lines, etc, used for business wouldn't need this requirement as they already have administrators that keep things secure and zombies to a minimum, and RBL's already deal with most of the rest.

  • According to the Computer Industry Almanac [c-i-a.com] the U.S. uses 25% of the world's PCs. While I know our broadband penetration is not has high as other countries, we sure have a lot of hardware. Another thing to look at would be total messages in/out versus total messages claimed as spam. Sophos doesn't give us that piece of information. At least last year, Andrei Serjantov and Richard Clayton had done some work along those very lines in a paper found here [infosecon.net]. I don't know if they've updated it.
  • My ISP has a pretty good filter and they hold what is blocked for a week. When I access my "help mail" file everything is identified by country. Two months ago close to two thirds was from the US and it all got forwarded to the FTC. Today that is down to about 40% from the US and I still forward everything to the FTC. They do file many charges against spammers every month and the US amount is dropping.

    I suspect that if things were traced all the way through that many of the US and offshore groups are relate
    • If the top five "spam cartels" were taken down I think we would see a 75% or more drop in SPAM worldwide.
      Until "spam cartels" number 6 - 10 pick up the slack.

  • worrying? (Score:3, Informative)

    by pe1chl (90186) on Monday July 24 2006, @12:13PM (#15770734)
    "It's worrying to see so many pump-and-dump emails - often with embedded graphics included - being spammed out to the general public," added Cluley. "The people that act upon these emails aren't skilled investors, and don't realise that purchasing the shares is likely to reap no reward, benefiting only the spammers, while creating a financial rollercoaster for the organisation in question."

    Why is this worrying, in the sense that it needs to be mentioned explictly?
    Most of the general public is not medically educated either, yet we have received spam about all sorts of pills for a long time.
    And many do not know what 419 is, yet lots of those mails are sent as spam.
    Lots of the spam I receive is in far-east languages which most western citizens are not skilled to read.

    SPAM in itself is worrying, but there is nothing especially worrying about pump-and-dump.
  • Who designed or allow to be designed all the software that is used for spam, virus and other technodangerous programs? Sure, all the unwitting unsuspecting people out there that treat their computer as a black box should be ashamed of themselves. To use a windows computer safely these days requires a strong predilection to research and remembering security bulletins and knowing specifically how a computer does things. Which in of itself requires knowing about security models, social engineering, UI desi
  • None of it would exist at all if the END USER stopped buying viagra every time they get an offer in their inbox..

    However, I would applaud a spamming company that slowly removed non-responsive email addresses from their spam lists and tailored their spam only to those few users who respond

  • Port Blocking and interface? (Score:3, Interesting)

    by Midnight Thunder (17205) on Monday July 24 2006, @12:46PM (#15771006) Homepage Journal
    My provider prevents me from sending to SMTP ports outside of my domain, for better or for worse. This got me thinking:
        - would it be possible to selectivley block ports?
        - provide an ISP based UI, where you could unblock ports based on your account?
        - if both above are doable, what over head would this provide?
        - maybe provide different default configurations based on the type of user you are (technophobe, newbie, average home user, business user, power user, etc)
        - how well would such a solution go down?

    Sure you could ask everyone to install the equivalent of zone alarms, but this is not always going to happen.

  • But How Many Computers? (Score:4, Informative)

    by fdiskne1 (219834) on Monday July 24 2006, @01:14PM (#15771198)
    I see a number of people asking the question "But how many computers are there per country?" I found the numbers at:

    http://www.c-i-a.com/pr0904.htm [c-i-a.com]

    Here's what they show. I've added the % of spam coming from each country as the last entry in each line:

    Top 15 Countries in Internet Usage
    Internet Users (#X1000) Users% Spam%
    1. U.S. 185,550 19.86 23.2% of spam
    2. China 99,800 10.68 20.0%
    3. Japan 78,050 8.35 1.6%
    4. Germany 41,880 4.48 2.5%
    5. India 36,970 3.96 N/A
    6. UK 33,110 3.54 1.8%
    7. South Korea 31,670 3.39 7.5%
    8. Italy 25,530 2.73 3.0%
    9. France 25,470 2.73 5.2%
    10. Brazil 22,320 2.39 3.1%
    11. Russia 21,230 2.27 N/A
    12. Canada 20,450 2.19 N/A
    13. Mexico 13,880 1.49 N/A
    14. Spain 13,440 1.44 4.8%
    15. Australia 13,010 1.39 N/A
    Top 15 Countries 662,360 70.88
    Worldwide Total 934,480 100

    It looks like the USA's numbers are right about on track with most other countries with China way out in front as to percent of the spam problem compared to percent of Internet connected computers. What's this? France has twice the percent of spams relaying through their country compared to the percent of Internet users? For shame!

  • can't say I'm surprised - spam me me me! (Score:3, Interesting)

    by tota (139982) on Monday July 24 2006, @01:21PM (#15771254) Homepage
    Last time I posted, I somehow offended a few americans who mistakenly took my attack on climate-change nay-sayers as an attack on America and americans as whole: it resulted in DoS on my sites and a joe-job campaign against my public mail servers.

    Polute the world, polute our mailboxes, and be damned anyone who dares question whether this is moral or not!

    Funny thing is: my spam filters are now much improved! Thanks!

  • Per capita or per connection? (Score:3, Informative)

    by phorm (591458) on Monday July 24 2006, @01:32PM (#15771328) Homepage Journal
    I would like to see a per-capita or per-connection statistic for this. I notice that Canada isn't up there on that list, but they do have a lesser population than China/USA (though probably more than many of the others), and alternately a pretty high ratio of connectivity per household/business.

    How about a graph of "# of known connections in country vs amount of spam). If country X is only contributing 2% of the spam, but they've got 2% of the overall population and only 25% of that is connected... it shows a little more how the local control on such things may be a bit... lax.
  • This report doesn't take into account each country's percentage of the total world internet user population. If you take that into account, China and S. Korea are far worse than the US on a per-capita internet-user basis:
    • USA: 23.2% of world spam, 20.1% of world internet users
    • China: 20.0% of world spam, 10.9% of world internet users
    • S. Korea: 7.9% of world spam, 3.3% of world internet users
    So adjusted for internet user population, the US puts out 23.2/20.1 = 1.15, or 15% more spam than expected. China puts out 20.0/10.9 = 1.83, or 83% more spam than expected. South Korea puts out 7.9/3.3 = 2.39, or 139% more spam than expected. I got the internet population stats from: http://www.internetworldstats.com/top20.htm [internetworldstats.com]

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.