Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Spam United States

Spam's U.S. Roots 332

Posted by michael from the part-of-the-problem-not-part-of-the-solution dept.
ahab_2001 writes "Notwithstanding how tired my finger is getting from deleting all of those unsolicited messages from China and Korea, Information Week reports that a study of filtered messages by the spam-blocking firm CipherTrust revealed that some 86% of spam originates in the U.S. Apparently, a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam, according to this study."
This discussion has been archived. No new comments can be posted.

Spam's U.S. Roots More

Spam's U.S. Roots

Comments Filter:

  • Yeah! We're #1! We're #1! (Score:5, Funny)

    by Anonymous Coward on Friday August 13, 2004 @10:23AM (#9958408)
    Oh wait, that's not a good thing in this case.
    • I said it before. We need to make it profitable for people to go out and hunt spammers. We need to make it profitable to jail them (think of the drug laws example)

      We need to tag them with orange glow in the dark safety tags so people can share their love with them. Behold the Spam Hunter:

      Here we see the Spammer in his native environment [slashdot.org], lets pull his network connection and see if we can get him rialed up. Crikey, look at em dial tech support!

      My modest proposal is that we have to make it legal for peo

  • Crush (Score:5, Insightful)

    by Davak ( 526912 ) on Friday August 13, 2004 @10:23AM (#9958412) Homepage
    a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam

    Crush those sites. Turn them off. Then repeat the study.

    We should treat spam like a disease... and perform meaningful research on it.

    Davak

    • Re:Crush (Score:5, Funny)

      by wwest4 ( 183559 ) on Friday August 13, 2004 @10:27AM (#9958453)
      > Crush those sites. Turn them off. Then repeat the study.

      ...this will be the sixth time we have destroyed them, and we have become exceedingly efficient at it.

      • Re:Crush (Score:5, Insightful)

        by halowolf ( 692775 ) on Friday August 13, 2004 @10:34AM (#9958542)
        Well its obvious what the rest of the world should do! We should add the entire American IP address range to the great blacklist and move along! :)

        Its not like other countries havn't been blockaded...

        • Re:Crush (Score:5, Informative)

          by GreyPoopon ( 411036 ) <[gpoopon] [at] [gmail.com]> on Friday August 13, 2004 @11:49AM (#9959423)
          We should add the entire American IP address range to the great blacklist and move along! :)

          I know your comment was meant to be funny, but that's EXACTLY what I think other countries should do. They should contact the US government and tell them they have 30 days to fix the spam problem before a nationwide block goes into place. I predict the end to most of the spam within 5 to 10 days. I'm an American, BTW, and I don't think my country should be treated with any more consideration than some of the Asian countries we've advocated taking this approach with.

          • Re:Crush (Score:3, Informative)

            by (54)T-Dub ( 642521 )
            I'm not a nationalist or anything. But the rest of the world's economy would take a severe hit if they were cut of from America even in limited fashion like email.

            • Re:Crush (Score:3, Insightful)

              by GreyPoopon ( 411036 )
              But the rest of the world's economy would take a severe hit if they were cut of from America even in limited fashion like email.

              Yes, most likely, but since the impact to the American economy would be similar, it's unlikely that the US would let that happen. Somebody ought to do a comparison analysis between the impact of loss of connectivity and the impact that fighting spam has right now. A few days of lost connectivity may very well be worth the cost savings to companies that have to spend money on de

          • Re:Crush (Score:3, Insightful)

            by gregmac ( 629064 )
            They should contact the US government and tell them they have 30 days to fix the spam problem before a nationwide block goes into place.

            and what are the chance that Bush would take this as a terroist threat and use it as an excuse to go and bomb the shit out of the country that said it?
      • For some reason this reminded me of a good Mark Twain quote: "Giving up smoking is the easiest thing in the world. I should know, for I have done it a thousand times."
    • We should treat spam like a disease... and eradicate it for the good of mankind.

    • Re:Crush (Score:4, Insightful)

      by mattjb0010 ( 724744 ) on Friday August 13, 2004 @10:39AM (#9958591) Homepage
      Meaningful infectious disease research needs to take into account people who do transmit the disease a lot. Besides which, most of the spam coming from China and Korea does originate in the US -- either relayed through trojan boxes or properly owned boxes, but definitely advertising US "products" in US English. Looking at the last known good header IP address doesn't tell you a lot about the true origin these days.

      • Re:Crush (Score:3, Insightful)

        by TykeClone ( 668449 )
        One Time DISC0UNT 0RDER for V1@GRA, Via*gra*

        That's certainly US English :)

        The most effective thing to do is to come down hard on the businesses using SPAM to advertise.

    • Re:Crush (Score:5, Interesting)

      by The Ultimate Fartkno ( 756456 ) on Friday August 13, 2004 @11:22AM (#9959115)
      Crush those sites? A sound idea. Start here. [hillscapital.com] It's a Spam Vampire site set up by one of the more vicious anti-spammers I've ever seen in action. Non-caching, image-reaping, website-burning, bandwith-sucking action, all with a scorecard and a throttle. Now if we can just get this modded up so that a few thousand people are all playing at the same time...
    • Spam is more like a nuisance crime than a disease. Diseases are natural occurrences, unpleasant yes but a biological function. Spam is a deliberate attempt to pollute a public space for private gain.
      In a sense it's the fault of the original e-mail/internet designers. By creating a nearly free and unlimited communications channel for themselves, they never anticipated that the channel would be hijacked by advertisers who are claiming the internet for their own private personal gain (as a open medium throu

  • Limited set of IP's? (Score:5, Insightful)

    by tpwch ( 748980 ) * <slashdot@tpwch.com> on Friday August 13, 2004 @10:25AM (#9958430) Homepage
    Great, give me a list and I'll block them on my mail server.

    • Screw that... (Score:2, Funny)

      by Anonymous Coward
      Great, give me a list and I'll block them on my mail server. ...give us the list and let's block the whole freakin' netblocks at the router.

      You are judged by the company you keep!

    • Re:Limited set of IP's? (Score:3, Informative)

      by Zapman ( 2662 )
      Ciphertrust is an anti-spam company. They'll sell less of their product if they give away that info.

      That said, we use their Ironmail product at work, and it is AWESOME. We're blocking 200k spams a week for under 2000 mailboxes. It also wraps anti-virus (from sophos), and OWA proxy, imap, pop3, content filtering, etc. It's a wonderful appliance, that's unix based, and it's even got a really nice web front end.

      If you do anti-spam for part of your paycheck, it's a product worth considering.

    • Re:Limited set of IP's? (Score:5, Informative)

      by tokennrg ( 690176 ) on Friday August 13, 2004 @12:21PM (#9959809)

      Spamhaus [spamhaus.org] will certainly help you out with a list [spamhaus.org] of IP's to block. They'll also tell you what country spams the most and what ISP a majority of the spam comes from, just check the stats at the bottom of the homepage. Spamhaus is also one of the few DNS Blacklists around that you can actually work with.

      Normally they list IP addresses that spam comes from , unlike some lists like the five-ten group [five-ten-sg.com] that lists all but 1 IP address (127.0.0.1). Spamhaus will also remove IP's that no longer spew spam and so legitimate businesses don't get blocked erroneously.

      Spamhaus also has a nifty thing called The ROKSO List [spamhaus.org] which lists know repeat offenders and spam gangs so ISP's can keep from signing them up for service in the first place.

  • Are any of us suprised? (Score:5, Interesting)

    by TaintedPastry ( 790856 ) on Friday August 13, 2004 @10:25AM (#9958433)
    While I do get the few 'nigerian national' emails, most of them seem to be in pretty g00d 3ngli$h.

    What do I do find morally distrubing is that there are geeks out there making assloads of cash providing a conduit for this spam with high powered servers and keeping the senders essentially nameless.

  • I'm confused (Score:5, Insightful)

    by pedestrian crossing ( 802349 ) on Friday August 13, 2004 @10:28AM (#9958463) Homepage Journal

    Why doesn't spam come under the same scrutiny and attempts to shut it down as P2P?

    If it is mostly as centralized as this study indicates, it should be easy.

    OK, I know the answer (nobody's precious "IP" is threatened by spam), but if there are going to be attempts to regulate the Internet, it seems like this is a far more productive place to start.

    • That's BRILLIANT! (Score:5, Funny)

      by Anonymous Coward on Friday August 13, 2004 @10:30AM (#9958485)
      We should start sending out "fake" spam with encoded music/movies in it. RIAA and MPAA would buy some new laws to stop spam.

    • Re:I'm confused (Score:5, Insightful)

      by lunatik42 ( 665342 ) on Friday August 13, 2004 @10:35AM (#9958552)
      Spam doesn't come under the same fire as P2P because it *promotes* consumerism and the "entertainment" industry, whereas file sharing circumvents the mass market etc. completely. Ergo, most of the war on spam is fought by the people - no one on top of the dogpile wants to regulate advertising. Besides, there are anti-spam filters being sold all over the place. That's another way to capitalize on the phenomenon.
    • Well, if we consider trademarks Intellectual Property, wouldn't (for instance) Pfizer have a case regarding Viagra?

    • Re:I'm confused (Score:3, Insightful)

      by pjrc ( 134994 )
      Why doesn't spam come under the same scrutiny and attempts to shut it down as P2P?

      As a matter of US federal and state laws, there has been one (admittedly lame) federal law passed to regulate spam, following on the heels of numerous state laws. Yes, the CAN-SPAM act sucks, but it is a law on the books. Compare with p2p, where all proposed bills have died so far.

      As a matter of ISP policy, almost all ISPs have anti-spam usage policy. They regularly DO delete accounts abused by spammers. Compare with p

    • **OK, I know the answer (nobody's precious "IP" is threatened by spam),**

      that's false.

      spam is regularly used to sell products that infrenge on IP rights(trademark violations and pure high seas piracy).

  • What are those? (Score:5, Interesting)

    by Quixote ( 154172 ) on Friday August 13, 2004 @10:29AM (#9958471) Homepage Journal
    a very limited set of IPs with high-bandwidth connections is dishing out the bulk of the spam,

    I skimmed the article, but couldn't find the answer to the question that, I'm sure, is on most /.ers minds: what are those IPS???

    • Re:What are those? (Score:2, Informative)

      by Anonymous Coward
      The Spamhaus ROKSO database [spamhaus.org] lists the netblocks and other relevant information. Interesting tidbit: Scott Richter's address block is now served by T-Systems. It doesn't take small shady ISPs or anonymous DSL accounts to bring spammers online.

  • Come on... (Score:2, Funny)

    by xenostar ( 746407 )
    I thought the spam problem has been resolved [sourceforge.net]

  • Me... Trolling? (Score:5, Informative)

    by The-Bus ( 138060 ) on Friday August 13, 2004 @10:29AM (#9958483)
    Funny. My finger's not tired, I use SpamBayes [sourceforge.net]. Sure, I miss out on great messages touting... "A great opportunity... New and spreading via the Internet in a very big way-It's FREE to join, and it promises a lot. Too good to be true?" ...but it makes it easier.

  • It makes me wonder... (Score:3, Insightful)

    by Short Circuit ( 52384 ) * <mikemol@gmail.com> on Friday August 13, 2004 @10:31AM (#9958499) Homepage Journal
    What happens if/when the kingpins are taken down? Will the commercial anti-spam-solution market dry up?

    Who's willing to bet that companies with spam-dependant business models won't want that happening?

    (/tinfoil hat)

    Has anyone ever thought of comparing the originating IP of an email against a blacklist? I'm not talking about the server that sent the message to the recipeint. I'm thinking of further along the relaying chain.
    • What happens if/when the kingpins are taken down? Will the commercial anti-spam-solution market dry up?

      There are always other markets, such as virus protection, etc. that these companies could branch out into.

      But I agree, greed will probably keep the anti-spam business going one way or another.

  • Nice Advertisement.. (Score:5, Insightful)

    by inkdesign ( 7389 ) on Friday August 13, 2004 @10:31AM (#9958501)
    What CipherTrust REALLY means is 86% of their potential clients reside in the US.

  • Well, duh. (Score:2, Interesting)

    by Trigun ( 685027 )
    Everyone blames the chinese, but the ads are written in english, for american products, and targetted at americans. The Chinese are just a relay, and being blamed as spammers, when they should be blamed for not keeping their computers secure.

    And I suppose that the sanctions on software, language barrier, and lack of skilled people have nothing to do with it?

  • Ok (Score:2, Funny)

    by JawFunk ( 722169 )
    "The percentage of spamming IP addresses within the U.S. is in line with other surveys, but in the actual number of messages, the U.S. is responsible for the vast bulk of spam."

    Yes, well, excess is a part of the American lifestyle.

  • SPAM thrives best where it is consumed. (Score:3, Insightful)

    by erick99 ( 743982 ) <homerun@gmail.com> on Friday August 13, 2004 @10:35AM (#9958553)
    I think that SPAM does so well (so to speak) here in the United States because enough people read SPAM and buy the products to make it worthwhile for the spammers to do business. I had no idea there was such a market for "male enhancement," "payday loans," and the other similar ads.

    I have been using gmail since early July and the spam filter is the best I've used so far. I get very few spam in my inbox everyday and I haven't had a false positive in so long that I don't check anymore.

    The spammers will continue to spam until they are ingored to the point that there is no money in it. But, you know, I just don't see that happening.

    Cheers,

    Erick

    • Re:SPAM thrives best where it is consumed. (Score:5, Insightful)

      by multimed ( 189254 ) <{moc.oohay} {ta} {aidemitlumrm}> on Friday August 13, 2004 @11:18AM (#9959052)
      That's just not true at all--a very common misconception. If people just stop buying stuff from the spam, the success rates will go down low enough that spam will no longer be effective and go away, right? Hooey. The people doing the spamming and the crap for sale or whatever are two different things. Spammers don't care what the response rates are, they sell the service of bulk emails. They get paid no matter what. Of course that's not what they tell the businesses buying their services. They pitch how cheap it is to reach millions of people and the whole "if just 1% buys something" fallacy. The problem is the greed of the businesses continues to let them believe the sales pitch of the spammers. That's why legitimate companies don't do spam--not because it's immoral or illegal but because it already doesn't make financial sense.

      That's why my answer is not to go after the spammers who are slime but often out of US jurisdiction, or even the ISPs because while some of them are evil & look the other way, a lot of them are trying, but it's hard work. No don't bother with them, I think they should go after the companies selling the crap. There's a contact in most of the spam for people to actually buy the crap. And that's a hell of a lot easier than tracking the spammers, nail the businesses paying for the spam. I guess it's kinda like going after the Johns instead of the prositutes.

  • T-Systems connects Scott Richter's net (Score:5, Informative)

    by Anonymous Coward on Friday August 13, 2004 @10:36AM (#9958566)
    According to this [heise.de], notorious spammer Scott Richter has his own netblock (69.6.0.0-69.6.79.255), which until recently was connected to the internet through Taiwan based ISP Chunghwa Telecom. After they gave up on him, Germany based T-Systems [t-systems.com] took over. If you have any problems with spam from this netblock, their security team [mailto] would like to hear about it. They have announced that they will terminate the contract if Richter violates it.

  • I need your help (Score:5, Informative)

    by Saint Aardvark ( 159009 ) * on Friday August 13, 2004 @10:39AM (#9958608) Homepage Journal
    Weirdly enough, I just wrote about something like this [slashdot.org] in my journal. In a nutshell, I've been contacted by a list seller [emailsupply.net] asking if the files on my site mean I know how to get in touch with The Bulk Club [slashdot.org] (you remember The Bulk Club [slashdot.org], right?)

    I'm looking for suggestions on what to do next. In the meantime, whatever you do, do not run this command:

    while [ true ] ; do wget http://www.emailsupply.net/sample.txt -O /dev/null ; done
    That's a 4MB sample of the lists the gentleman has for sale, and surely the Slashdot effect runs the risk of using up all his bandwidth. Don't do it, I beg you!

    • Re:I need your help (Score:5, Interesting)

      by gptelemann ( 801687 ) on Friday August 13, 2004 @10:59AM (#9958833)
      while [ true ] ; do wget http://www.emailsupply.net/lists.php -O /dev/null ; done

      Try this also: large file, and hit the PHP, not a static page!
      • > while [ true ]

        The square brackets are extraneous. Or rather, they give your loop the meaning you intended, but not the way you meant it.

        You are testing that the string within the brackets is not zero length. You do this by running /bin/test (which is linked from /bin/[), checking that test != "" and eating the ]. Then test returns 0 (because it's true).

        What you want is

        while true; do ... done

        This runs the program /bin/true which does nothing but return zero.

        while [ crapapples ]; do ... done

        would
    • A coworker was talking about webpages that contain a collection of large images from spammers websites. Although the basic idea is the same as the "while...wget" in Saint Aardvark's post, it's apparently quite legal since the spammers had been aggressively inviting the public to view these images. Does anyone know anything more about this?
    • Funny, over 100 of the addresses on that list are spamtraps received on my home system.

      Makes me wonder how many of the email addresses on that list belong to ISPs that run really big spamtraps...

    • Re:I need your help (Score:5, Interesting)

      by Kallahar ( 227430 ) <kallahar@quickwired.com> on Friday August 13, 2004 @11:56AM (#9959505) Homepage
      It appears that his host is onlinehome-server.com which has a price list at here [1and1.com] which shows their max monthly bandwidth as being between 25 and 100 gigs. At 90k/s bandwidth (their end) that's 324 megs/hour/person, so assuming 10 people do it it would take 30 hours each to hit their cap. 100 people could do it in 3.

      Sounds like fun :)

  • Amount is only message-wise. (Score:5, Informative)

    by Tar-Palantir ( 590548 ) on Friday August 13, 2004 @10:39AM (#9958610)
    According to the article, Asia has a significantly higher number of spamming machines. It's just that the US, with readily available high bandwidth connections (and nutbars like Alan Ralsky) spews out a disproportionate percentage of all actual spam messages.
  • Give us the CIDR blocks of the whole ISP that the spammer is using. Block all packets from those ISPs. Once ISPs learn that they get blocked for tolerating spam, they will try harder to prevent them.

  • From the US? (Score:2, Informative)

    by bannerman ( 60282 )
    I could have sworn I just saw a slashdot article stating that 80% of all spam came from some country like Elbonia or something. does anyone else remember that? Maybe someone with the skills to find it?

  • cybersmtp.com (Score:5, Interesting)

    by samsmithnz ( 702471 ) on Friday August 13, 2004 @10:54AM (#9958770) Homepage
    Just yesterday I received spam from this guy at cybersmtp.com, advertising they can send bulk emails out. Check this out, I was surprised at the number of emails they have in their database, and the relative cheapness to send out nearly 300 million emails:

    No Software to Buy - Nothing to download

    Lowest cost for broadcast

    E-Mail is a key component in maintaining contact with your customers

    Email Broadcasting

    Please choose from the following:
    [ ] 1,000,000 e~mail sent $400
    [ ] 5,000,000 e~mail sent $1,500
    [ ] 10,000,000 e~mail sent $2,000.00
    [ ] 56-70,000,000 e~mail sent $2,500.00
    [ ] 224-280,000,000 e~mail sent $10,000.00


    We use our own directory, so you do not need to pay one dime extra.

    • Re:cybersmtp.com (Score:2, Insightful)

      by DMNT ( 754837 )

      They claim that they have that many e-mails.

      Rule #1: Spammers lie
      Rule #2: Spammers are stupid

      Spammers buying spamming services must be stupid enough to believe other spammers' lies.

      There have been reports of spamming attempts to newsgroup message-id's, tags, anything with @-sign in it. And how will the buyer have any way to make sure that the mail is sent to that many e-mail addresses? Or someone will actually read them? Spammers selling stuff will care about this. Spammers selling spammer services w

  • In other news (Score:5, Funny)

    by gorbachev ( 512743 ) on Friday August 13, 2004 @10:55AM (#9958780) Homepage
    A study by the National Weather Service just found out sky is blue, most of the time.

  • Finally the truth (Score:3, Insightful)

    by maximilln ( 654768 ) on Friday August 13, 2004 @10:57AM (#9958807) Homepage Journal
    Now we can stop all the fingerpointing at foreign nations to blame those nefarious Asians, or the socialist Europeans, or the terrorist Arabs for our spam. We can honestly stop deluding ourselves and look at the problem and say,"It really is nothing more than American business alive and well." However, I find that the analyses are always going to be flawed. If the spam passes through even one illegitimate relay along the way it's pretty safe to assume that the relay has been doctored to rewrite connections. The latest spate of spam that I've received has seemingly come from IP addresses registered to Edward's Air Force Base and the USPS. Of course, the SMTPd signatures openly acknowledge that they're "misconfigured".

    Really, until a proactive approach is taken to seriously investigate the businesses whose products are being advertised then tracking spam from the mail side is an exercise in self-delusion.
  • The article mentions zombie computers, computers hijacked by backdoor trojans and the like, but the research group seems to not diferentiate between the act of using hijacked services and spam in general.

    Had they done so, they might have noted where a lot of hijacking originates: Europe and Asia. How much spam is generated by hijacked computers and how much is generated by people using their own legitimate resources?

    For instance, you're shooting dice if you try connecting to any url that ends in cz (as

  • Well, it's an uncomfortable topic... (Score:4, Interesting)

    by Theatetus ( 521747 ) on Friday August 13, 2004 @11:11AM (#9958973) Journal

    A lot of us in the IT world owe our jobs in some way to spam: the company I work for wouldn't need a 4-person server staff if we didn't have to

    • manage spam filters and mitigate spam & virus damage for our POP clients
    • audit our mailing list clients to make sure they're not actually spamming
    • maintain our sendmail and bind clusters to prevent their use by spammers
    • etc. etc. etc.

    Would anybody else be out of a job if it weren't for spam?

  • How To End Spam (Score:4, Funny)

    by bratgrrl ( 197603 ) on Friday August 13, 2004 @11:15AM (#9959014)
    Spam won't stop until SpamAssassin becomes SpammerAssassin.

  • let's (Score:2)

    by radja ( 58949 )
    just ban all US email...

  • us top spammer, china top hoster? (Score:5, Informative)

    by blanks ( 108019 ) on Friday August 13, 2004 @11:47AM (#9959408) Homepage Journal
    http://spam.weblogsinc.com/entry/4463682046968893/ Link goes to quote, plus more links backing up this data.... "A study released this week by Commtouch reveals that about 55% of all spam originates in the United States, and that more than 73% of spam refers to websites which are hosted in China. Ninety-nine percent of all websites mentioned in spam sample analyzed by Commtouch were hosted in China, South Korea, the United States, Russia, or Brazil" Here is another link, with a more detailed article. http://www.securitypipeline.com/showArticle.jhtml? articleId=22103058

  • That's not new, ROKSO (Score:4, Informative)

    by cpghost ( 719344 ) on Friday August 13, 2004 @12:07PM (#9959650) Homepage

    Spamhaus [spamhaus.org] published ROKSO [spamhaus.org] list has always shown that most top spammers are U.S.-based.

    All it takes is more vigorous law enforcement. Where are the prosecutors, when we really need them?

  • I can't even read most spam! (Score:3, Insightful)

    by OrangeTide ( 124937 ) on Friday August 13, 2004 @01:26PM (#9960520) Homepage Journal
    Most spam I get is full of spaces in the middle of words or weird characters or insane grammar that I can't even figure out what they want me to buy. So not only do I have to read the garbled subject of the message and mark it as spam (because their crazy message evades my filters) I get to sit there confused as to what they were trying to tell me.

    It's just bad marketing to leave the customer confused. Maybe I should just stop using email all together until someone has a better system.

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close