China and its Relation With Spam 373
smooth wombat writes "Asia Times has a nice article about why China is becoming the spam capital of the world. Steve Linford, of Spamhaus fame, is quoted several times in the article and offers some insight into how the Chinese ISPs operate.
Steves quote at the end of the article pretty much sums up why China isn't doing anything to curb the hosting of spam website servers in the country:
"They simply don't want to know - China Telecom doesn't care because they're government-owned and there is no pressure coming from the government. Meanwhile, our statistics on spam volumes and the number of spammers setting up in China are going up and up and up.""
Re:Why is this still an issue? (Score:3, Interesting)
In case you haven't noticed, most of our high-tech toys have at least a few taiwanese or chinese components in there; Most "modded" PC cases nowadays come from China; Many American and European manufacturers sub-contract asian assembly-lines.
And, obviously, they use e-mail to communicate with us Westerners.
Solution? Bounce with the 550 power. (Score:5, Interesting)
550 - Thank you for your support of the steganographic communications payment protocol.
550 - Your continued support of Falun Dafa [Falun Gong] in the face of continued oppression from the butchers of Beijing is appreciated.
550 - The following token shall constitute both a receipt for your payment and a public key with which you may send your next message to your allies in the resistance.
550 - KEYBLOCK 6x5 F81IZ FOLG3 VOLSX CIOP3 F7JJ2 EYMNX
Now, is it my fault if my crontab edits the last line of that message to a different series of random characters every 30 seconds? Is it my fault if the owner of the spam-relaying machine is... dealt with... in the name of protecting his fellow citizens from mysticism and supersition?
Hmm, I suppose it is.
But hey, there's a critical shortage of corneal and kidney transplants. And a critical oversupply of server administrators who support spammers. I'm just the invisible hand of the market, smoothing out the discrepancies.
Blocking China and other rogue IP space (Score:2, Interesting)
ALL:61.0.0.0/255.0.0.0:deny
ALL:62.0.0.0/255.0
ALL:80.0.0.0/255.0.0.0:deny
ALL:81.0.0
ALL:82.0.0.0/255.0.0.0:deny
It's better to block, then individually authorize. Most of the Chinese IPs are not only spamming, but constantly probing for vulnerabilities in SSL, SSH, FTP and other services.
What goes around, comes around... (Score:5, Interesting)
Of course, that's when the payback happens, because it's going to take more than a promise to be good to convince many admins to remove a blacklist entry, null route, or whatever. It basically boils down to a choice between quick money from dodgy spammers now, or long-term money from serious business investments further down the road. At the moment, it sure looks like the Japanese are the only ones that have really grasped the concept of long term business plans being better than cash now; tomorrow's problems belong to someone else.
Re:no mail of value (Score:3, Interesting)
I'm not willing to go that far, but I do assign a 1.5 point penalty (out of 5) to all Chinese and Korean IP space. It has made a substantial difference as spammers get smarter about skirting Bayesian filters.
My recent spam anecdote (Score:5, Interesting)
This is all very interesting, and I was even thinking to just block the asian nations would solve a lot of spam. But then I realized that I don't get much spam from there.
Most of my spam, greater than 90%, comes from the zombied US DSL machines as proof of their addresses when trying to connect I believe a large portion of the spam that exists also links back to chinese websites, not delivered from chinese mail servers.
I recently turned on greylisting and all the viagra/herbal/biggus diccus stuff is 100% gone. Not one in a week, normally there are >30 per day. Now all my spam is from France and somewhere in Asia. But that's like 2 a day.
Re:RBL (Score:3, Interesting)
I run spamassassin, and I have a rule to score URLs that reverse back to Chinese or Korean netblocks.
Over 50% of the tagged spams hit this rule. Now if these mails were actually sent from China or Korea, that is a different story (and a different rule
Re:Well, okay... (Score:3, Interesting)
Use The System Against Itselt ;-) (Score:3, Interesting)
May the ISPs live in interesting times...
Re:Why is this still an issue? (Score:1, Interesting)
Problem: spammer websites in China.
Problem: Chinese ISPs don't care, because they're owned by the government and the government doesn't care.
Fact: The Chinese government does monitor email, especially email with certain subversive keywords.
So, how can we make the ISPs and/or the government care? How about, included free with every spam complaint you send to a Chinese ISP, you thank them for their help in distributing Falun Gong literature, or delivering crates of goods to their contact in the Free Tibet movement, or mention that for their application, Semtex is preferable to TNT, or just include a block of encrypted text. It'll make the ISPs rightfully nervous about receiving such mail, and, when the secret police notice, it gives them something to do. The secret police may not care about spam, but they do care about subversion, or delivery of secret goods for subversives, or people who are sending encrypted messages. Make some of the encrypted messages easy to crack, and make some of them straight random numbers, those will be really hard to crack.
A year or so ago, a Chinese ISP was raided by police and their equipment seized, for just such causes. The police did figure out that it was bogus, and gave the equipment back, but I bet that particular ISP doesn't want anything to do with spammers anymore.
Benefit: Wastes the time of the secret police, a good in and of itself.
Benefit: Raises the noise level for monitoring email for subversive words.
Benefit: Makes ISPs paranoid about the sort of mail theyll be getting if they host spammers.
Benefit: If a spam-friendly ISP goes down in the process, are not the blessings truly multiplied?
Re:Put the money where they belong! (Score:2, Interesting)
I respectfully disagree with the following items in your assessment:
I do not think the following items in your assessment are in principle possible to satisfy with any solution: Furthermore, this is what I think about the assessment in general: Also, the following may apply to the expert who has performed the assessment. Please excuse me in advance for taking things to the personal side:Re:Spam Originating In Asia (Score:3, Interesting)
Quite right, which is one great reason not to use wholesale blocks without understanding them. I'm more of a fan of using some of the blackholes.us [blackholes.us] country-based lists to block China, etc than full IP blocks is someone wants to block certain countries.
Re:no mail of value (Score:2, Interesting)
Hmmm.
Maybe that's what they want.
The Chinese government seems to be doing everything they can to make sure that people in China don't have access to any information that is potentially critical of their regime. This is easy to do with websites (including Google it seems) but somewhat harder with email.
If they allow spammers to run free though, and every admin in the west blacklists all
I wonder
Re:Well, okay... (Score:2, Interesting)
Re:It's a good thing I don't know anyone in China (Score:1, Interesting)