By Sylvia Carr, 17 August 2004 12:50
NEWS The vast majority of spam originates in the US and this summer, like last, much of it is pornographic in nature.
Nearly 86 per cent of all spam messages sent since May 2004 came from the US, according to email security firm CipherTrust. This indicates spammers are finding ways around that country's anti-spam legislation.
US spam-sending computers have been quite busy, as just 28 per cent of IP addresses used to send spam are located in the country.
By contrast, Korea also accounts for 28 per cent of IP addresses used to send spam but these machines send only three per cent of the total volume of junk emails.
The other major spam-senders, China and Hong Kong, are the location for 23 per cent of the IP addresses and send about 2.6 per cent of the worldwide volume.
The UK barely registers in both areas, accounting for just 0.21 per cent of the total spam volume and 0.54 per cent of the IP addresses.
One way spammers are thwarting CAN-SPAM, the US anti-spam legislation, is by requesting that recipients unsubscribe to messages via the post. The law stipulates that all legitimate messages must offer a way to unsubscribe, but doing this through the post makes the process time-consuming and thus violates the spirit of the law.
Paul Judge, CTO at CipherTrust, says the company's research also shows that relatively few people - around 200 - are sending the world's spam.
A separate report from security firm Clearswift shows a spike in the amount of pornographic spam messages sent this summer - since June, the figure's up 350 per cent. Traditionally messages selling cheap software, mortgage deals or prescription drugs are more common than porn spam, though a rise in the levels of the latter occurred last summer as well.
CipherTrust's data comes from analysing messages collected from the nearly 2,000 enterprises using the company's IronMail email security appliance, while Clearswift's figures come from examining messages arriving at the company's many seed accounts.
Comments
There are 5 comments. Join the discussion
1. Robert Privett
Is the USA's "Can the Spam" law another example of knee jerk politics? Since retiring I have with some interest looked on at the crazy idea's that have come from goverment (both UK and US) like the US senators who wanted firewalls banned because law enforcement were unable to monitor activity on some sites, should it be a requirement that these law makers actualy understand what they are planning to do in a real world and not this mythical perfect world they seem to inhabit?
2. Charles Wood
The simplest solution would be for ISP service providers to be required to provide a service free of charge to block the spam at source for all requested blocks. Once it became a problem for the ISPs it would all stop overnight, as the big ones would prosecute the spammers.
3. anonymous
I agree with Robert - to an extent. However, here in the UK we also have madcap schemes devised by politicians often, entirely by coincidence, close to an election.
Clearly the opportunity to make money wins hands down over social responsibility as far as spammers are concerned. I think one question raised by this article is whether that attitude is more common in the United States than in other countries.
4. Nick Cole
Most SPAM originates on behalf of websites for advertising purposes. In the source of the message will be at least one URL that identifies a beneficial recipient of the advertising. Checking through the various WHOIS identifies that around 4 or 5 domain registrars are involved in most cases. In some instances the registered domain contact addresses also belong to the registrars.
It is clear that the spam industry creates new domains and websites at the drop of a hat solely for the purpose of single campaigns, and despite having opt-outs few of them actually have mailing lists, instead relying on trojan/virus dissemination to pass the message on. Opting out doesn't work as there is in fact nothing to opt out from.
To stop this scourge all email should only be allowed to originate from legitimate mail servers. What would also help is that nobody should ever buy anything from the spammers rendering the whole exercise futile. If the authorities acted quickly enough and pulled the plug on the domains and URLs embedded in the spam then that would also help.
Legitimate targetted advertising is sustainable and not necessarily unwelcome. What is happening now is that all advertising gets tarred the same and becomes automatically rejected. So if the responsible marketeers took an interest in canning spam then there would at least be an element of peer pressure and perhaps the problem would get taken seriously.
5. anonymous
Charles, just a very quick and easy question for you: under which country's legal system would spammers be prosecuted? Do you reckon there would always be a quick and easy answer to that question? If so, the spam problem is already solved. If not, perhaps we can all suggest a way to get international legislation enacted to enable the process to take place. Sorted!
Service Providers are caught, like everyone else, by the fact that the Internet is essentially an anonymous medium. Remove the anonymity and you remove the spam problem (and a whole load of other problems as well). But it is easier said than done.
CallerID for email or SPF could also be effective but getting sufficient providers to adopt them will be an uphill struggle. For providers, it will be a struggle to get their clients to accept CallerID or SPF, because there can be drawbacks and limitations imposed on them as a result. I know some can be mitigated but there are still drawbacks.
Lastly, don't forget it is already a big problem for ISPs.
I wonder..... if we could redesign the Internet from scratch, would we do it differently second time around?