Russia, China World's Biggest Spammers 435
An anonymous reader writes "According to this ZDNet article, The Spamhaus Project has warned that organised cirminal gangs in Russia are supplying U.S.-based spammers with details of compromised PCs that can be manipulated to send junk mail. According to Spamhaus director Steve Linford, the Russian gangs aren't constrained by any anti-spam or cybercrime laws in their home country and have no respect for legislation implemented in other countries. Also, apparently 70 percent of spam is sent from China by American spam outfits who in turn have hosting arrangements with Chinese ISPs."
Steve Linford's corrections (Score:5, Informative)
Mod parent up (Score:1, Informative)
Spamassassin 3.0 and URIBL_SBL (Score:5, Informative)
http://www.spamhaus.org/sbl/howtouse.html [spamhaus.org]/ 25_uribl.cf [spamassassin.org]
http://www.spamassassin.org/full/3.0.x/dist/rules
Re:I asked this around and didn't get an answer (Score:3, Informative)
spam stats (Score:5, Informative)
Total rejected spam: 16235 (and 8178 accepted messages)
Confirmed Chinese spams: 1229
Confirmed Korean spam: 1414
Confirmed Canadian spam: 264
Confirmed Polish spam: 342
Confirmed US/comcast spam: 1363
Confirmed French spam: 181
Confirmed Southwest Bell spam: 382
Confirmed Italian spam: 114
Confirmed Spanish spam: 167 (TDE must have finally gotten their act together)
Confirmed German spam: 967
Confirmed Netherlands spam: 452
Confirmed Brazillian spam: 864
This is by no means a scientific analysis - it's based on hard-coded IP-based blacklists that are caught before standard blacklists are checked.
Spamcop RBL rejects: 5460
Spamhaus RBL rejects: 1509
Njabl RBL rejects: 1807
Homebrew RBL rejects: 6382
The big three spam sources have traditionally been Korea, China and Brazil. Comcast has been the big US spammer. France (wanadoo) has also been a major contributor though it doesn't seem to be reflected in this days' logs.
Re:What is the best way to stop this? (Score:5, Informative)
Appendix:
SMTP+TLS+AUTH is not that tough, no whining. All modern mail clients support it, on all platforms. There is a little bit of work to do on the server end, but that's what you pay your ISP (or IT department) for:
Re:The Russian mafia (Score:4, Informative)
Yeah, cry me a river. At least in major sities, this is not the case. The definition of "well paying" may vary, but we're talking about Russian standards here. It's more like the employers can't find adequate geeks to man the jobs.
In small shitholes, it can be tougher (what country has it the other way?). But nothing really prevents people from moving anymore.
The bottom line is: these people have deliberately chosen to be scumbags.
Re:There is a fundamental problem with email (Score:3, Informative)
be aware that commercial messages by companies do not fall under freedom of speech (or at least not in my country. freedom of speech is only for people.)
Re:My new spam fighting techniques. (Score:5, Informative)
When host connects to an SMTP server in order to send it an email, it will receive a banner back which may include the string "ESMTP". If it does then the remote SMTP server supports an enhanced version of SMTP with additional features, "ESMTP". If the host also understands ESMTP, then it should respond with an "EHLO" command. If the host does not understand ESMTP, or the string is not present in the banner, then the host will respond with the "HELO" command defined in the original SMTP RFC to use the simpler set of SMTP commands.
In either case, "HELO" or "EHLO", the host should also tell the server its host name, viz:
Ideally, "host.company.com" will also have a valid reverse DNS record which will match the IP connecting to the SMTP server. However, the SMTP RFCs do not actually *require* that this is the case, nor for that matter that the hostname is provided at all. Frequently the hostname will be given, but will not be a valid fully qualified domain name on the Internet. So, depending on how draconian you want to be, there are a number of options for rejecting the connection before any data is sent:Comment removed (Score:4, Informative)
Re:The Russian mafia (Score:4, Informative)