Russia, China World's Biggest Spammers 435
An anonymous reader writes "According to this ZDNet article, The Spamhaus Project has warned that organised cirminal gangs in Russia are supplying U.S.-based spammers with details of compromised PCs that can be manipulated to send junk mail. According to Spamhaus director Steve Linford, the Russian gangs aren't constrained by any anti-spam or cybercrime laws in their home country and have no respect for legislation implemented in other countries. Also, apparently 70 percent of spam is sent from China by American spam outfits who in turn have hosting arrangements with Chinese ISPs."
That old bone song.. (Score:3, Interesting)
Wasn't it Windows PCs...? (Score:3, Interesting)
Spam Slashdot? (Score:1, Interesting)
Someone should make (using genetic algorithms) a posting bot that tries to make insightful first posts. Its fitness can be determined by the readability and moderation score.
another... (Score:3, Interesting)
another possible explanation of this is illegal copies of Windows.
I was recently talking with a friend from hong kong; he mentioned that virtually no one buys legitimate copies of software because it's more expensive and less readily available.
he also said that users and companies using pirated software don't update it for fear of legal action--hence the huge number of zombies.
Re:What is the best way to stop this? (Score:5, Interesting)
Re:Solution? (Score:2, Interesting)
You only got 8,398 messages in one year?
I more than that in ONE WEEK. Each day, I average 1,650 email messages; with about ten of those being legitimate. With your recommended software, even with its "amazing" accuracy, I'd still be getting more spam passed through than legitimate messages.
(This is an old email address, used for well over fifteen years. It has been out in the public forever--used on things like domain registrations and Usenet--well before email addresses needed to be guarded, because spam simply didn't exist back then).
No, classification and filtering is not a reasaonble solution. You got 66 classification errors; how am I supposed to look through over 1,500 messages a day to pick out the one or two that actually were legitimate but got filtered as spam? It's insane, and I'm not going to do it.
We need a BETTER solution than filtering--because if this trend continues, within a couple of years EVERYONE is going to getting thousands of emails a day.
Re:Start Bombing (Score:2, Interesting)
hehe - well put :)
I definitely don't understand what kinda clout these 'marketing' companies have in DC/wherever, that they are able to block any 'definitive' legislation against spam - something the majority of the populace will welcome with open arms.. Someone should make it a prime election issueIt's not as if it's the call-center industry where thousands of jobs are bound to be affected..
I don't get it. I don't believe Politicians were in mind when the term 'common-sense' was coinedMy new spam fighting techniques. (Score:4, Interesting)
Re:What is the best way to stop this? (Score:3, Interesting)
Lucky You.
I get spam all the time, though not in great quantity. Maybe 5 a day, tops. But here's the kicker: They're all Chinese and Japanese.[/p][p]I have no clue what the chinese ones say, but they're encoded in the chinese character set. From what I can make out of the ones in Japanese, along with having a friend who can bumble her way through the language, I've gotten about 40 Emails over the past year from a Japanese Home Loan Company.[/p][p]I don't own a home.[/p]
Re:What is the best way to stop this? (Score:1, Interesting)
Re:Give users the power to block countries... (Score:5, Interesting)
Thanks. It's people like you that block my mail (I live in Hong Kong) and make me have to use devious inconvenient methods just to send a normal message.
Re:What is the best way to stop this? (Score:4, Interesting)
As a solution at my workplace, we deployed dspam at the mail server about 7 weeks ago. At first I was discouraged at the results so much that I thought I had made a worthless call. Gradually I saw improvment and now it is running at about %99.7 accuracy. I get something over 200 spam a day into my account. I now see about one spam in my in box every three or four days, the rest go into my spam folder. Our other users found the system to be far better than I did, faster learning even. One user reported near pefection in about a week, he gets 10 spam a day. Except for one user (but there is one in every croud), it has nearly fixed the spam problem at our orginization.
I expect this to be a more realistic and permanent solution far beyond what legislation will ever do to inhibit spam from using my time.
I mean, other than right now.
Re:What is the best way to stop this? (Score:1, Interesting)
Peronally i would rather have my tax dollars going to put rapists murders and theives in jail rather then wasting time with spam advertisers. Get a good filter, use your own money and mind to do it....the government is not the solution to your little spam problems.
stendec@gmail.com
Re:Give users the power to block countries... (Score:5, Interesting)
Re:Give users the power to block countries... (Score:1, Interesting)
Re:Spamassassin 3.0 and URIBL_SBL (Score:3, Interesting)
It's due out around the end June, assuming no major glitches in the code, etc. I've been testing the URIBL_SBL rules with the current version, and after a little messing around to get it working have found that it works very well indeed. It's definitely worth looking at the upgrade if you are currently running a vanilla version of SpamAssassin. IIRC, version 3.0 will also be adding support for Spamhaus' XBL list, which lists the hosts that the article is about; those that have been demonstrably compromised by a worm or trojan.
Re:What is the best way to stop this? (Score:1, Interesting)
Everyone seem to be blaming the spammers, and not the victims.
If this was about viruses you would all be whining about how Microsoft or the script kiddies are not responsible, but the end users.
This is the same thing, the US companies are the script kiddies "writing" viruses and China/Russia are Microsoft supplying the script kiddies with ways to attack users.
What's the Big Fucking Difference?
Re:Why does this remind me of illegal drugs? (Score:3, Interesting)
In my case [kandent.com], only 1/4 of my spam was in English. I know a few hundred foreign words, but none in Russian or any Asian language. It seems pretty far-fetched that Americans could be creating demand for this type of spam.
Also interesting is that reporting spam did not decrease the quantity of foreign-language spam.
Re:What is the best way to stop this? (Score:5, Interesting)
The other method is to go after the advertisers who hire the spammers in the first place. Spammers are bottom-feeders, for sure, but if you cut off their customers, then you cut off their income.
I'm doing this with one spammer's customer right now. Since they are a legitimate company in my town, I have collected evidence that the spammers they do business with are using dictionary attacks, web page harvesting, and zombies. I've explained to them that all this is illegal and if any of my 20 email domains receives another spam from their business, all the evidence is going to the FTC for prosecution via CAN-SPAM. The law is far from perfect, but at least legit companies can be punished for breaking it. They are listening and reconsidering unsolicited commercial bulk email as an advertising route.
I know, many people would say fsck it and just turn them in. I figure I'd be nice first. I've explained the consequences and I've convinced them I will follow through. If others out there live in the same city (not necessary, but it IS easier) as a legit business that is spamming, be professional and courteous, but make them wish they never spammed you.
ok.. (Score:3, Interesting)
It'll be a double-edged sword, I know, but in this matter, it'l hurt them more than the rest of the world. Boycott and Blacklist all *.ru and *.cn servers until this matter has been settled.
Comment removed (Score:4, Interesting)
Korea (Score:1, Interesting)
I've actually taken to the process of filtering entire Korean IP ranges. While time consuming, within a week I have cut my spam in half. I'm also no longer getting unreadable asian charsets.
Anybody know where someone might obtain a list of IP ranges as assigned by country?
I could give a flying fork about asisn users. I have no need to recieve email from that part of the world anyway, so for me, the best solution is to just block off that part of the world.
No skin off my back.
Re:What is the best way to stop this? (Score:1, Interesting)
So if company X pays spammer to send bulk emails then company X is just as guilty as the spammer. So you charge them both with sending unsolicited emails and give a hefty fine (say $100 per email) to the company and some jail time for the spammer (so he can enjoy some ass loving).
Why just go after the guy doing his job - go after the guy that hired them to do the job. Should be pretty easy as that company is represent in the spam he is sending.
It is like murder. If you hire someone to kill someone you are just as guilty as the guy you hired to committed the murder.
So stop the cash flow before it even reaches the spammer... No one hireling spammers = no spam.
I completely disagree (Score:4, Interesting)
Why I Am Not Surprised (Score:3, Interesting)
As somebody who lived on the territory of the former USSR, I am not surprised that the majority of spam arrives from Russia and that kiddie pr0n sex rings are linked to companies in Belarus. Why does that happen? Well, compared to the United States those countries have virtually zero law enforcement and high levels of corruption.
Even with Vladimir Putin, Russia still lags behind in terms of law enforcement when it comes to protecting human rights, technology, women, children, etc. When I traveled across the republicts of the former USSR I was surprised by the amount of counter-theft goods that one could get through local flea markets. You can get CDs full of the latest software, like 3D Studio Max, for $2-3USD. If you get a several CDs, you get a discount. When you pop one of those puppies in your drive and read the instructions, they'll say "Please run a program called crack.exe in order to activate the product." Activation my ass. The same applies to DVDs, and brand-name products.
According to my friend who travelled to China, that country is pretty much in the same spot. Yes, they are good at banning people from accessing forbidden sites. Yet at the same time you can to to a street market and purchase a fake "NorthFace" jacket for $20USD or less; In the states you'd pay up to ten times as much. Then there are corrupt politicians and cops who can close their eyes provided that you pay them a certain amount of money. With that in mind, it is not a surprise that China and Russia lead in spam.
There is a lack of sync between technology and the laws that govern it in the countries that are not, well, *that developed* yet.
The solution is simple (Score:3, Interesting)
1) A filter that looks for hostname patterns that look like consumer internet connections (DSL/cable/dialup):
[note: these are in Exim lookup-table syntax]
\N^(dsl|cable|adsl|dialup|docsis|pool|ppp|clien
\N^.*\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3
\N^c\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\..*
\N^[sShH]\d{3,}.*\.[a-z][a-z]\.shawcable.net$
\N^.*\d+\.charter-stl.*$\N
2) Next, you block known spam-source countries. Some may take offense to this but the company I work for only sells products to people in the US, so these filters aren't a problem. To accomplish this, I set up djb's rbldns server on one of my machines. Currently, I'm blocking netblocks from Brazil, China, Korea, Malaysia, Nigeria, Russia, Singapore, Taiwan, Thailand, and Turkey. These netblocks come courtesy of blackholes.us [blackholes.us].
3) Anything that is not caught by those first two local options is run against the DNSBL list [sorbs.net] at SORBS. We choose to use their combined blackhole list but you could just as easily go with their anti-dialup/dsl/cable IP list.
If an e-mail makes it through all of that, it gets run through SpamAssassin and blackholed if the score is >= 7.0 and marked if the score is >= 4.0.
We're also doing a bit of tarpitting. Every time we get a connection from a blacklisted IP, we tarpit them for two minutes before spitting out a 550 error code.
Despite this, we still get some spam and dictionary attacks. The spam gets filtered by the client and the dictionary guesses are blackholed by the local delivery server, which is configured not to send bounces.
Chris
Re:High Volume E-mail Deployers (Score:3, Interesting)
"Is it ok if we show your email address on screen?"
"I'd rather you didn't." (as scottrichter442@yahoo.com flashes several times...:)
A couple of weeks ago, the Aunty Spam [aunty-spam.com] blog did an interview with Scottie. Very evasive answers. I had a little back and forth dialog with him in there. (scroll about 1/2way down)
Very enlightening as to his mindset.
A simple idea to curtail *LOTS* of spam.... (Score:2, Interesting)
1) POP-BEFORE-SMTP and/or
2) Route ALL port 25 traffic through the ISP's mailserver.
For incoming SMTP connections to receive email:
ONLY ACCEPT CONNECTIONS FROM FELLOW DNS-IP-VERIFIED SMTP SERVERS. NO EXCEPTIONS!
Alas, as long as hosts continue use 'hidden mailservers' that are not officially on file with a DNS lookup, spam will continue to plague the Internet.
In a perfect world, directly delivering email to the recipient's mailserver should only be done by a fellow mailserver offically on file with the DNS system. When a 'non-mailserver' IP does this, the practice screams spam....