Feeds

back to article America: Land of the free, still home of the BIGGEST spammers on the planet

The US prides itself on being the best at a lot of good things. And, judging by the latest data from security vendor Sophos, America is still the best at spaffing spam in the world. Countries sending spam Gold medal in spam goes to the US The firm's quarterly list of countries that send spam (as opposed to hosting spamming …

COMMENTS

This topic is closed for new posts.
Silver badge
Happy

USA! USA!! USA!!!

Commercial speech is free speech, so let me inundate you with my constitutionally protected ads for Viagra and naked pictures! (The naked pictures are not really MY pictures. Tthere are some forms of self-expression that even the First Amendment can't condone.)

Where's the Old Glory icon??

10
1
Bronze badge
Headmaster

Re: USA! USA!! USA!!!

"Commercial speech is free speech..."

Sorry, but that should be spelled S-P-E-A-C-H, "speach".

At least, that was the official spelling among the busted spammers whining on news.admin.net-abuse.email back in the old days.

4
0
Anonymous Coward

Re: USA! USA!! USA!!!

America: Land of the free*

* excluding healthcare and respecting the human rights of non US citizens...

1
0
Silver badge

Also excluding respecting the human rights of US citizens on occasion.

1
0
Silver badge

Proud to be amexican

The US prides itself on being the best at dodgy drugs, genital enhancements, and get-rich-quick schemes, as well as spreading malware.

TFTFY

4
2
Silver badge

Digital stamps

There has long been an opportunity here for digital stamps. A marginal cost of a tenth of a penny would be easy to bear for any normal mail volume, but prohibitively expensive for spammers.

SPAM exists because it pays. Making it *not* pay is the only real way to shut it down.

4
6
Bronze badge

The crowd HATES spam

I think this would basically work, but you would need to have an interface to SMTP email, and that side of the email would remain polluted. I think a better way to attack the spammers' business models would be an integrated anti-spam tool built into the email system.

Right now we have "Report spam" button that simply tunes the spam filters a bit. Imagine a "Hunt spam" button that would trigger an analysis of the spam. You would get a webform of your analyzed spam, with embedded radio buttons to confirm the analysis. You would confirm or reject the various results, and then submit, and it would send you another webform based on those results. The second analysis would be more refined, and it might go for several rounds until all of the aspects of the spam had been confirmed, and you had recommended the most plausible countermeasures.

Of course we shouldn't be allowed to form a lynch mob, but we can help with the targeting against the spammers. We can disrupt ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and help ALL of the spammers' victims. The profits of spam will go down, and the value of the Internet will go up.

2
0

Re: Digital stamps

i host a couple discussion lists with as many as a few 100 subscribers, all non-profit things like attendees of a folk music festival, or members of an astronomy club. if I had to pay for every email, this would become untenable quickly.

3
0
Silver badge

Re: Digital stamps

> if I had to pay for every email, this would become untenable quickly.

A proper balance has to be struck. The OP's idea of a 1/10 penny might even be much too high.

1/100 of a cent might even be sufficient or 1/1000 of a cent considering these people are spewing out millions of emails.

The elephant in the room through is that a lot of SPAM comes from bot nets so the spammers would not be paying anything anyway.

5
0
Silver badge

Re: Digital stamps

@Shannon Jacobs, @pierce @skelband:

To avoid making a TL;DR post, I did not really flesh out my ideas. Implementation-wise, there are many details that leave most people behind. PKI can be difficult to understand.

Whatever the technical details, PKI makes it possible to know who a sender is or to know that the sender is recommended by someone you know. Spammers could not send you mail because there is no way they could gain a credible recommendation and no way they can afford to pay you to accept traffic from a stranger.

The cost associated with the 'digital stamp' is so that legitimate senders can always get an important message through. It would block trivial messages from legitimate senders, but arguably that is SPAM.

The reason to depend upon something akin to digital currency is because it is important to legitimize the sender without necessarily identifying them personally.

Cost would have to be adjusted to some reasonable minimum that made SPAM unprofitable but allowed ordinary legitimate mail to be economically feasible.

To support the stamps, essentially digital currency, you need a PKI infrastructure anyway. That being the case, mailing lists that you wanted to encourage could be given a pass under a 'bulk rate'. Ones you did not want to encourage would be discouraged.

You could develop a system of rates for unsolicited mail vs mail from known senders and mail being sent 'first class', 'regular', 'bulk', etc. The PKI can allow you to differentiate between senders whose keys are signed according to how much you trust the signer. People managing a huge mailing list would have to send 'bulk' and/or they would have to re-evaluate the value of sending to the list. I am skeptical of the net value of mailing lists to the recipients and it is the recipients we are trying to serve. If you have something you send out to a million users every week, you would have to switch from a 'push' model to a 'pull' model by placing the message on a server where interested readers could pull it down.

Re: "a lot of SPAM comes from bot nets"

That is true. AFAIK, most SPAM is now coming from bot nets. Do you think that it is unreasonable to require that people in charge of putting a PC on the network bear some responsibility for damage it does? This is probably a good way to get users to be more diligent and to force companies like MS to take security more seriously. This would effectively cause all of that type of traffic to be 'metered' and would end up returning an enormous amount of the aggregate capacity of the network back to us.

Given that the digital stamps involve actual money, the system responsible for placing the stamps would be more secure and to the extent it was breached, it would be limited to how much it could send by the money available for stamps. You could also make it so that the system asked for permission before using stamps, etc. You could have a special wallet to act as a 'postage meter' limited to a small amount sufficient for normal mail.

Part of the reason we have SPAM at all is that PKI is in a dreadful state. It should be both usable and used by everyone. It should be largely incorruptible. Instead, it is hardly usable even for experienced users, not used except in basically broken ways and the root CAs are all fundamentally corrupt.

Unfortunately, one of the things holding us back is that the bad guys have hijacked the PKI and DRM conversation(1) and are driving us inexorably toward 'treacherous computing'. It seems to me that the good guys who know enough to use the stuff are reluctant to vigorously pursue its use because of the danger that DRM presents.

I am not expert in this area, but I do have some experience. As far as I know, we can definitely implement things like digital stamps and we can definitely put in place PKI such that outbound traffic from a given system is done using a PK pair and that inbound traffic can be checking up a chain of signatures to establish trust.

Signed keys are not limited to a single one, nor are they intrinsically limited to a single use. If we have the infrastructure to deal with digital stamps then we also have in place infrastructure capable of verifying along the route from sender to receiver such that unsigned traffic is never forwarded by routers or accumulated by mail servers.

Of course, as people worried about DRM would know, the above requires that we have a distributed trust system that cannot be tampered with by agencies like the NSA or other hostile forces. If any single entity or any colluding oligarchy gains control over the system they can(2) cause havoc and cripple the Internet.

Technically, it is quite possible to implement digital stamps and surrounding infrastructure to eliminate SPAM as such. On the way, there are some impediments, but these (a) are political not technical and (b) need to be dealt with anyway.

We *will* move toward some sort of micro-payment capable system and some sort of distributed trust. Along the way, we *will* have DRM. It is going to happen. However, it is very important that *well before* we implement the DRM part we entirely remove control from unfaithful trustees like Verisign, Sony, Microsoft, etc.

(1) The 'trust' conversation currently involves the bad guys insisting that everyone must trust the bad guys above all. They demand that we give them control of all of the master keys and do as we are told. They want to breach trust going in. I'm against that and so are any other decent people with a clue about PKI. Control of things involving trust such as DNS, SSL root certificates, etc need to be distributed so that breaches of trust are effectively impossible. Currently they are controlled by the bad guys.

(2) Eventually, by Murphy's Law, we know that eventually, 'can' == 'will'.

3
1
Thumb Up

Re: Digital stamps

To avoid making a TL;DR post

What you and I consider TL;DR might differ just a little.

12
0
Vic
Silver badge

Re: Digital stamps

> A marginal cost of a tenth of a penny would be easy to bear for any normal mail volume,

This would have no effect whatsoever on spam.

The spammers would simply steal credit in the way they currently steal bandwidth.

> Making it *not* pay is the only real way to shut it down.

Indeed, but your proposal does nothing to affect that profitability.

The Boulder Pledge is the only way to stop spammers, and that's a *very* long-term proposition.

Vic.

2
0
Anonymous Coward

Re: Digital stamps

That was Microsoft's idea, it didn't catch on.

Everything from password resets to an email confirmation of an order placed would cost money.

1
0
Anonymous Coward

Re: Digital stamps

"and to force companies like MS to take security more seriously"

Windows has consistently had fewer vulnerabilities that were on average fixed faster than any comparable OS (for instance enterprise Linux distributions or OS-X) every year for the last 8 years....

0
4
Bronze badge

Re: Digital stamps

Lies, damned lies and statistics. I've never read a more convoluted claim!

0
0
Silver badge

Re: Digital stamps

Bad idea because you ignore the reality of the spam culture as it exists today. The people who could be hit with an email tax aren't the spammers or wouldn't notice it. The people who would be eliminated by it have already pretty much been done in by ISP filtering. That's right, as the article noted most spam these days isn't generated from legitimate accounts on legitimate email systems. It comes from a vast army of zombie PCs sending out only a few emails each. Just like a DDoS attack, it leverages a lot of machines instead of a fast one.

1
0
Silver badge

Re: Digital stamps

That was Microsoft's idea, it didn't catch on.

There have been numerous proposals for impeding email spam with one sort of tax or another. I doubt Microsoft was the first to propose a micropayment system, and non-payment resource-tax proposals go back at least as far as 1997, with Back's hashcash.

All of these, and btrower's (overly long and vague) proposal, suffer from two fatal flaws. One is that actual reputable research into the problem indicated that the benefit does not justify the cost: even when such a system works, it can't be tuned to eliminate a significant portion of traditional (mass-mailing from a limited set of accounts) spam without occasionally obstructing legitimate email.

The other, as Tom 13 and others have noted, is that most spam transmission is distributed over such a wide range of compromised machines that the tax is simply ineffective - a calculation that btrower gets quite wrong in that section of the manifesto.

(I was going to offer more critique of the manifesto, but it's not worth it. It rarely is. I'll just note in passing that "PKI infrastructure" is redundant.)

1
0
Silver badge

Regulatory Failure

More than anything this highlights how increasingly useless the Food and Drug Administration has become. A significant part of their mandate is to control not only the distribution of prescription pharmaceuticals, supplements and medical devices, but also the advertising and marketing of them.

They can't do that though because they're too busy finding reasons not to approve drugs the rest of the world can access, OTC in many cases. Well, that and finding reasons to fast track approval of drugs for rare conditions and those with a negligible impact over what is already available but have lost patent protection and can be produced generically.

From a humanitarian standpoint, the FDA does more damage to the US population than any other agency. God they suck.

5
1
JB

Re: Regulatory Failure

And allowing the advertising of pharmaceuticals on TV, with a voiceover listing all possible side effects over film of an old geezer lovingly washing his 1950s pickup!

5
0
Silver badge
Meh

Re: Regulatory Failure

No, they can't do this because their funding has been gutted.

Like all the rest of our "interfering and meddling with our right to free market" watchdog agencies.

Can you guess why and by who?

0
1

This post has been deleted by a moderator

Silver badge
Trollface

Yep, zombie 'bots.

These days, 7 out of 10 times when I'm asked to fix someone's home PC (almost wrote "personal computer" as opposed to WC or "work computer" )** it's effin' malware that has caused the problem.

**see what I did there?

1
0
Headmaster

which lists

"Third and fourth place on the list belong to India and Italy respectively, with both showing big increases in spam generation in the first three quarters of the year. Kuwait and Israel are new entrants to the Sophos list this quarter, holding seventh and twelfth place respectively."

This last paragraph is referring to different data lists. Third and fourth place, by volume, are India and Italy. Seventh and twelfth place, per capita, are Kuwait and Israel. The text is misleading.

0
0
Silver badge

Re: which lists

Given that the author had already shifted context when discussing Belarus, I had no problem with this at all.

0
0
Gold badge
FAIL

Amazing. The country with the most extensive system of spying on it's citizens can't

stop it.

Unimpressive for all that spying is it not?

Perhaps educating those merkins a bit more could make all our lives a bit better?

4
0
Anonymous Coward

Re: Amazing. The country with the most extensive system of spying on it's citizens can't

I think what would help is examples from readers how they combat spam ......

Thank you.

0
0
Silver badge

Belarus should be disqualified.

They're probably using steriods.

4
0

Interesting that the UK doesn't feature

Better not tell Tony Cameron and associates lest they'll want to "improve things":-)

0
0

The NSA must know whose computer is infected and sending spam. They could actually do something useful and beneficial for once. Formatting the hard drive on infected machines comes to mind. If anyone complains, send them to Belarus.

0
0
Bronze badge

Formatting?

If they want to be helpful, they could restore from an uninfected backup, then tell the user exactly how they got infected and not to do it again.

It might even buy them quite a lot of tolerance for their spyiing.

0
0

Nigeria?

So where is Nigeria? Was it filtered out?

0
0
Silver badge

Canter/Siegel was not first

Back in 1994 the first spamming came from lawyers Laurence Canter and Martha Siegel

No. That was the first commercial Usenet spam, but it was neither the first Usenet spam or the first commercial spam.

The first Usenet spam is believed to be Thomas' religious spam ("Global Alert for All: Jesus is Coming Soon"1), which was posted earlier in '94. Wikipedia cites Thuerk's ARPANET spam of 1978 as the first known commercial spam message. Even if there are no earlier examples, that means email spam predates Canter/Siegel by some sixteen years.

1In fairness to Thomas, there were widespread reports at the time that Jesus was breathing heavily.

1
0
This topic is closed for new posts.