USA gets better but still top spam source
Anti-virus and anti-spam company Sophos has released its latest spam report 
, which covers the origin and replaying of spam for the first quarter of 2006.
According to the report, the USA accounted for over half of all spam sent to the world two years ago, but now it sends less than a quarter. The improvement is attributed to the CAN-SPAM Act and to successful US prosecutions of spammers.
Increasing amounts of spam sent from other parts of the world also help the USA’s percentage of the total to fall. Europe in particular has seen substantial increases.
Asia remains the king of spam-relaying.
You can read a summary of the report with graphs on the Sophos web site.
Related posts
April 23rd, 2006 at 12:50 am
Other sources have noted that decreases in e-mail spam may be illusory because they came with increases in things like comment spam. (or even entire spam blogs, like the ones you hit frequently after hitting “Next” on Blogger blogs)
Usenet newsgroup used to be the #1 haven for spam until e-mail became a more “effective” spam vector. Now that there are things like “comment spam” and because most people have at least a minimal spam filter, e-mail might be the new usenet and comments might be the new e-mail.
I still think there’s room for improvement in legislation like CAN-SPAM. However, I think that the real solution to spam is going to come from innovative ideas in the market and not from legislation and prosecution.
April 23rd, 2006 at 10:20 am
That’s a good point about comment spam and “splogs”.
Even on a small blog like this, comment spam runs equal with real comments. Which is to say that the Akismet spam catcher has caught over a thousand spam comments.
On big blogs the figures must be even more striking.
April 25th, 2006 at 11:53 am
Any brief speculation on what those “innovative ideas” might be, Ted? I’d written quite a bit the other day and was having trouble summarizing it concisely enough to post here. Some thoughts (still longer than I’d like, sigh):
Personally, I’ve experienced an explosive increase in spam within the last 18 months. I used to get maybe an average of a couple spams a week; now it’s a flood of several dozen a day. I haven’t been “publishing” recipient addresses in ways to make them more obvious spam targets, and my overall e-mail usage has decreased quite a bit during this time. It’s as though spammers have “latched on” to a few addresses (plus hit others using randomly generated ones) and never let go like they used to after that occasional increased blip. And it’s frustrating not knowing what else to do other than block/filter it; reporting it (as I did for a bit) only seemed in vain and a waste of time.
That’s the primary motivation behind my wondering about this:
Maybe spam recipients (myself included!) need improved methods for actively participating in actually stopping spam instead of just accepting a defensive, blocking/filtering, “out of site, out of mind” role while feeling helpless to do anything more. A combination of increasing public awareness campaign and providing sufficient tools/resources to make it happen (including to desktop client users, like myself)? Apparently enough people continue responding to spam and help keep it a lucrative “business”, though everyone I know considers it a nuisance they’d be more than glad to be rid of sooner than later.
ISPs seem to have some kind of linchpin role to play in this, yet the details of responsibility are still unclear.
April 25th, 2006 at 1:42 pm
sjk: As I mentioned before, I think spammers are going to start doing what all other advertisers are doing — moving to alternative media. As that happens more, you’ll see less e-mail spam.
(also note: be sure your e-mail client is not viewing remote images in messages. Spammers use those remote images to validate your e-mail address, and validated e-mail addresses get lots more spam)
However, there’s room for some major new technologies if they’re made available in such a way that they’re easy to understand and use. For example, services like GoodMail (http://www.goodmailsystems.com/) are starting to become popular. Additionally, power members of the community (like Bill Gates, Steve Case, others) are starting to suggest things like postage for e-mail. Even if you have a negative gut reaction to these ideas at first, you should let people experiment with them. It’s through open minded experimentation that we’ll get true innovation.
Additionally, I think that as people want to become more secure, anti-spam technologies will emerge without us even shooting for them. (for example, the “firewalls” installed in millions of homes behind cable and DSL modems were never initially meant to be firewalls. They were routers that performed NAT masquerading that just happens to have a biproduct of also serving as a firewall… suddenly the NAT aspect fell away and the firewall became the thing that people were buying) In the case of e-mail, I think people will start using signed and encrypted messages and requiring certified e-mail senders. Again, people may start using these AGE OLD TECHNOLOGIES not to prevent spam but to send secure information over e-mail. However, it’s just millimeters away from certified mail for everyone, and taht would surely stop spam (or make it very easy to stop spam without crazy filters).
(note, those AGE OLD TECHNOLOGIES that I’m talking about are not known by many people on the Internet because they’re not as intuitive as they could be. However, lately software developers have found ways to make them more intuitive. It’s only a matter of time)
There are things web developers can do already. Here’s one example:
http://www.projecthoneypot.org/home.php
With Project Honey Pot, web developers (like Tim) can embed into their web pages special code that tricks spambots (bots that harvest e-mail addresses from web pages) into following bogus links. When they follow those links, they are added to spambot lists that get reported to various authorities. (on my sites, any spambots I find are immediately denied access to all of my sites… they get “sand traps” instead (see below))
Other sites take a different approach:
http://www.spamhelp.org/harvesterkiller/
They randomly generate e-mail addresses to clutter the harvest list of spambots.
And you can go even further with a spambot “sand trap”…
http://www.neilgunton.com/spambot_trap/
A sand trap puts links in special places that ony spambots will look. Those links link to pages that simply link to other generated links that link to pages that link to other generated links… this goes on forever (the links are dynamically generated).
I’ve done all of this on my sites. I frequently catch spambots. Not only do they get reported, but they spend a whole lot of time going through hundreds of sand trap links.
With regard to ISP’s, some of them do take responsibility. However, it’s often very difficult to trace a spammer back to his or her ISP. Additionally, spammers often have multiple ways of getting onto the Internet.
I simply don’t think you can stop spam at its source in the traditional sense. It takes a system-wide approach, and I don’t think it has anything to do with legal penalties/etc. I think it will take education and innovation.
And finally, I don’t think a lot of spam is getting responded to. I think the purpose of a lot of spam is simply getting names out there (just like any other type of advertising). The more you are exposed to a particular stimulus, feedback in the neural networks in your brain put additional weighting on that stimulus. That is, if you need three related stimuli to trigger a memory synapse, the next time around you may only need two of them. Eventually you’ll be sitting right next to the tripping point of that memory and nearly everything you see will make you think about a brand name or a particular product. This is what makes advertising so effective. And this is the purpose of a great deal of spam. (e-mail and snail mail)
April 25th, 2006 at 1:49 pm
(one more quick thing… thouse who pay spammers are just like those who pay other advertisers… They’re taking a risk. They have no idea where they’re getting customers. They invest in spam because they believe in its effectiveness in getting their product name and brand name out there. Simply telling people that spam is not effective is not going to convince them to stop paying people to do it… because, in truth, spam is more effective than you think… and even if it isn’t, there’s no way to prove how effective it is. As long as there’s a CHANCE of it being effective, there will be some people who put a little advertising revenue in it)
April 25th, 2006 at 1:50 pm
(maybe there needs to be legislation/action that penalizes not only the spammer but his or her clients… I think there are civil liberties issues there though… However, that would grealty increase the effective cost of spamming)