Spotting, Swatting Sources of Spam
Aug 30, 2005 7:00 AM PT
How big of a problem is spam? The 2004 National Technology Readiness Survey estimated that spam costs the United States economy US$21.58 billion per year in lost productivity.
That estimate is based on the assumption that United States Internet users spend an average of three minutes sorting through and deleting spam every day they go online. It does not include costs related to viruses and other malware that may accompany spam. That figure from 2004 also does not include losses related to legitimate e-mails that are not received because blocking efforts have caused commercial disruptions.
For many of us, the significance of the spam problem does not become a concern until it results in blocking of legitimate e-mails. Then the global problem of spam can instantly become an individual problem.
Blocking is primarily done by recipients' e-mail services not on the basis of individual e-mail addresses or even domain names. Instead, blocks are imposed on IP addresses, which are a series of four sets of numbers, e.g., 18.104.22.168.
What Is Spam?
The Spamhaus Project defines spam as unsolicited bulk e-mail. According to Spamhaus:
"Unsolicited means that the recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. A message is spam only if it is both unsolicited and bulk."
Solicited bulk e-mail may be considered to be sent with permission if the recipients have gone through a double opt-in. E-mail reputation firm Habeas states that double opt-in is achieved when: "The recipient explicitly provides you with permission to have their e-mail address placed on a mailing list, you send the recipient a confirmation e-mail, and the recipient confirms their permission by e-mailing back or by visiting your Web URL to confirm."
Namespace MiningThe three principal methods spammers use for coming up with lists of e-mail addresses are:
- Buying or stealing an existing list;
- Harvesting e-mail addresses from compromised computers that form part of spam or bot networks; and
- Namespace mining.
Namespace mining uses an automated program to generate likely addresses that can be spammed, e.g., James@InternationalStaff.net, Jamie@InternationalStaff.net and Jose@InternationalStaff.net.
At business-to-business ISP Adhost, large numbers of e-mails received in alphabetical order are flagged, and if many of them are found to be sent to e-mail addresses that do not exist, then the entire batch is considered an attempt at namespace mining. Once namespace mining is detected from an IP address, then everything from that IP address can be blocked.
Development staff at Adhost wrote their own mining blocker because they were unable to find a publicly available namespace mining blocker. Adhost's mining blocker only blocks an IP address for a limited time (2-4 hours), and then the block expires. According to Richard Stockton at Adhost, this is usually enough to discourage the miners.
US Is the Spam Leader
For Americans who primarily conduct business internationally, it may appear that most spam problems originate from overseas. This appearance is not supported by statistics. The Spamhaus project lists the ten worst spam countries according to the number of currently listed spam issues as follows:
- United States - 2606
- China - 456
- South Korea - 320
- Russia - 210
- Taiwan - 196
- Japan - 151
- Canada - 148
- Brazil - 126
- Argentina - 97
- United Kingdom - 90
According to Spamhaus, the top six ISPs currently providing connectivity and hosting to known spammers directly responsible for the world's spam problem are as follows, listed according to the number of outstanding spam issues:
- MCI.com - 242
- Comcast.net - 111
- SBC.com - 109
- Managed.com - 66
- XO.com - 59
- Road Runner (RR.com) - 56
All top six ISPs listed above are located in the United States. These ISPs are largely known as low-cost service providers that target small business and home users who are not always very tech savvy or security conscious. Large blocks of IP addresses used by the six aforementioned ISPs are on lists that other ISPs use to block e-mails.
Actions Needed to Control SpamIf ISPs around the world did more to monitor and police their own networks, then there would be less blocking and consequently less interference with legitimate commercial e-mails. Foreign governments also need to become active in enforcement. Otherwise firms in countries with lots of IP address blocks will suffer competitive disadvantages.
Adhost rarely blocks IP addresses from the UK, but it does block large swaths of IP addresses from South America, China and some European countries, especially in Eastern Europe. Germany is notorious as a source of spam. Adhost's Stockton says he sees less spam from India and Pakistan than from China, Brazil and Korea. He said that other ISPs in the United States are known to block all e-mail from Asia.
There are rarely any legal ramifications for spammers operating outside the United States. While in the U.S., spammers may be referred to law enforcement authorities, the major risk for overseas spammers is having their ISP terminate their accounts, a fairly minor consequence. Given the cost to the American economy from foreign spam, the U.S. government needs to put spam control and Internet security on its international diplomatic agenda.
An annual report needs to be published by the United States government on efforts to control foreign and domestic spam and other forms of Internet abuse, including abuse of instant messenger systems. This report should include an assessment of each country and each Internet infrastructure organization. Without a coherent program to quash spam, U.S. businesses and consumers are bound to remain inundated.
Good old-fashioned law enforcement approaches need to be combined with modern technologies, particularly in the United States, where businesses and consumers have long been appealing for assistance with the problems caused by Internet abuse. As with other forms of high technology crimes, the National Association of Attorneys General and the National Governors' Association need to take a more active role.
Only when e-mail communication ceases because of IP address blocks do many of us begin to take notice of the spam problem and how it is interfering with core business processes. The imposition of IP address blocks against legitimate e-mails would not be as necessary or widespread if government authorities around the globe would give e-mail problems and Internet security issues the attention they deserve.
Anthony Mitchell , an E-Commerce Times columnist, has been involved with the Indian IT industry since 1987, specializing through InternationalStaff.net in offshore process migration, call center program management, turnkey software development and help desk management.