The Geography of Spam
william(at)elan.net
william at elan.net
Wed Mar 3 02:25:15 UTC 2004
> On 2 Mar 2004, at 15:57, Michael Airhart wrote:
> > Somehow it seems like when you take into account the number of PCs on
> > high speed connections, these numbers make a lot of sense. The US has
> > a large population of these PCs so yeah, duh, the US leads in
> > compromised hosts.
>
> Well, the report "Broadband Internet Access in OECD Countries" shows
> that in 2002 only 36% of all broadband internet users were in the US.
> That's a greater proportion than any other single country, but
> according to that report most broadband subscribers are not in the US.
Correct, so spamsources outside US will continue to increase.
> The quoted report said "the U.S. routes more spam e-mail traffic than
> the rest of the world combined", not "... than any other single
> country".
Also correct. My own source (including @sophos) actually tell me the
report of 30% from zombies is understatement, its likely to be over 50% now
and stil growing - typical setup for spammer (who is actually quite
likely to be from US) involves getting dedicated server offhsore, such as
china, korea, russia, brazil; then getting/buying initial set of zombies
where some are thereafter used to scan for vulnerable hosts and infect
them and most are setup to spew (or act as proxy for their offshore
server that actually does the sending of) spam.
> So it appears there might be other forces at work than simply "more
> broadband users".
There are still some spammers sending directly (that are trying to operate
within the law, provide postal opt-out - usually in Florida, etc).
Additionally reasons for highier percentage in US that I can think of:
1. Number of IPs assigned to US is quite a bit highier in percentage to what
is assigned to rest of the world. If somebody is scanning fo find vulnerable
hosts from entire net, their chance of finding US ip is quite high.
2. In US every DSL line would have its own ip, sometimes more then one
but in foreign countries, availability of ips to ISPs is still smaller
then in US and some still use NAT and other means
3. Outside US less number of people (as percentage of total population in
some country) have access to broadband and as such those who do are more
advanced in their computer skills and better educated (and know not to open
attachments from unknown sources) where as in US number of "dumb" users
is highier just because the broadband has penetrated population at-mass.
4. Some countries with high number of broadband users (such as Korea) are
bad as source for email spam because of previous experience of them not
dealing quickly with abuse reports - those countries are simply blocked.
5. Because most target for spammers are in US, if spammer has choice between
US and foreign proxies some may choose US because it will work better (some
other may on the other hand choose offshore as its less likely to be traced
to him, but usually with server already offshore they don't care that much).
There are probably other reasons I could not immediatly think of but as
broadband penetration boom in US slows down and in other countries its just
picking up, the percentage of spam from US zombies will slowly go down.
--
William Leibzon
Elan Networks
william at elan.net
More information about the NANOG
mailing list