Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US No Longer Leading the World In Spam

kdawson posted more than 4 years ago | from the we're-number-two dept.

Spam 96

darthcamaro writes "America is no longer the spam king. According to Cisco, US-originated spam dropped by over two trillion messages — American-based IP addresses sent about 6.2 trillion spam messages. The new world leader is Brazil at 7.7 trillion messages. 'I'm not completely surprised to see US falling to number two in the spam stats, but I didn't expect it to happen yet,' said Cisco Fellow Patrick Peterson. 'I was really gratified to see the actual spam volume decrease, not just ranking, but we [also] decreased the amount of spam that is pouring out of the United States.'" The drop in US spam might have had something to do with the temporary shutdown of the McColo spam ISP.

cancel ×

96 comments

Sorry! There are no comments related to the filter you selected.

First Post (1, Funny)

el3mentary (1349033) | more than 4 years ago | (#30371302)

Spam'd

Re:First Post (3, Funny)

hexed_2050 (841538) | more than 4 years ago | (#30371582)

I guess everyone in the US has their preferred dealers for Viagra and Swiss watches now. The market is too saturated!

Woohoo! (1)

nebaz (453974) | more than 4 years ago | (#30371304)

We're #2! We're #2! We're #2!

Re:Woohoo! (5, Funny)

Anonymous Coward | more than 4 years ago | (#30371490)

We're #2! We're #2! We're #2!

In so many ways.

Re:Woohoo! (3, Funny)

von_rick (944421) | more than 4 years ago | (#30371612)

This could serve as an inspiration to some movie script writer-

In a world where.....One man set out to generate enough spam to make his country proud. This is the story of courage, and determination...

You get the gist?

Re:Woohoo! (1, Funny)

TemporalBeing (803363) | more than 4 years ago | (#30374312)

Please no more about Bill Gates. His evil spam and malware empire is bad enough - he' s just out for world domination any way he can get it.

What? You think Windows is this flawed by coincidence? You really think that Windows-related spam and malware is just an accident? Who was the genius behind DOS and Windows at Microsoft any way? Who micro-managed it to the empire that it is?

Re:Woohoo! (0)

Anonymous Coward | more than 4 years ago | (#30374784)

Stop quoting the latest xkcd [xkcd.com] , it's only funny when you quote older ones.

Re:Woohoo! (2, Funny)

ErstO (1696262) | more than 4 years ago | (#30373572)

this is unheard of, this cant be, tell me it's not true, we have to be number one in EVERYTHING !! Who's fault is this? who is slipping up and falling behind? could this be Obama's fault? How can we turn it around? perhaps a quick stimulus bill to get spammers to work harder? How about a boycott? YA THAT'S IT, boycott foreign spam !!!! support US spam only, if we all pitch in the US can once again be number one !!!

Re:Woohoo! (2, Funny)

mjwx (966435) | more than 4 years ago | (#30373812)

We're #2! We're #2! We're #2!

In so many ways.

Don't worry, in the bedroom America will always come first.

Re:Woohoo! (1)

gmhowell (26755) | more than 4 years ago | (#30374360)

Sorry we don't have quite so many sheep to practice on.

Re:Poopoo! (0, Offtopic)

Hognoxious (631665) | more than 4 years ago | (#30371518)

Huh huh. You said number two [urbandictionary.com] . Heh heh.

I beg to differ ... (5, Funny)

neonprimetime (528653) | more than 4 years ago | (#30371324)

According to Hormel [hormelfoods.com]

More than 122 million cans of the SPAM® family of products are sold worldwide each year, 90 million in the U.S. alone.

Sounds to me like the US is still the leader!

Re:I beg to differ ... (0)

edwebdev (1304531) | more than 4 years ago | (#30371436)

That's SPAM consumption you're talking about, not SPAM production.

Re:I beg to differ ... (1)

sopssa (1498795) | more than 4 years ago | (#30371786)

Whooosh!

Re:I beg to differ ... (1)

Thinboy00 (1190815) | more than 4 years ago | (#30371886)

Whooosh!

How so? Or did you read it?
Whooosh-maybe!

Re:I beg to differ ... (3, Informative)

amicusNYCL (1538833) | more than 4 years ago | (#30371898)

Just to continue the "missing the joke" thread, all 12 of Hormel's production facilities are in the US, which would mean that the US is the *only* source of SPAM.

Re:I beg to differ ... (1)

xaxa (988988) | more than 4 years ago | (#30372482)

Just to continue the "missing the joke" thread, all 12 of Hormel's production facilities are in the US, which would mean that the US is the *only* source of SPAM.

...the only source of SPAM sold in the USA is the USA.

But SPAM here is, I think, made in Denmark (see here [spam-uk.com] ).

(I've never bought it -- it's pretty disgusting, after all -- but the label probably just says "Made in the EU".)

Re:I beg to differ ... (1)

amicusNYCL (1538833) | more than 4 years ago | (#30373498)

Ahh, I saw something on the Hormel site which indicated that the Hormel Foods International subsidiary exported to 40 countries. So don't worry, the nasty meat you don't want to eat is probably the same as the nasty meat I don't want to eat.

You know what, this is a discussion that I never, ever thought I would be having.

Re:I beg to differ ... (1)

xaxa (988988) | more than 4 years ago | (#30375306)

On such an important matter, always refer to the Wikipedia article [wikipedia.org] . They're never wrong!

Anyone ever wondered if spam might be used by NSA? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30373106)

Couldn't "they" send TCP packets to target servers under the guise of having been sent from spambots?

Lots of alleged NSA affiliated IPs seem to be associated with ad/spam delivery:

http://cryptome.org/0001/nsa-ip-update14.htm [cryptome.org]

http://cryptome.org/0001/nsa-l3-peers.htm [cryptome.org]

Just askin'....

Congratulations are in order ? (5, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#30371328)

Clearly, this shows that the oft-suggested tactic of countering spam with fines, kidnapping, prison, and murder, is working extremely well. Just look at how we are no longer the top country for spam to originate from!

Except that of course it is well known that most spam is pumped out of botnets. And the botnets are usually spread out all over the world. Really, this just tells us that less spamming botnet activity is coming from the US than Brazil in that particular observed time frame. This could be attributed to any of a number of factors.

Re:Congratulations are in order ? (2)

sopssa (1498795) | more than 4 years ago | (#30371378)

Exactly. And this line in the summary doesn't just make sense:

The drop in US spam might have had something to do with the temporary shutdown of the McColo spam ISP.

Didn't it take just some days while the botnets moved elsewhere and spam level was same again? McColo was hosting C&C for the botnets, not actually spamming itself.

Re:Congratulations are in order ? (1)

NecroPuppy (222648) | more than 4 years ago | (#30371516)

I admit, I don't know how a botnet exactly works, but I understand that one can "rent" time on them.

If the botnet was told "for the next X days, send out this spam" and they didn't queue up another command to follow, perhaps the McColo takedown corresponded with the end of a block of time.

Of course, this reminds me that I need to check my EVE training queue.

Re:Congratulations are in order ? (2, Interesting)

TemporalBeing (803363) | more than 4 years ago | (#30374338)

From what I understand - reading the blogs by WSJ and others behind the takedown of McColo - it wasn't just a matter of taking out McColo; but also discovering all the domains that the botnets were checking for and getting ahead of it to shut them down. And it was far more than just a few days - it was about a month or so before anything really picked up again - and my spam folder went from 100+/per day to ~8/day.

Re:Congratulations are in order ? (1)

TemporalBeing (803363) | more than 4 years ago | (#30374346)

Oh, and almost forgot - the C&C also ended up getting tranferred out of the USA for what the spammer did recover.

Re:Congratulations are in order ? (1, Insightful)

war4peace (1628283) | more than 4 years ago | (#30371794)

But in the end, it's just stats. I don't care where the SPAM originates from, I only care to get the least amount of SPAM in my Inbox. Whether it dropped in the US but increased in Brazil, I couldn't care less. I only care about how's SPAM doing worldwide; and if the amounts globally increased, the rest is just useless statistics. So no point being happy or sad, any SPAM sent to your e-mail address will get to your e-mail address, regardless whether it's from US, Nigeria or Romania.

Why is all the spam for US sites then? (0)

Anonymous Coward | more than 4 years ago | (#30375606)

Why is all the spam for US sites then? They're selling in dollars and, when they point to a site, the site is a .com address.

The source of spam may not be US, but the one getting the demand for spam out there is.

Also, supply and demand (2, Insightful)

vuo (156163) | more than 4 years ago | (#30371812)

What I'd like to see is statistics on where the spam-producing criminals are, and where are their "customers", rather than counting where the botnet is. I bet Brazilians, Russians or Chinese aren't doing that much good business in selling Viagra (may contain plaster) or Genuine Quartz Rolexes, or more importantly, buying them. IMHO: if you eliminated the spam that either comes from American criminals or which is targeted at Americans, there'd be no spam.

Interesting questions... (3, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#30372118)

What I'd like to see is statistics on where the spam-producing criminals are, and where are their "customers", rather than counting where the botnet is

That may be a more difficult question than you might expect. Finding the person who is writing the spam and sending instructions to the botnet to send the spam is one thing, but it isn't the only thing. As we have seen before, there are plenty more spammers available to take the place of any who might fall from the top.

The customers, however are another thing entirely. While many of our favorite spammers may be in a few select locations, their customers are generally distributed all over the world - or so we would believe from the WHOIS data. Unfortunately, there isn't generally much better records for the customers than the WHOIS data for the domains that are being spamvertised. And we know that the WHOIS data is itself generally questionable on a good day and utter crap any other day. Of course you could also trace the IP address of the webserver for the spamvertised domain, but that will only lead to to where the site is hosted, which doesn't tell you where the "company" actually is.

I bet Brazilians, Russians or Chinese aren't doing that much good business in selling Viagra (may contain plaster) or Genuine Quartz Rolexes, or more importantly, buying them

As I said earlier, those classifiers depend on who you are trying to describe. I can tell you from my experience that a significant portion of the spam I receive is spamvertising domains registered in Russia or China. And there are often other servers along the way to keep the operation going that are distributed in various places in Pacific Ocean countries, Africa, or South America. Although of course since the registrars are generally in on the deal, they are intentionally posting garbage WHOIS records for the domains in question.

IMHO: if you eliminated the spam that either comes from American criminals

Again that comes down to how you classify the criminals. Spamming is generally an international endeavor now, though.

or which is targeted at Americans, there'd be no spam

I think an argument could be made that not much spam anymore really targets any particular country. I would say that a primary reason why so much spam is written in English is just because it is one of the most read languages on the internet; hence a spam in English has a very good chance of getting to someone who can read English. When Mandarin or Hindi take over we'll see more spam in those languages (I have seen Chinese and Japanese spam for years in some of my inboxes).

Re:Interesting questions... (1)

mjwx (966435) | more than 4 years ago | (#30373840)

As I said earlier, those classifiers depend on who you are trying to describe. I can tell you from my experience that a significant portion of the spam I receive is spamvertising domains registered in Russia or China. And there are often other servers along the way to keep the operation going that are distributed in various places in Pacific Ocean countries, Africa, or South America. Although of course since the registrars are generally in on the deal, they are intentionally posting garbage WHOIS records for the domains in question.

Here's the brilliant thing about the internet, I don't need to be a Russian or Chinese person to register a .ru or .cn address. Besides the spamvertised the URL is not where the actual email came from. Read the header in the email and get the real originating IP address. The majority of my spam comes from US and Euro (Italy takes the lead in Europe for some strange reason) ISP IP address, mostly from DSL address pools based on the IP in the header.

But then again where the email comes from is not the root of the problem either.

Re:Interesting questions... (1)

damn_registrars (1103043) | more than 4 years ago | (#30373966)

spamvertising domains registered in Russia or China

Here's the brilliant thing about the internet, I don't need to be a Russian or Chinese person to register a .ru or .cn address.

I apologize for the lack of clarity, I was referring to where the WHOIS data says the spamvertised domain is located. I prefer to go after the people behind the spamvertised domain, because they are the ones paying the spammer. Other people may prefer to instead go after the owner of the IP address that relayed the spam (though from my point of view botnet spamming has made that a useless effort). Still others may instead prefer to find the IP for the spamvertised website, and go after the ISP responsible for that IP.

So yes, you are absolutely right. I can go buy a domain from .cn, .ru, .at, .uk, .ca or virtually any other TLD you can think of this evening if I want to. And likewise people from other countries are free to buy .com, .org, .net, ... addresses as well.

However, as I have stated before, spam is an economic problem. Hence I prefer to follow the money trail behind the spam, and try to cut the spammer off from his money. If we can accomplish that effectively, then the spammer will no longer have incentive to spam and the problem will wither.

But then again where the email comes from is not the root of the problem either.

Sounds like we agree on that as well, though we stated in differently.

Re:Interesting questions... (1)

mjwx (966435) | more than 4 years ago | (#30374200)

Sounds like we agree on that as well, though we stated in differently.

Yep, the source of the problem is who ever is making money off the whole thing. Nothing can be done until we solve that one.

Re:Interesting questions... (2, Interesting)

jonbryce (703250) | more than 4 years ago | (#30375766)

Following the money will lead you to a money transfer mule, then to a Western Union or Moneygram branch, and then the trail runs cold.

You could clamp down on money transfer services, but that will affect legitimate users of those services - people sending money to family members in other countries, perhaps in an emergency situation; and anyway, the criminals would just go to another method of cashing out, like for example the purchasing and forwarding agent scam.

Re:Interesting questions... (1)

ShaunC (203807) | more than 4 years ago | (#30374146)

I can tell you from my experience that a significant portion of the spam I receive is spamvertising domains registered in Russia or China

I'll follow up to that with the following screenshot of one of my inboxes (which, incidentally, is not protected by SpamAssassin)

Sorry, I don't speak Sputnik [shaunc.com]

Most of the spam I get these days is for Russians, by Russians. I have no idea what the hell it's advertising.

Re:Interesting questions... (1)

WuphonsReach (684551) | more than 4 years ago | (#30374852)

Most of the spam I get these days is for Russians, by Russians. I have no idea what the hell it's advertising.

I have a custom SpamAssassin rule that bumps russian language mails up a few points. I do the same for the chinese language messages.

The chinese spammers *really* like sending chinese spam to my webmaster@ address...

Re:Also, supply and demand (1)

mirix (1649853) | more than 4 years ago | (#30372212)

Sure a bunch of it is aimed at Americans, but I also get some Russian targeted ads (apartments for sale by Moscow, you're invited to some conference in Novosibirsk, etc etc)

But it does seem that the vast majority of spam is indeed english, ime.

Re:Congratulations are in order ? (0)

Anonymous Coward | more than 4 years ago | (#30372408)

Except that of course it is well known that most spam is pumped out of botnets. And the botnets are usually spread out all over the world. Really, this just tells us that less spamming botnet activity is coming from the US than Brazil in that particular observed time frame. This could be attributed to any of a number of factors.

I'd like to see statistics on the use of other operating systems than Windows in a country and how it correlates to spam from that country. Maybe there is a negative correlation even though I guess that, sadly, the market share of other operating systems is so small everywhere that it's insignificant.

Still 23 more spammimg days in 2009 (0)

Anonymous Coward | more than 4 years ago | (#30371348)

How did they manage to get the 2009 results out so early?

I demand a recount!

Shitfuckbollockswankpissholesinthesnow (1)

Hognoxious (631665) | more than 4 years ago | (#30372244)

That means it's almost time for all those "Top ten bla bla bla 2009" articles, doesn't it? Truly, my cup runneth over.

USA Numba One! (0, Redundant)

e2d2 (115622) | more than 4 years ago | (#30371362)

Yes but we never give up. We will strive to be on top of this list no matter what it takes. Come rain, sleet or snow we will be leveraging our synergies, overcoming any obstacle to our dominance in the market of bullshit. Make no mistake.. .. We will not rest until that great land of bullshit has a US flag planted firmly in it's bung hole with some weasel counting the beans coming out of the "back end"!

Well... if you're asking for it.. (1)

LitelySalted (1348425) | more than 4 years ago | (#30371426)

You want more spam? Give me your email address...

Re:Well... if you're asking for it.. (0)

Anonymous Coward | more than 4 years ago | (#30375054)

askbill@microsoft.com

And don't nag me about Windows 8!

In related news: (0, Offtopic)

el3mentary (1349033) | more than 4 years ago | (#30371372)

Re:In related news: (0, Offtopic)

Dachannien (617929) | more than 4 years ago | (#30373348)

Can I get free delivery right to my house?

Offtopic- Are we getting more mod points? (0, Offtopic)

Tynin (634655) | more than 4 years ago | (#30371382)

Recently I started getting 15 mod points every time they get allotted, whereas I used to only get 5. I've also noticed a lot more of the comments seem to be getting moderation, so I'm assuming 15 is the new norm. Just curious and wanted to confirm this. Thanks

Re:Offtopic- Are we getting more mod points? (1)

Thing 1 (178996) | more than 4 years ago | (#30371466)

Not here; I got 5 yesterday (already used).

Re:Offtopic- Are we getting more mod points? (5, Informative)

sopssa (1498795) | more than 4 years ago | (#30371498)

It's in FAQ [slashdot.org]

Why do I have 10 moderator points instead of the usual 5?

Congratulations! You are in the top 1% of moderators and have been given the gift of 10 points for your good work. It looks like your mom was wrong when she said all those hours on Slashdot wouldn't get you anything.

Re:Offtopic- Are we getting more mod points? (1)

Tynin (634655) | more than 4 years ago | (#30371560)

LOL, my mom will be so proud. ;-)

Thanks for the clarification!

Re:Offtopic- Are we getting more mod points? (1)

mobby_6kl (668092) | more than 4 years ago | (#30371840)

Holy shit, the FAQ's been actually updated withing the last 10 years!

Although I had no idea it was possible to get 10 mod points now, I notice that I was getting them much more frequently than I used to, even though I barely ever moderate. There's nothing about that in the FAQ as far as I can see though.

Re:Offtopic- Are we getting more mod points? (5, Insightful)

CorporateSuit (1319461) | more than 4 years ago | (#30371876)

I always figure when I get 15 mod points, it's slashdot's way of telling me to stop posting and start reading.

Re:Offtopic- Are we getting more mod points? (4, Funny)

Arthur Grumbine (1086397) | more than 4 years ago | (#30372364)

...slashdot's way of telling me to stop posting and start reading.

It's views like that that have ruined slashdot. The day that I am discouraged from participating in off-topic flamewars and trolling with copypasta, all the while wielding my stash of mod points like a righteous crowbar of indignation, is the day I lose hope in all that is right in the world!!

Re:Offtopic- Are we getting more mod points? (1)

OverlordQ (264228) | more than 4 years ago | (#30372850)

Mod points? What are those? I haven't seen any in literally 7 years.

Re:Offtopic- Are we getting more mod points? (1)

gmhowell (26755) | more than 4 years ago | (#30374378)

Probably amongst the many who got blacklisted from modpoints.

U. S. continues to fall behind (3, Funny)

edwebdev (1304531) | more than 4 years ago | (#30371390)

I thought it was bad enough when the U. S. was falling behind the rest of the world in health care and science education. Now we've fallen behind in spam generation as well?!?! Come on people! This is a wake-up call if ever I heard one!

Re:U. S. continues to fall behind (2, Funny)

Anonymous Coward | more than 4 years ago | (#30371446)

We need Obama to craft a new SPAM stimulus bill. We can spend our way out of this SPAM recession!

Learn something new every day (5, Funny)

hwyhobo (1420503) | more than 4 years ago | (#30371526)

I had no idea Brazil used Cyrillic character set.

A little trick I like to call "math"... (4, Insightful)

mea37 (1201159) | more than 4 years ago | (#30371542)

"The drop in US spam might have had something to do with the temporary shutdown of the McColo spam ISP"

Oh, really?

According to the very links kdawson uses to back this idea up, the botnet was off line for what, maybe 2 weeks... out of a 52 week year. So if they accoutned for all of the US spam, that outage would result in a drop of 4%.

But looking at the other numbers in TFS, it looks like there was in fact a drop of something like 25%.

So yes, it may have had something to do with it. In the same sense that the increase in temperature in my house may have had something to do with letting the dog back in (but probably had more to do with having the furnace repaired).

Finally! (0)

Anonymous Coward | more than 4 years ago | (#30371558)

Finally we are leading something other than the eventual World Cup. It has been a good year, first we beat Argentine at "deaths from Swine Flu" competition, now we have beaten the US on Spam. Nothing can stop us now.

Re:Finally! (0)

Anonymous Coward | more than 4 years ago | (#30371598)

You guys were already the leaders in cheating at online first-person shooters and other games.

Come to think of it, all the hacks you guys install are probably responsible for sending out all that spam.

Re:Finally! (0)

Anonymous Coward | more than 4 years ago | (#30371614)

Except this power outage ha ha ha ha

little blue pills! (1)

digitalslave (1696126) | more than 4 years ago | (#30371580)

now where am i going to buy my viagra?! doomed to be a geeky placid virgin for life!

Re:little blue pills! (1)

Cryacin (657549) | more than 4 years ago | (#30371836)

now where am i going to buy my viagra?! doomed to be a geeky flacid virgin for life!Cancel Reply

Fixed that for ya.

Re:little blue pills! (1)

darthdavid (835069) | more than 4 years ago | (#30372814)

It's spelled flaccid.

Not our fault; it's the economy (0, Redundant)

noidentity (188756) | more than 4 years ago | (#30371634)

You can't blame bad US management of SPAM distribution. I think it's the economic situation. Give us a few years and we'll be on top again. As an American, I take pride that we are the top at everything, and have no doubt we'll return there once this bad economic weather blows over.

Woo Hoo! I RBL'ed .br (1)

cmholm (69081) | more than 4 years ago | (#30371638)

Geez, I dropped the known .br IP blocks into a blackhole years ago. This may explain why my just-for-spam address receipts have been dropping.

Re:Woo Hoo! I RBL'ed .br (1)

lzmbr (906441) | more than 4 years ago | (#30373230)

Why don't you whitelist the blocks from your region instead?
Banning Brazil is a stupid thing because:

a. The majority of spammers aren't using Brazilian IP's;
b. The majority of Brazilian IP's aren't being used by spammers, legitimate users will come and they should not be blocked.

Besides that's kind of a dick move, the US has been the top spam source for years and no one banned their IP ranges.

Re:Woo Hoo! I RBL'ed .br (1)

cmholm (69081) | more than 4 years ago | (#30379464)

White listing, black listing... the result is the same. It's easier for me, on my non-business, nothing special home web/mail server, to drop vast IP blocks. If someone sees something about my site they want to comment on, they can use my mail form. If there's someone in particular I want to correspond with, I can white list them. I seriously doubt there's anyone who's legitimate email is going to be affected by me being a dick admin.

US dollar (0, Offtopic)

jonsmirl (114798) | more than 4 years ago | (#30371754)

Does this make the US dollar spam? We print about five trillion a year.

Re:US dollar (1)

xaxa (988988) | more than 4 years ago | (#30372670)

You should use coins.

(For comparison, there are 5.6 billion 1€ coins in circulation, for roughly the same population.)

The reason why (0)

Anonymous Coward | more than 4 years ago | (#30371942)

It's because there's only so much spam that can be sent on a slow third-world rate internet infrastructure.

HAEUHAEHUAHAEUHAEUHAEU (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30371998)

GIB MONEY PLZ OR I SPAM U

What? (0, Redundant)

Quiet_Desperation (858215) | more than 4 years ago | (#30372062)

Are we world leaders in anything anymore? Sheesh!

C'mon, team USA! Get out there and spam one for the Gipper!

Re:What? (0, Redundant)

amasiancrasian (1132031) | more than 4 years ago | (#30373046)

U-S-A, U-S-A, U-S-A, U-S-A!!

That sucks! (1)

cowdung (702933) | more than 4 years ago | (#30372094)

We used to be the best at everything.

Then we lost our position in the world as upholders of human rights.

Followed by our economy going down the drain.

Then the dollar lost its place as best currency.

Now we're losing our position as Spam leaders?!

There's nothing left.. I'm jumping out of the sinking ship!

A Brazilian (4, Funny)

MichaelSmith (789609) | more than 4 years ago | (#30372116)

The new world leader is Brazil at 7.7 trillion messages.

From now on, 7.7 trillion will be known as one Brazilian.

Re:A Brazilian (1)

Quietust (205670) | more than 4 years ago | (#30373168)

Clearly, it should be spelled "Brazillion".

Re:A Brazilian (0)

Anonymous Coward | more than 4 years ago | (#30375304)

We use the metric system, could we round it to 10 trillion?

Brazil, Columbia and Italy (3, Informative)

bsDaemon (87307) | more than 4 years ago | (#30372206)

I was self-appointed anti-spam czar at my last job, as I was absolutely convinced that nearly all our CPU criticals in Nagios were i/o bound, and that they were largely caused by spam. One time, I took a server (a dell 2950) down from a load of 15 to a load of 3, just by blocking one IP address I found connected to SMTP 6 times, and causing spamd to churn, according to the Exim logs. The majority of the spam that I saw would come from Brazil, Columbia and Italy. One time, we hit a flood so bad of Brazilian spam, that it maxed out SMTP connections on half our west coast shared hosting servers, and caused one of our caching nameservers to crash from all the rbl look-ups.

I can't really say I'm surprised by this at all.

Re:Brazil, Columbia and Italy (1)

caluml (551744) | more than 4 years ago | (#30372868)

smtpd_recipient_restrictions =
.......
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cn.countries.nerd.dk,
reject_rbl_client ru.countries.nerd.dk,
reject_rbl_client ua.countries.nerd.dk,
reject_rbl_client jp.countries.nerd.dk,
reject_rbl_client vn.countries.nerd.dk,
reject_rbl_client br.countries.nerd.dk,
.......

default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}. For whitelisting, contact via http://xxxxxx/contact/

in Postfix's main.cf will get rid of about 97% of spam attempts (made up number). Of course, if you expect mail from those countries, you'll have to allow them.

Re:Brazil, Columbia and Italy (1)

WuphonsReach (684551) | more than 4 years ago | (#30374892)

in Postfix's main.cf will get rid of about 97% of spam attempts (made up number). Of course, if you expect mail from those countries, you'll have to allow them.

Enforcing helo name sanity in Postfix will, by itself, drop your load by 50-60%. Even without querying external DNSBLs.

Start with "reject_invalid_helo_hostname", then "reject_non_fqdn_helo_hostname" and finally "reject_unknown_helo_hostname" (if you're using Postfix 2.6 or later). The last check isn't especially safe on a loaded mail server where DNS lookups might timeout or error out, but 2.6 fixes that so that reject changes to a defer if things go pear shaped. Add a ClamAV milter (possibly with custom rules from "sought" or "SaneSecurity). The last check you might want to do at SMTP time is a SPF policy check where you reject if the HELO or MAIL FROM violates the SPF policy listed in the DNS records of the sender. All of those checks will probably cut 65-75% of your inbound traffic from even needing to be filtered.

For mail systems where you have a lot of users, or a diverse user base, rejecting using a DNSBL is very risky. Far better to use those DNSBLs inside of a scoring filter like SpamAssassin (via amavisd-new) where DNSBL hits will contribute to bumping the spam score higher. DNSBL rejects work fine for smaller servers, or maybe using only the top-shelf DNSBLs like Spamhaus' Zen list.

(There's just too many crap DNSBLs out there, the risk of a false-positive reject is too high for a corporate / business mail server.)

Re:Brazil, Columbia and Italy (0)

Anonymous Coward | more than 4 years ago | (#30373752)

Umm... maybe that's why you took a new job ;) Instead of letting spamd chew up all the resources, and using up all the DNS lookups, there ARE other ways to block those you know..

Re:Brazil, Columbia and Italy (1)

bsDaemon (87307) | more than 4 years ago | (#30374138)

Yes, I know. But I was a junior admin an a "that's the way we've always done it" type place, where despite the fact I had been a C programmer at an accelerator facility as an intern when most of the other employees were still in middle school, I didn't know PHP and thus my 12 years of FreeBSD experience still counted me as a "n00b".

I'll be happier where I am now, though. It's a lot better for me.

Re:Brazil, Columbia and Italy (1)

mjwx (966435) | more than 4 years ago | (#30373888)

One time, I took a server (a dell 2950) down from a load of 15 to a load of 3, just by blocking one IP address I found connected to SMTP 6 times,

Your anti-spam software was not automatically doing this based on statistics?

I used Trend Micro IMSS at my last job and although most spam was blocked by RBL's (if you're on an RBL you don't get an SMTP connection) I'd still get one or two addresses a week temporarily blocked simply because they crossed the spam threshold.

Trend was blocking 85% of spam on RBL's alone.

Re:Brazil, Columbia and Italy (1)

bsDaemon (87307) | more than 4 years ago | (#30374144)

We were relying on SpamAssassin out of cPanel's general config and I wasn't really allowed to do anything proactive or cool, beyond my secret practice of scraping IPs from RBLs, anything which hit the rate limit, or which otherwise displayed spamish behaviour and dropping it with an apf -d.

Re:Brazil, Columbia and Italy (1)

mjwx (966435) | more than 4 years ago | (#30374166)

I suppose you cant fight corporate policy and keep your sanity in tact.

I suppose if you can detect this kind of behaviour you can script it, name it something innocuous and commit the cardinal sin of not documenting it (unless they never check the doco).

Not really an expert on Spam Assassin, my last job paid for the Trend Micro Suite which came with IMSS and my new job doesn't seem to get spam (don't know what's up with that, I'm new here and nothing was doco'ed)

Re:Brazil, Columbia and Italy (1)

bsDaemon (87307) | more than 4 years ago | (#30374350)

All of this was being dumped onto shared web hosting servers, so its not exactly as if we could be in complete control, as the spam was directed at our customers, who were getting spam for being dumb. Of course, when we caught people sending out spam, I'd drop the hammer of the gods on them. I have a really low threshold for putting up with spam crap, and a really high BOFH drive.

Re:Brazil, Columbia and Italy (1)

Meneguzzi (935620) | more than 4 years ago | (#30377934)

Did you mean the country Colombia, the district of Columbia or the poetic name for America?

Anyone ever wondered if spam might be used by NSA? (0)

Anonymous Coward | more than 4 years ago | (#30373094)

Couldn't "they" send TCP packets to target servers under the guise of having been sent from spambots?

Lots of alleged NSA affiliated IPs seem to be associated with ad/spam delivery:

http://cryptome.org/0001/nsa-ip-update14.htm

http://cryptome.org/0001/nsa-l3-peers.htm

Just askin'....

Congratulations (-1, Offtopic)

horza (87255) | more than 4 years ago | (#30373226)

Well done. Now if you can do the same for your CO2, welcome to those making the world a better place.

Phillip.

fuckeR (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30373386)

erosion of u5er [goat.cx]

What time frame? (1)

uvajed_ekil (914487) | more than 4 years ago | (#30373642)

America is no longer the spam king. According to Cisco, US-originated spam dropped by over two trillion messages -- American-based IP addresses sent about 6.2 trillion spam messages. The new world leader is Brazil at 7.7 trillion messages.

These figures are over what span of time, a year? Calendar year 2008? Last week? One weekend? An acquaintance used to send most of his over weekends, when fewer senior admins were around to notice and more people were at home and likely to actually read mail and respond to sales offers, rather than just trashing messages like they do when they are in a hurry during the work week (not sure if this strategy worked). I got about 1.5 million just yesterday. No time to RTFA, after buying 7 Faulex watches, 3 mini helicopters, some stocks that will make me rich, and a pile pf penis pills.

Better title for post? (1)

The Apocalyptic Lawn (2350) | more than 4 years ago | (#30375110)

Shouldn't the title be, US loses leadship position in internet technology and marketing?

Koy4goff (0)

Anonymous Coward | more than 4 years ago | (#30375180)

I thought this title belonged to a small Eastern-European nation http://www.theonion.com/content/video/spam_crackdown_threatens

Humanity shooting itself in the foot (1)

yourtallness (1183449) | more than 4 years ago | (#30375260)

7.7 trillion...

What a waste, the immenseness of counter-productivity is mind boggling. So much annoyance and so much overhead for a problem entirely maintained by human idiocy.

When will they wise up and stop doing stupid shit?

never (1)

SmallFurryCreature (593017) | more than 4 years ago | (#30375414)

We are not a civilization, we are an alien reality show "those crazy apes". They carefully direct us to remain this stupid through careful inbreeding programs.

Anything to keep the ratings. Today on "Those crazy apes", a planet that produced enough food for dinosaurs still has people starving on one side and unable to stand on their own legs on the other.

Sure, critics have called the show repetitive, but who can not get enough of those silly monkeys who haven't even discovered slood yet. Make sure to turn in next month, when we surprise them with 10k tons of ice.

Don't be sad! (2, Insightful)

Snaller (147050) | more than 4 years ago | (#30376832)

You are still world leader in CO2 pollution!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>