[Infowarrior] - US tops "dirty dozen" of spam-relaying countries

Fri Oct 26 19:03:20 UTC 2007

US tops "dirty dozen" of spam-relaying countries by a landslide

By David Chartier | Published: October 26, 2007 - 11:55AM CT

http://arstechnica.com/news.ars/post/20071026-us-tops-dirty-dozen-of-spam-re
laying-countries-by-a-landslide.html

Critics of the inadequacy of antispam legislation like the 2003 CAN-SPAM Act
have more tinder for the fire this week, thanks to a new report from
security firm Sophos. The report, which ranks the top twelve countries by
the sheer amount of spam they relay, places the US in the number one spot
for the third quarter of 2007, sending more than 28 percent of the world's
spam. In other words, that's 500 percent more than its nearest competitor,
South Korea, which came in at 5.2 percent. It appears that, despite claims
from the FTC and Microsoft and a slew of high-profile spam convictions, the
US still has a ways to go in the war on spam.

While arrests of key spammers are good, a more significant aspect of the
spam equation has become the compromised zombie botnets that many smaller
spammers use to send the bulk of spam. "The only way we're going to reduce
the problem," said Carole Theriault, senior security consultant at Sophos,
"is if US authorities invest a lot more in educating computer users of the
dangers, while ensuring ISPs step up their monitoring efforts to identify
these compromised machines as early as possible."

Therlault also praised Canada's success in cracking down on spam,
recommending that the US take a few hints from its northerly neighbor's
playbook. Canada's Anti-Spam Action Plan of 2004 so far seems to be
successful by urging businesses and ISPs to crack down on spam (after all,
the country is nowhere to be seen on Sophos' list).

One effective measure for ISPs is to simply cut off infected machines from
the Internet, or at least block port 25 to prevent e-mail clients from doing
their damage. Comcast has had success blocking port 25, as it knocked out 35
percent of its spam relaying in just a month.

For the position of the United States to improve on Sophos's dirty dozen
list, the country will have to do more than hide behind a highly-publicized
law to get the job done. Requiring the segregation of harvested machines and
educating careless owners are likely the best (and proven) ways to start
cornering spammers into a realm of irrelevance. Passing new laws certainly
could, in theory, plug some of the holes left open by CAN-SPAM, but we're
going to need more actions than words given that we're already very late to
Bill Gates' "spam will be gone by 2006" party.