Forgot your password?
typodupeerror

Spam from Taiwan 229

Posted by ScuttleMonkey
from the spam-who-loved-me dept.
TristanGrimaux writes "According to a recent study done by CipherTrust, two thirds of the world's spam is sent by Taiwan servers. The US follows with 24% and in a distant third is China with only 3% of the servers who actually sends the spam." The article cites easy access to broadband and lack of crackdown on offenders as the main contributing factors.
This discussion has been archived. No new comments can be posted.

Spam from Taiwan

Comments Filter:
  • Survey Says? (Score:5, Interesting)

    by conner_bw (120497) on Tuesday June 13, 2006 @01:37AM (#15522025) Homepage Journal
    By capturing these messages, CipherTrust is able to determine the location of the spam servers. Spammers themselves, of course, may be located somewhere completely different.

    Any wagers on USA being said location? Russia? Africa? Are there any statistics on where this crap is actually sent from? Follow the money instead of the mail headers? Question marks?

    • More like follow the offshore bank accounts, Grand Cayman Islands, etc.
      • Re:Survey Says? (Score:5, Informative)

        by Technician (215283) on Tuesday June 13, 2006 @02:13AM (#15522133)
        More like follow the offshore bank accounts, Grand Cayman Islands, etc.

        I lived there. Internet access is expensive as it was a government protected monopoly. Check the rates. Cable and Wireless is the company. To visit, see www.candw.ky.

        When they first put in internet, they got 2 satelite T1 links for the whole island. Little Cayman and Cayman Brac still did not have internet. They charged $0.25/minute for access on dial up.

        Needless to say I didn't get internet until I returned to the states.

        They have since gotten a Fiber Optic cable to Jamaca and they now offer DSL. They are running a promotion for $25/month for the first year. That is CI $ not USD. The price is close to US $30/month. Restrictions such as can't compete with the phone company by using VOIP is the norm.
        The plan appears to be capped at 256K unless you upgrade to a faster plan. For example the 1024 plan is CI $74. The 512 plan is $59.

        Cayman Islands is a nice place to go for diving and sun, but not for internet based business.

        • Re:Survey Says? (Score:4, Insightful)

          by Firehed (942385) on Tuesday June 13, 2006 @02:17AM (#15522142) Homepage
          You don't do the business itself from the Caymans, just your under-the-radar finances.
          • Re:Survey Says? (Score:2, Insightful)

            by Mr Z (6791)

            Ok, I know you're trying to be clever with your "Content Restriction, Annulment and Protection" acronym, but it doesn't make any sense. Why not just "Consumer Rights Annulment Provision"? Much less ambiguous, and much more direct.

            That said... Yes. The Cayman Islands and a couple other small nations serve as fiduciary havens, not infrastructure.

            --Joe
        • Cayman Islands is a nice place to go for diving and sun, but not for internet based business.

          Surely it depends rather a lot on what sort of Internet-based business we are talking about. Running a spam empire only means sending one relatively short bit of text once - the machines doing the spamming could be anywhere in the world, and, indeed, if I was planning a semi-legal or illegal business, I'd be keen to keep the servers as far away from me (both physically and in terms of hops and audit trails) as po

    • Re:Survey Says? (Score:3, Interesting)

      by Short Circuit (52384) *
      As for following the money...I let the SEC do that. About once a week, I get a spam message pushing one stock or another. I forward them to enforcement (at) sec.gov. The message gets looked over by a lawyer.

      I don't know that it does anything about the spam, but hopefully whoever paid for the message gets paid back.
      • Re:Survey Says? (Score:4, Interesting)

        by ciscoguy01 (635963) on Tuesday June 13, 2006 @02:34AM (#15522174)
        Let the SEC do it.

        The SEC. Ha. A worthless three letter agency, if you ask me.
        The SEC's lawyers wanted my help on stock tout junk faxes. I told them I had the information they wanted and I could get the rest and testify- but only if they were going to put the junk faxers out of business. They had no intention of doing anything. They are just going through the motions, drawing government salaries. I declined to help them.

        Like the FCC, another worthless three letter agency.
        They fined Fax.com $5.4 million for sending out junk faxes. The FCC's lawyers wanted my help too, if I had bothered with them the fine would have been $240 million. I have files full of those junk faxes.
        The FCC did nothing whatsoever to collect. NOTHING
        If you or I owed the government money I can assure you they would be collecting from us.
      • Re:Survey Says? (Score:4, Insightful)

        by nettdata (88196) on Tuesday June 13, 2006 @04:12AM (#15522434) Homepage
        Except it's hardly ever the company itself that is doing the promotions... it's third-party people that target them and convince others, via spam, to invest in the company, which drives the prices up, which allows them to unload their own stock at a profit.

        All while being 100% unrelated to the company.

        • First, you have to be set up to even buy stock (not every Tom Dick or Harry is tied to a stock exchange or is equipped to be a day trader) then you have to be stupid enough to fall for the pump & dump scheme.

          The rate of return must be damn near nil.

          I say give up the fight against spammers and go after the clients instead.

          Follow the money.

          If somebody's supposed to benefit from this, let them pay $0.32USD per email that's sent.

          Otherwise, I'm going to spam myself to promote my podcast.
          • "Otherwise, I'm going to spam myself to promote my podcast"

            That's well considerate! Forget spamming everyone else, just spam yourself! Get the feeling of sending loads of emails, without annoying anyone. Question is, would you also bother setting up your spam filter to block your emails?

            • Actually, I've just realized that I don't know (apart from in the theoretical sense,) how its done or even how to get in touch with the kind of creature who does it.

              Strikes me as a very closed off world. (Probably because of all the death threats. :-)

              Actually, the spamming (as opposed to the spammers) are highly vulnerable.

              It would be easy to shut them down and/or fine them ($1.00 per email message) and have the various postal services collaborate to sue them into oblivion for mail fraud.

              I don't imagine you
          • Huh? It doesn't take much to be able to buy stock online... hell, my MOTHER can do it with her online banking.

            And who the hell would buy ANYTHING from spam? Oh yeah... lots of idiots. Same goes for Nigerian scams, etc.

            It's just a different product, with next to no money trail because you're only benefitting from the idiots pushing the price up.

            And as to the stock scam, just what money do you follow? People are making legit purchases, of a legit stock. The only bitch is that someone OTHER than the compa
    • "Any wagers on USA being said location?"

      From the article...

      "Spammers themselves, of course, may be located somewhere completely different, such as Boca Raton, USA (for example)."

      Any wagers on not RTFA as the cause of this comment??
      • I don't think the article writer was insinuiting that all spammers are located in Boca Raton, USA.

        I think in the early days of Spam, most spammers were from the USA, but I think that it is spread globally now.

        On another note, what is the deal with so many internet scammers being located in Nigeria, or of Nigerian decent??
  • So, what is so specific about Taiwan that causes this?

    Availability of relatively cheaper computing power with good bandwidth?

    Some legal stuff?

    Availability of some skill set?

    • by Heir Of The Mess (939658) on Tuesday June 13, 2006 @01:54AM (#15522090) Homepage
      Having been to Taiwan a fair bit I can think of some possibilities:-

      Most people I know there earn about US$15k/yr, and upgrading the RAM in your Pentium3 machine and then the Hard Drive, and then the video card is sort of common practice. Forking out big $$ for Windows XP isn't real easy so a lot of people are running some SP1 version of Windows XP they bought for $1 off the street, and this version gets owned pretty fast, and can't be patched from windows update. So there are lots of bots.

      Now 24Mbit internet access is like $5-$10 per month, so you can see there is quite a big engine there for generating spam.

      The culture there is such that they love the latest thing, so I could imagine that there would also be a tendency for people to install software off the net that has malware in it as well.

      Another thing I noticed is that your average grandmother there seems quite good at using a computer. So I could imagine that there might be more pensioner types sitting there doing some amount of spamming for a little bit of money.

    • So, what is so specific about Taiwan that causes this?
      Availability of relatively cheaper computing power with good bandwidth?
      Some legal stuff?
      Availability of some skill set?


      All of the above, and more. Taiwan is a great place to outsource technology intensive operations. Perhaps spammers have discovered this. In a nutshell, spamming is just another technology driven business.

      Maybe it's so great that even China outsources their spam generation there too. Hence their low spam generation figures.
    • Hinet Lax Policies (Score:4, Interesting)

      by Spikeman56 (543509) on Tuesday June 13, 2006 @02:23AM (#15522150) Homepage
      I believe the main issue is that broadband here is pretty much monopolized by Hinet. If you have a phone (landline), chances are you have a Hinet e-mail address. For some reason Hinet never, ever, authenticates their e-mail servers allowing them to be used from anywhere for any purpose. As a result a lot of companies (like AOL possibly) have just banned the whole entire Hinet domain, which often results in e-mails going outside of Taiwan never getting to their intended recipient. Hinet is a mess, I don't why they're so bloody awful at maintaining their servers responsibly, but its providing to be a huge problem both worldwide and for Taiwanese people themselves.
    • Some legal stuff?

      Maybe so. If you speak to a taiwanese official, you angry China, fearing that you might recognize Taiwan as a political entity different from mainland China. The political correctness wants that you complain at Beijing that the chinese province of Taiwan is sending a lot of spam. Of course they can't do anyhting about it but don't want you to meet the people in charge there.

      I guess they have a lot of P2P there too...
  • One thing that surprised me in TFA was the claim that China has cheap broadband access. Perhaps I suffer from some cliched view of China, but it surprises me to hear that China has cheap broadband. Any knowledgeable person like to fill in the details? Here in France we have very cheap broadband, but doesn't seem like France is producing much zombie spam.
    John.
    Visit SpamOrHam [spamorham.org] and help in the fight
  • http://www.atomicsoftwaresolutions.com/honeybot.ph p [atomicsoft...utions.com]

    With this software emulating an open SOCKS proxy, I've been able to detect several scans of port 1080, and then attempts to send e-mail to different servers around the world (i.e. Israel).

    I don't remember if I got requests from Taiwan, but I did get them from South Korean IPs.
    • by BrynM (217883) * on Tuesday June 13, 2006 @01:57AM (#15522099) Homepage Journal

      That's a cool project for a Windows honeypot. Thanks for the link. Outside of honeypots, I've been blanket filtering addresses from APNIC on my mail server for about a year now using some ideas I learned from this [tsg.ne.jp] project (I filter at the mail request level rather than iptables). It's sad to filter an entire geographic region like that, but my users never talk to people from the Pacific Rim that I know of. My server (running XMail [xmailserver.org]) is small, but my logs for the filtered emails constantly show the spam blocked exceeds the number of legit mails by a factor of four.

      Since I started filtering, I've turned a couple of other admins onto the idea. I wonder if TW/KR will find themselves in some odd form of network segregation in the future as more people adopt the practice of filtering their IPs. That might push the authorities into a little more action.
      • You mean you block one legit mail for every for spam mails?
        • You mean you block one legit mail for every for spam mails?

          After reading the AC who replied to you, it would be a factor of THREE that I meant then. Roughly anwhere from 500-1000 blocked APNIC SMTP connections per legit email on my bi-weekly log checks. A couple of my users used their accounts for sites like collegehumor.com, so they are basically spam honeypots without filtering. In fact, I use one of them that was abandoned by the user to feed spamassassin learning (it only has the APNIC filter and no

      • It's sad to filter an entire geographic region like that, but my users never talk to people from the Pacific Rim that I know of.

        You've made damn sure of that, haven't you. Personally, I have never encountered a company that did not need to communicate with someone on APNIC from time to time, but maybe you're a sysadmin for a small company that only deals with people in your own hick town.

      • That's a cool project for a Windows honeypot. Thanks for the link. Outside of honeypots, I've been blanket filtering addresses from APNIC

        ALL of APNIC?

        You do realize that includes us poor Aussies and New Zealanders too? (I assume since you mentioned Pacific Rim, yes)

        Horray! We're part of the western world and considered careless already!

        Has someone started a DNSBL to block those who use blocklists yet? Sure its useless, but it would be fun.
        • ALL of APNIC? You do realize that includes us poor Aussies and New Zealanders too? (I assume since you mentioned Pacific Rim, yes)

          I whitelist some countries through a conversion to IP number (see this [hackingspirits.com] for info). So far there are four entries (JP,AU,NZ and IN) in my whitelist. The rest are blanket filtered for now. Don't worry, I don't consider you careless - You replied because you care ;)

          • Thanks for that link - very useful.

            I keep getting POSTs from a web spammer in Malaysia- I've blocked several subnets but your country codes could help this.

            The guy looks like he's still learning how to use Perl's LWP to post spam- as spammers go, he's not very good at it.
  • Hmm... (Score:3, Funny)

    by blank89 (727548) on Tuesday June 13, 2006 @01:42AM (#15522051)
    Instead of figuring out where most of the spam comes from, they should figure out which geographic location churns out the most humorous spam. It could be a world wide competition.
  • China sending spam (Score:3, Interesting)

    by VincenzoRomano (881055) on Tuesday June 13, 2006 @01:53AM (#15522089) Homepage Journal
    China with only 3% of the servers who actually sends the spam.
    I was pretty sure that there was no way for China spammers to send email outside their borders!
    And they don't need to. With their billion+ population, one fifth of the world can be reached without passing the invisible borders!
  • by Doc Ruby (173196) on Tuesday June 13, 2006 @01:57AM (#15522101) Homepage Journal
    Taiwan makes more than 66% of the notebooks on which we read that spam, so they're actually overperforming on the content:reader ratio. I wish they'd get more into eBooks.
  • by Umbral Blot (737704) on Tuesday June 13, 2006 @01:58AM (#15522104) Homepage
    Impossible! Go USA! Go USA! We can win the spam race!
    • Don't you mean, "Must not loose!"? You are from the USA, right?
    • Well, if it's any consolation, pretty much all the spam I get (~1000/day) is for products or services from American companies, so you're at least causing it to be generated, even if it's not actually originating from machines on US soil.
      • wow you must be lucky, 95% of the spam i get are for pyramid schemes, nigerian scams etc... with a couple 'great loan' or 'hot women' etc...

        Then again I did opt out of most of the legitimitate spammers lists so, if all I get are the scam artist spams that's probably why.

  • CipherTrust? nothx. (Score:2, Informative)

    by deepb (981634)
    CipherTrust operates a service called "Trusted Source" - it allows anybody to input an IP address, searching CipherTrust's DB to see if any spam has come from that IP recently. Aside from being generally useless, here are some of the funnier results:

    http://www.trustedsource.org/query.php?q=255.0.0.0 [trustedsource.org] 255.0.0.0 - "Spam"
    http://www.trustedsource.org/query.php?q=0.0.0.0 [trustedsource.org] 0.0.0.0 - "Spam"
    http://www.trustedsource.org/query.php?q=224.0.0.1 [trustedsource.org] 224.0.0.1 - "Unverified"

    Since they have most of my favorite subnet
    • If a mailer manages to supply those crippled IP's then the mail is definitely fake, and most likely spam (or virus). Don't confuse a legitimate subnet mask with a fake IP.
  • by Snipergrunge (978927) on Tuesday June 13, 2006 @02:29AM (#15522167) Homepage
    By the way... Most spammers who sent you letters to visit their web pages want's you to click their Google adSense ads. So, help them! Keep clicking Google banner untill your arm get tired and guess what happened. Google will close their account in one second because Google systems will decide that advertiser trying to cheat. It is impossible to open account again! SPAMMER DEAD!
    • I don't know that i've ever seen such a spam... but that may be because my spam filtering does url scanning...

      I'm sure they can find a way to open another google account, just like they will find another mail server to relay from.
  • by RetroRichie (259581) on Tuesday June 13, 2006 @02:37AM (#15522185)
    Prince Desmond Okotiebor Etete himself MUST account for at least 10% of all spam...
  • Tie One On (Score:2, Funny)

    by tiktok (147569)
    Somedays I almost wish that some of this Taiwanese spam showed up in a character set I could read so at least I could have a good laugh at it, or at least learn how they are trying to extract money from illicit private bank accounts!

    "Dear Sir or Madam,

    This email may to you as a surprise, but I am Mr. Chen Liao, son of former Taiwanese president Lin Liao, who was murdered by ninjas, and I need your help recovering $25 million Taiwanese Dollars..."

  • SPAM origins (Score:5, Interesting)

    by kingmundi (54911) on Tuesday June 13, 2006 @02:54AM (#15522236)
    I run my own mail server for my private email that I only use with friends.
    Lately, I have been getting spam about stock investments, and I notice that
    it was pretty consistent so I started investigating what was going on with
    my server. I started marking down ip addresses of the offending servers
    and blocking them if I felt they were not legitimate mail servers or if it
    was from a country that I know I will not get email from on my personal email
    account.

    I have been blocking a new server every day for 2 months.

    Here is the scarey part. I still get the same email spam every day, but
    only once.

    My hunch is telling me that the purveyor of this message is using some
    sophisticated means of harnassing zombie machines to send messages, and is
    only sending a few messages at a time so that automated blackhole lists
    never catch on fast enough. (such as spamhaus)

    I have noticed that these machines are almost always located in Asia,
    Latin America, or Eastern Europe...

    It got so bad, I just started block entire class A's from countries I know
    I am not going to email to or from.

    59
    61
    80
    81
    83
    84
    85
    87
    88
    201
    211
    218
    221
    222
    • Welcome to the world of the spam victims. There is nothing, I repeat nothing, particular in the events that you report.

      Spammers operate via hacked Windows PCs (zombies) distributed all over the world. So many that blocking them is not going to help you.
      Spammers repeatedly send the same or similar thing, over time.

      That is just the way they work.
      Try SpamAssassin, it does quite a good job without having to do so much useless and manual work.
      • I should have mentioned that I am aware of SpamAssassin (though I think it is not coded very well)
        and bayesian filters.

        I was just commenting along the lines of the story, they seem to be using botnets, sending just
        a few messages per machine, and concentrate on sending from foreign countries.
    • Re:SPAM origins (Score:3, Insightful)

      by the packrat (721656)

      My hunch is telling me that the purveyor of this message is using some sophisticated means of harnassing zombie machines to send messages, and is only sending a few messages at a time so that automated blackhole lists never catch on fast enough. (such as spamhaus)

      It's not a 'hunch'. I try to stop spam coming from a large devolved university network with a great number of varyingly maintained windows boxes and many different mail servers. A little over a year ago, spam zombie machines stopped flooding t

      • I want to emphasize that this is for my own personal email, (not a work or isp related mail server)

        I do not think automated blacklists are useless. Spamhaus does a pretty good job of blocking known spammer ip addresses. Some of the old blacklists use to block on a class C (or higher) basis without regards to how the ips were broken down. Their philosophy was one of collateral damage will just cause the problem to get solved more quickly. I do not think it is a good philosophy myself, but as I stated, th
      • Actually, blacklists and blocking entire class A spaces still works QUITE well, and will continue to work well for a long time. 90% of my spam is blocked by blacklists before it even hits spamassassin. If I didn't blacklist and just ran everything through spamassassin, I'd need another 5 mail servers. Spamassassin is nice, but is a CPU pig. It is MUCH easier and more cost-effective to whitelist as needed for individual machines / domains / addresses inside a blacklisted zone.

        Maybe you are bitter because you
    • Were I you, I would simply unblock those addresses and let it all in. Use a bayesian spam filter, such as the one found in Thunderbird. I'm achieving enormous success rates with it and I'll be recommending it to all the lusers in my fold when the next upgrade cycle comes around.
    • Re:SPAM origins (Score:5, Informative)

      by Haeleth (414428) on Tuesday June 13, 2006 @06:15AM (#15522718) Journal
      It got so bad, I just started block entire class A's from countries I know
      I am not going to email to or from.
      [...]
      81


      I think you have a fundamental misunderstanding of the IP allocation system. Class A networks are not associated with single countries, but with registries. 81, for example, is one of the networks administered by the RIPE NCC; an IP address beginning with 81 could be located anywhere within Europe or the Middle East.

      In fact, my very own IP address begins with 81. I live in Britain, which - as you may be aware - is not in "Asia,
      Latin America, or Eastern Europe". It's a good thing I don't want to email you, isn't it?
      • Correct.
        I was just generalizing.

        But they do tend to stick close to one another.
        81 being under RIPE, should be in Europe, which sad to say... I have no friends there.
  • Spam solutions (Score:3, Interesting)

    by Antony-Kyre (807195) on Tuesday June 13, 2006 @03:12AM (#15522288)
    I'm not really sure how to deal with that, but let us focus as one method of spam. The method would be sending to a variety of e-mail addresses. Those kind of dictionary attacks or whatever they are killed. If e-mail providers were to make some dummy addresses which if hit, could block the e-mail server and/or IP address(es) for a given period of time, wouldn't that work?

    (Fine, mod me down if you think this is off topic.)
    • Re:Spam solutions (Score:3, Informative)

      by pe1chl (90186)
      Although there are some dictionary-like attacks, for example appending some characters to an existing address or subsitituting one or more characters by others, I think the vast majority of spammers just use existing addresses they get from spidering the web.
      When an address appears somewhere on the web, especially in discussion forums, guestbooks, and foremost: IANA listings, it is guaranteed to receive spam.

      I think the "dictionary attack" story is mostly folklore. When someone receives spam on a never-use
      • I guess the solution is education.

        Websites, guestbooks, and forums shouldn't publically display e-mail addresses. Maybe showing them in a picture file, a graphic, would make it a bit more difficult and could be an okay compromise.

        People shouldn't sign up for unwise things lest they use a safety e-mail address where junk can end up at. The creation of services, like paid to surf sites and other sites that promise rewards, can sucker people into signing up to only sell their lists to spammers.
        • Websites, guestbooks, and forums shouldn't publically display e-mail addresses. Maybe showing them in a picture file, a graphic, would make it a bit more difficult and could be an okay compromise.

          I don't think that's a real solution. First, it makes legitimate use more difficult (I guess soon someone starts to print e-mail addresses like captchas...). Second, all that 'security' is blown away when one of your acquaintances does something stupid (like installs a trojan that sends all addresses in his addres

      • Re:Spam solutions (Score:2, Informative)

        by mcguire (25233)
        I have a catch-all address at my personal domain so I can create one-time addresses for each company I do business with. It's easy to see which addresses leak out that way. Three things I've found:

        A surprising number of addresses are taken from private "we will never sell your information" lists (never published anywhere on the interweb). The companies I have contacted about this have always refused to believe that their email lists are involved; perhaps stolen by an ex-employee? I'm not sure.

        Second, mu
    • Re:Spam solutions (Score:2, Interesting)

      by grogglefroth (461680)
      I've done this in the past. In 1997, I posted a single message containing only ":q" in the body to 19 (not 20!) newsgroups. Within a few hours, the first spam started rolling in. My smtp filter would automaticallly blacklist any sender+ip combo that sent mail to this bait address. This was very very effective for many years. A few years ago, I finally stopped using this method, as the use of using zombies made this practice no longer effective.

      Greylisting is currently the most effective means I'm usin
      • Greylisting is currently the most effective means I'm using right now for spam control

        When I enabled greylisting, over 90% of incoming email was greylisted and expired from the greylist; they never came back.

        Then I looked at the logical structure of the ACLs (this is exim) and made a simple change; the first thing I now check is the HELO/EHLO syntax. If this fails, they are dropped immediately. The next thing is DNSBL checking, if they are on these then they are dropped.

        Now 90% of hits on the greylist come
    • http://www.mailblocks.com/ [mailblocks.com] does this, they set up a bunch of honeypot email addresses that capture spam. They use this data to block certain servers from sending email to any mailblocks customer (both free and paid members).
  • by Joebert (946227)
    Spam, Made In Taiwan ?
    Why doesn't that supprise me ?
  • Send spam to Chinese people. These people should not be deprived of any knowledge about their government. For the first time spam could be used for good purpose.
  • Ok, so how come all the spam blockers don't just block the entire Taiwanese IP range?

    Anyone care to disclose the ranges? :)
    • Ok, so how come all the spam blockers don't just block the entire Taiwanese IP range?

      and then,

      US follows with 24%

      all the servers block US mail and you have hardly any spam at all... Great idea Baldrick
  • They must be good at identifying USA email addresses then. The vast majority of spam I get is from the USA. But then I'm in the UK, so perhaps Taiwan doesn't spam me as much as they spam Americans. Hey, perhaps this is another form of terrorism, is Taiwan on the Axis Of Evil?

The reward of a thing well done is to have done it. -- Emerson

Working...