| |
Slamming
Spamming
By DING
WENLEI June 2004
It
used to take Yue Qianming, Vice President and China General
Manager of ViVoDa Communication, Inc., less than one minute
every morning to delete his junk e-mails. Now it takes him
at less half an hour, checking mails piece by piece and
blacklisting those addresses he doesn't want repeats from.
"I have no alternative. I want to keep
the goldfish when I spill the water out of the bowl, "
explained Yue with annoyance.
That annoyance has been felt by people throughout our small
global village, who have given up pen and paper for the
convenience and efficiency e-mail presents and been slammed
by the phenomenon of spam, a term used to describe unwanted
junk e-mails sent to thousands of e-mail users.
As China celebrates the 10th anniversary of its first full
connection to the Internet, spammers worldwide are exploiting
China's slack attitude toward junk mails and shortage of
spam legislation, pushing China to second place behind the
United States, on London-based Spamhaus organization's ranking
of the worst "spam countries."
A recent survey by Commtouch Software Ltd., which provides
an anti-spam product, found that 71 percent of the websites
referenced in spam e-mails were hosted in China.
In terms of the annoyance spam represents for Chinese Internet
users, Li Yuxiao, Director of the Anti-spam Coordination
Team at the Internet Society of China (ISC), estimated that
47 billion pieces of spam were received by Chinese users
in 2003 and a collective 1.5 billion hours were wasted reading
and deleting spam. The economic loss attributed to spam
was put at 4.8 billion yuan ($581 million).
Since early this year, China has begun to address the spamming
situation with due seriousness, seeking international understanding
and cooperation.
With the help of the ISC, Spamhaus opened its China operations
(www.Spamhaus.cn) in Beijing on May 25, swearing to "help
Chinese e-mail and technology providers rid themselves of
companies who use the servers to send bulk unsolicited e-mails
around the globe."
Economics of Spam
Li described marketing via spam, or "spamvertising,"
as "a lucrative business that generates big profits
from small capital," which has made Alan Ralsky, a
prolific and notorious spammer in the United States, a millionaire.
The spam king is now living the high life off the e-mail
troubles of others in his 8,000-square-foot luxury spam-financed
house that cost $740,000.
It was estimated by Li that Ralsky has earned over $30 million
from junk mail sales over more than a decade, by charging
his clients $1,000 for sending each batch of 1 million junk
mails at the cost of $30. The price in China is dirt cheapy
comparison--100 yuan ($12.1) per 1 million sent.
According to Richard Cox, CTO (Chief Technology Officer)
of Spamhaus.org, who was invited by the ISC to Beijing and
Xi'an in April 2004, known spam operations are responsible
for 90 percent of spam mails sent from China.
The industrial chain of spamvertising has fed spammers with
various business focuses, from sales of spam transmission
software to sales of CDs full of e-mail addresses they've
procured from web pages and lists of open proxy servers.
By using spam transmission software that is easily downloaded
from the Internet, anyone with a broadband Internet connection
can send nearly 10,000 spam messages at the press of a button.
Why Spam Annoys
Due to a legislative gap in e-mail administration, many
foreign spammers have forwarded enormous amounts of junk
mails via Chinese mail servers. Consequently, many overseas
anti-spam organizations began blocking China's IP addresses,
which has severely damaged the reputation of China's mail
servers and resulted in tremendous economic losses.
Besides, batch mails usurp network bandwidth, multiplying
the operation cost of e-mail service providers.
Spam, according to Li, distinguishes itself from normal
e-mail marketing by several outward features of its behavior--unsolicited
e-mails that cannot be rejected, usually concealing senders'
identities, addresses and subjects and containing false
information.
Spam annoys individuals because "they waste netizens'
time and cause severe damage to hardware and software when
they introduce viruses," said Li.
Executive Yue Qianming, for example, always worries about
two things when he shuttles on business trips between Beijing
and his U.S. headquarters: Important business is delayed
because he cannot check mails in time and mails carrying
important messages are denied access to his e-mail box due
to saturation bombardment of junk mails.
Liang Wenqing, researcher with the Chinese Academy of Sciences,
who is now with a research team in the Netherlands, sympathizes
with Yue, "As a researcher relying on e-mail for exchanges
with fellow researchers at home and abroad, spam really
harassed me when some important mails failed to reach me
because of spam saturation."
Yue observes that most spam sent to his free mailboxes is
either advertising, e-zines, propaganda or pornography.
The most annoying junk mails, Yue said, are those "introducing
viruses that could cause the computer to break down because
of aggravation of hardware and software damage."
According to a survey adopted by Kingsoft recently, 47 percent
of junk mails Chinese receive now carry viruses.
Pan Shiyi, a property developer in Beijing, admitted that
"my business has been bombarded by spam carrying viruses
several times" though he was personally less affected
by spam because he never checks the content of mail and
wastes little time in deleting junk mails thanks to a broadband
Internet access.
Technology Cures?
However, Wu Yunkun, Director of Product Marketing of the
Rocket Software (Beijing) Inc., suggests from his personal
experience, "Spam is not that terrible provided that
you are well informed about the nature of spam and equipped
with efficient tools to block spam."
Filtering services installed by e-mail service providers,
for example, is one of the tools Wu refers to and these
have been at the forefront of China's fight against spam.
As "deletion will never save your further troubles
with spam," Li says mere deletion of junk mail will
never resolve the problem and urged netizens to report addresses
of junk mails to webmasters, helping e-mail providers improve
filtering services.
The ISC began getting tough on August 8, 2003, when it published
its first spam blacklist of 225 Internet protocol (IP) addresses
of servers responsible for sending spam, along with a one-month
ultimatum: "Cut the spammers off or we'll start blocking
traffic from your network."
The move saw spam drop 26 percent during the two months
after the first list was published, although it has since
rebounded despite the ISC issuing three subsequent lists,
with the most recent in April.
"It was all because China hasn't staged any anti-spam
legislation untill now," explained Li.
"It is ironic that we cannot say spamming is 'illegal'
due to the absence of certain laws, though we are quite
aware of its infringement on our rights as e-mail address
owners."
Seeing China as a "spamming safe-haven," a growing
number of spammers have moved part or all of their operations
to China, including the spam king Ralsky. They are now targets
of spam fighters like Chen Shifeng, COO (Chief Operation
Officer) of Guangzhou-based Corpease.net--a provider of
enterprise e-mail systems.
As a partner of Spamhaus.org and member of the ISC anti-spam
coordination team, Chen has been tracking activities of
Ralsky and his Chinese agents for months and came up with
two IP addresses in Dandong, Liaoning Province in late May.
However, the local police haven't arrested or punished these
spammers because there is no law under which they can be
charged.
"No effective relevant law and difficulties in obtaining
evidence are the great obstacle we met in this case and
also a common issue facing China's anti-spam organization
and individuals, " said Chen.
Legislation Lacking
Despite all the moves made by the mail servers and anti-spam
servers, the lack of related laws and regulations leaves
much of the anti-spam action floundering.
"Sophisticated spammers like Ralsky are very familiar
with many countries' related laws, knowing how to circumvent
risks by taking advantages of loopholes in the law,"
said Li.
To tackle the problem, technically speaking, mail servers
have to block spammers' IP addresses, e-mail accounts or
even domains. These measures are simply not feasible without
explicit legal prescriptions, Yi said.
In February this year, the ISC publicly appealed to the
authorities to speed up anti-spam legislation and establish
an anti-spam system in which the government, industries,
enterprises and the public can all participate. The ISC
has submitted its proposal to higher authorities for review
and, hopefully, approval, said Li.
"Technically, we in the industry have done our best
and if backed by certain law or regulation, our efforts
will achieve a better result, " added Li.
Li advocates prudence for legislation, citing the example
of the United States--the spamming situation in the world's
top spammer deteriorated several months after it passed
the CAN-SPAM Act in January that legalized spamming (it
must be labelled). As a result, they see spam sent from
the country decreasing while that inbound soars as many
spammers are moving operations overseas.
"Regulations regarding spamming in China are expected
soon, though an anti-spam law will be in deliberation for
quite a long time," Li said.
As the Internet has no boundaries, spam fighters at home
and abroad agree that international cooperation and legislation
are needed in order to crack down on spamming and other
forms of Internet fraud.
==
Side bar 1
Tips for Individual E-mail Users
* Be prudent when leaving your e-mail address on web pages
as this increases the chances of being identified by certain
software, which may sell the info to spammers. You can change
"@" to "#" to deter this, though softwares
can later update;
* Use e-mailboxes with spam filtering services that are
provided by some free e-mail services like Yahoo. Many other
such services exist for which you must pay a fee;
* Report junk mail addresses to webmasters, which helps
e-mail providers improve their filtering services. Merely
deleting junk mail will not resolve the source of the problem;
* Be suspicious of e-mails with unclear addresses or domains.
In fact, it is recommended to delete them directly and do
not reply. Unsolicited "replies" or titles you
do not recognize are likely spam; and
* Be cautious of any e-mails with attached files. Never
open or run these files directly before they are scanned
with the latest anti-virus software. Free e-mail providers
like Yahoo and Hotmail have auto virus scanning, while others
may not.
Spam carrying a virus often has short, eye-catching titles
(in English or Chinese) and brief content in order to cajole
you into opening the attached file, which usually identifies
filename extensions such as ".scr," ".pif,"
".com" and ".exe." The first three are
typical of virus programs.
By Cai Jun
Side bar 2
Tips for E-mail Service Providers
* Make sure there is Reverse Domain Name Service (RDNS)
for each mail server. This enables anti-spam organizations
to locate a domain name using the host Internet Protocol
(IP) address, which avoids users from being mistakenly identified
as having a dynamic IP address that sends spam;
* Put a hidden e-mail address (where the font color is the
same as the background) on your website, by which you can
catch and filter out spam;
* Reject e-mails from open-relay servers, which are vulnerable
to spam, and use authoritative blocklists like the Exploits
Block List (XBL) provided by Spamhaus, a real-time DNS-based
database designed to stop spam from illegal third party
exploits, including open proxies, worms/viruses with built-in
spam engines and other types of trojan-horse tactics used
by spammers;
* Limit the concurrent connection with an IP address or
user;
* Limit the error rate in a unit period (e.g. one minute)
to protect your server from a password attack or user list
detection;
* Monitor bandwidth usage distribution daily;
* Check whether your IP is on any international anti-spam
blacklist;
* Install content filters to protect from the most common
e-mail viruses;
* Prepare a server outside China to work as a backup mail
server in case all Chinese IP addresses are blocked by an
anti-spam organization; and
* Provide an e-mail address for public complaints and be
cautious of e-mail complaints from Europe or North America.
By Chen Shifeng |
