Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

China cleans up spam problem

Once the source much of the world's spam, China now ranks behind Spain.

It's been a few years coming, but it looks like China may finally be getting a handle on its spam problem.

Once the largest source of the world's spam, China has been gradually fading off the list of the world's top spam-producers. Right now Cisco Systems' IronPort group ranks it at number 18 in terms of spam-producing countries. That's a big drop from two years ago, when it consistently ranked in the top five.

China is home to more than 420 million Internet users, according to the International Telecommunications Union, and many of them are connecting via hacked computers. Back in 2009, those hacked systems had been pumping out spam at a pretty good clip. In January of that year, China was ranked the number three spam-producing country in the world, according to data compiled by security vendor Sophos.

But by the end of 2009, spam from China started to drop off significantly, according to Chet Wisniewski, a Sophos researcher.

Sophos now ranks China as spam producer number 20, right behind Spain.

"This is the first time in recent memory that China has not been in the top 10," said Cisco Research Fellow Patrick Peterson, in an e-mail interview.

According to him, China got serious about the issue in 2006, launching an anti-spam initiative that brought network operators and security companies together to address the problem. Peterson described this initiative as "dramatically successful."

"China has been notable in the amount of spam that's not coming from China now," said Michael O'Reirdan, chairman of the Messaging Anti-Abuse Working Group and a distinguished engineer at Comcast. Spam fighters from the U.S. are now working more closely with members of the Internet Society of China -- the group behind China's anti-spam effort -- to work out standards and better ways of cooperating, O'Reirdan said. They're set to outline these efforts in a report, due next month, entitled "Fighting Spam to Build Trust."

Perhaps the U.S. will learn a thing or two from China. According to Sophos, the U.S. remains the top-spamming country and the source of about one-fifth of the world's spam. Security experts say many of those messages are crafted by spammers residing outside the country, but the fact that they have so many many hacked machines in the U.S. at their disposal is a major problem. At last week's RSA Conference, Microsoft's security chief went so far as to suggest that companies might want to start using digital health certificates to help cut down on the number of infected PCs.

Cisco says things have improved in China as ISPs have become better at working with customers to cut down on the spam problem.

According to Wisniewski, China has made it tougher to register new Internet domains and has put on stricter controls over who is allowed to send out e-mail -- both of which may have helped reduce spam. "We don't really have good insight into what exactly is going on in China, because they keep a lot of that under wraps," he said. "It's probably more about censorship than about stopping spam, but the net effect is that it has stopped spam."

There were some arrests for criminal spamming late last year in Russia, and that country is now the focus in the fight against spam, according to Richard Cox, CIO of the anti-spam group Spamhaus. He applauded the joint U.S.-China effort.

"The majority of the criminal spammers have already moved their activities from China to Russia," Cox said in an e-mail interview. "There is still a lot of work to be done in solving the problems of corruption and lawlessness in Russia that make it the international leader in spam and cybercrime."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Cisco, Cisco Systems, Comcast, etwork, IDG, IronPort, Microsoft, RSA, Sophos, West
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Cisco Systems, internet, Messaging Anti-Abuse Working Group, security, sophos
Latest Blog Posts
Whitepapers
  • Yes. We. Can. Flexible Policy 2.0
    Social media may have changed the way we do business, but the rules of engagement are still the same. Dynamic business environments call for flexibility. Context is everything when it comes to deciding what information needs to be blocked or controlled, and when. Read this whitepaper.
    Learn more »
  • Why performance management? A guide for the midsize organisation
    Midsize organisations are uniquely positioned to take advantage of a performance management approach to business. Compared with larger companies, they have more agility to bring information and people together and respond faster to changing market conditions. With one performance management solution, midsize companies can turn disconnected data into information, turn information into valuable insight and turn insight into action.
    Learn more »
  • Think print, Think security - Plugging the printer security gap
    The widespread use of networked printers and multifunction peripherals (MFPs) which scan, print, fax, copy and email has increased productivity in the production of all types of business output. However, the growing sophistication of these devices has also increased security risks associated with printing. Network connectivity, along with hard disk and memory storage, means that MFPs are now susceptible to many of the same security risks as PCs and servers alongside the traditional risk of sensitive printed output getting into the wrong hands. However, all too often the security of the print environment is overlooked and little is done to mitigate these threats. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments