It’s been a few years coming, but it looks like China may finally be getting a handle on its spam problem.
Once the largest source of the world’s spam, China has been gradually fading off the list of the world’s top spam-producers. Right now Cisco Systems’ IronPort group ranks it at number 18 in terms of spam-producing countries. That’s a big drop from two years ago, when it consistently ranked in the top five.
China is home to more than 420 million Internet users, according to the International Telecommunications Union, and many of them are connecting via hacked computers. Back in 2009, those hacked systems had been pumping out spam at a pretty good clip. In January of that year, China was ranked the number three spam-producing country in the world, according to data compiled by security vendor Sophos.
But by the end of 2009, spam from China started to drop off significantly, according to Chet Wisniewski, a Sophos researcher.
Sophos now ranks China as spam producer number 20, right behind Spain.
“This is the first time in recent memory that China has not been in the top 10,” said Cisco Research Fellow Patrick Peterson, in an e-mail interview.
According to him, China got serious about the issue in 2006, launching an anti-spam initiative that brought network operators and security companies together to address the problem. Peterson described this initiative as “dramatically successful.”
“China has been notable in the amount of spam that’s not coming from China now,” said Michael O’Reirdan, chairman of the Messaging Anti-Abuse Working Group and a distinguished engineer at Comcast. Spam fighters from the U.S. are now working more closely with members of the Internet Society of China — the group behind China’s anti-spam effort — to work out standards and better ways of cooperating, O’Reirdan said. They’re set to outline these efforts in a report, due next month, entitled “Fighting Spam to Build Trust.”
Perhaps the U.S. will learn a thing or two from China. According to Sophos, the U.S. remains the top-spamming country and the source of about one-fifth of the world’s spam. Security experts say many of those messages are crafted by spammers residing outside the country, but the fact that they have so many many hacked machines in the U.S. at their disposal is a major problem. At last week’s RSA Conference, Microsoft’s security chief went so far as to suggest that companies might want to start using digital health certificates to help cut down on the number of infected PCs.
Cisco says things have improved in China as ISPs have become better at working with customers to cut down on the spam problem.
According to Wisniewski, China has made it tougher to register new Internet domains and has put on stricter controls over who is allowed to send out e-mail — both of which may have helped reduce spam. “We don’t really have good insight into what exactly is going on in China, because they keep a lot of that under wraps,” he said. “It’s probably more about censorship than about stopping spam, but the net effect is that it has stopped spam.”
There were some arrests for criminal spamming late last year in Russia, and that country is now the focus in the fight against spam, according to Richard Cox, CIO of the anti-spam group Spamhaus. He applauded the joint U.S.-China effort.
“The majority of the criminal spammers have already moved their activities from China to Russia,” Cox said in an e-mail interview. “There is still a lot of work to be done in solving the problems of corruption and lawlessness in Russia that make it the international leader in spam and cybercrime.”
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com