China Responsible for Most Spam

China is responsible for most of the world's email spam, according to new unpublished research.

Nearly three-quarters of the Web sites advertised in computer spam studied by the University of Alabama at Birmingham (UAB) Spam Data Mine so far in 2009 are tied to China, said Gary Warner, UAB's director of research in computer forensics.

Warner has dubbed the trend the "spam crisis in China."

"China has become a safe haven for Web site operators that use spam to promote their products because of the willingness of some Chinese Web-hosting companies to ignore spam complaints about those sites, which are hosted on their servers for a fee," Warner said. "The hosting companies don’t create the spam, but rather declare themselves bullet-proof hosting sites — meaning that regardless of the illegal activities being reported, they will not terminate their customer’s spam-related Web sites or domains."

Computer spam refers to unsolicited commercial advertisements distributed online via e-mail, which can sometimes carry viruses and other programs that harm computers.

For the year to date, the UAB Spam Data Mine has reviewed millions of spam e-mails and successfully connected the hundreds of thousands of advertised Web sites in the spam to 69,117 unique hosting domains, Warner said.

Of the total reviewed domains, 48,552 (70 percent) had Internet domains, or addresses, that ended in "cn" — the Chinese country code. Also, 48,331 (70 percent) of the sites were hosted on Chinese computers.

Further encouraging the Chinese spam epidemic is the widespread availability of cheap domain names.

Domain names based in China can cost as little as one yuan, or 15 cents in U.S. currency.

In contrast, U.S. domain names can costs as much as $35 a year, with a portion of the fees going toward efforts to detect fraud and abuse like spam. The low domain rates in China encourage Web page operators to buy numerous domains, leading to a continuous stream of spam promoting those various sites.

"Not only is it cheap to operate spam-promoted Web sites through the Chinese technology infrastructure, there is not enough revenue being generated to pay for the creation of programs or entities that could prevent such abuses from taking place," Warner said.

Warner said that while only a very few companies in China are responsible for perpetuating the illegal spam activity, they risk the reputation of their entire nation's Internet presence.

Warner thinks the solution lies in a renewed effort by the country's government to target companies acting as a haven for cyber-criminals rather than a complete block of all Internet flow coming from China. China must develop mechanisms to accept and respond to spam abuse complaints, Warner said.

The research currently is not published in an academic journal, but you can read more about it at Warner's blog.