China Seen as a Growing Source of Spam

SAN FRANCISCO (04/04/2000) - Just as the U.S. is getting a grip on its own spam problem, China has emerged as a new source for a tide of unsolicited e-mail that is clogging up in-boxes around the world.

Two types of spam are on the increase from China, according to people who track the problem. One type originates from Chinese marketers, is written in Chinese, and advertises mostly pirated software, Chinese Web sites and electronics goods. Chinese-language spam emerged as a real issue about six months ago and has been snowballing ever since, observers say.

"This has started to get out of hand," said Steve Linford, managing director of UXN (Ultradesign Ltd.), a small London-based ISP (Internet service provider).

"We had a few Chinese spams in December, then in January it suddenly shot up, and since then it's started going haywire."

"It's a waste of time and a waste of space," said Dave Jacobs, a California software engineer who said he's been receiving four to six Chinese spams a day in his personal in-box for the past several weeks, along with one or two English-language spams and a handful of personal e-mails.

China is also a growing source for a second type of uninvited e-mail that actually originates in the U.S., but is distributed via a host of insecure, poorly administered mail servers in China and elsewhere. Unlike in the U.S., where political and end-user pressure has forced ISPs to take action against spammers, network providers in China appear unprepared -- or unwilling -- to take similar steps.

"It seems in China that the level of education and awareness about spam isn't there yet," said Nick Nicholas, head of the Mail Abuse Prevention System (MAPS), a California non-profit group that helps ISPs fight spam.

In some cases, Chinese network providers use older software that makes it easier for spammers to use their mail servers to relay spam that originates from dial-up accounts in the U.S., Nicholas said. In other cases, "there are people there who are happy to take money (for distributing spam) and to do it with impunity," according to Nicholas.

It's hard to know exactly how much junk mail comes from China, since identifying and measuring all the e-mail that crosses the Internet would be an impossible task. Experts are quick to note that the vast majority of spam on the Internet -- as much as 90 percent -- originates in the U.S., where most of the insecure servers used to relay spam are also located.

But as ISPs here clamp down on spam and administrators button down networks against viruses, hackers and other threats, experts fear that spammers will increasingly turn their attention to China and other emerging Internet nations to distribute their payload. In addition, they see the emergence of Chinese-language spam originating from what is potentially such a vast market as an ominous sign.

"I'm very sure that as more countries get on the Net they will generate more spam," said Sunil Paul, CEO of Brightmail Inc., which offers a service that helps end users block spam. Paul testified to noticing an uptick in spam from China and Taiwan in the past year, but said he has also come across more spam recently from South Korea, Spain, Germany and the U.K.

The fact that most recipients outside China don't understand the content of Chinese e-mail is a reflection of the economics of spam, MAPS' Nicholas said.

"If it's no cost to you, why not just send it to everyone whether they understand it or not," he asked.

MAPS studies pieces of spam to figure out where it has come from and distributes a list of frequent offenders so that ISPs can block mail from those sources. Known as the Realtime Blackhole List (RBL), it includes thousands of IP addresses, some for individual Web servers, and others delineating whole blocks of servers used by ISPs considered friendly to spammers.

MAPS estimates that between one third and one half of all the e-mail boxes in the world are protected by the RBL. Most of the major service providers in the U.S. declined to be interviewed for this story, including MSN, Prodigy Communications Corp., America Online Inc. (AOL) and Earthlink Networks Inc.

Nicholas said that users of Microsoft Corp.'s Hotmail service, AOL and New Jersey-based ISP Erols Internet are protected by the RBL, either directly or through network providers that those companies subscribe to.

Of 2,800 listings currently on the RBL, about 5 percent are Chinese, up from about 1 percent this time last year, Nicholas said. Most of that 5 percent are for insecure servers being used to route mail to and from the U.S., but a growing number are for Chinese servers dishing up junk mail that originates in China, Nicholas said.

MAPS doesn't "blackhole" an IP address unless it has tried to contact the provider and received no response. One frequent problem cited with Chinese ISPs is that they don't respond to complaints, either because of language issues or because ISPs in the region don't provide postmaster addresses where complaints can be addressed to, according to Nicholas and others.

"China is a big black hole -- if you write a complaint it will be ignored," said Steve Atkins, founder of SamSpade.org, a Web site that provides tools for tracking the origin of spam.

The problem of spam from China has grown severe enough that a few smaller service providers, including Britain's UXN, have started blacklisting all of the IP addresses assigned to China Telecom Ltd., the state-owned carrier that provides backbone services for all of China's approximately 200 ISPs. MAPS isn't ready to go that far yet.

"There have been calls to list all of China Telecom (addresses) on the RBL," Nicholas said. "That's not the way we work, but there has been enough spam coming out of China that people are raising this as a real issue."

ISPs that have been blocked completely by MAPS include Chinese ISPs 163.net, 263.net and Netease, Nicholas said. Those companies also crop up frequently on spam discussion boards, which have been buzzing in recent weeks with talk of the Chinese spam problem. Netease operates one of China's most successful Chinese-language portals, and is expected to go public in the near future.

Contacted in China, a spokeswoman for Netease couldn't say immediately if the company is aware it is a source of spam.

MAPS hopes that as more Chinese e-mail is blocked by companies that subscribe to the RBL, this will apply pressure to China Telecom to clamping down on spam within its networks.

"When the amount of IP space in China (listed on the RBL) reaches a certain point we'd expect China Telecom to deal with it," Nicholas said. "If they don't, that's the time we would blackhole China Telecom."

China isn't alone in the problem it presents, he said. The vast majority of IP addresses listed on the RBL are insecure servers in the U.S., many of which belong to educational institutions. Telstra Corp., Australia's largest carrier, also features prominently on the RBL, while servers in Korea, Singapore, the U.K. and Spain have also been fingered as common sources of spam, according to Nicholas.

Spam isn't just a waste of time and bandwidth; it's also a financial liability for consumers and businesses. A recent study by market research company Gartner Group Inc. estimates that spam costs ISPs US$7.7 million for each 1 million users, mainly through customers joining a different ISP because they are fed up with spam. The non-profit Coalition Against Unsolicited Commercial E-mail (CAUCE) points to other costs for ISPs -- including paying for extra bandwidth and processing power -- much of which gets passed along to consumers.

The amount of spam overall is increasing, but at a slower rate than it was a year ago, largely thanks to enforcement efforts by ISPs in the U.S. and Europe, said John Mozena, vice president and co-founder of CAUCE.

"The enforcement activities by ISPs have been the most successful part of combatting spam. You have to look long and hard to find one that doesn't take swift action against spam in their network," Mozena said.

Some spam-watchers see a shift in the type of spammers at work. On the way out are what MAPS refers to as "chicken-bone" spammers -- a colorful term designed to suggest small-time spammers who have limited incomes and survive on a diet of fried chicken.

Remaining, according to Nicholas and others, are the more serious "hired guns" who open several ISP accounts at one time using fake credit card numbers and spam from them solidly until they get shut down and move on. Like chicken boners, these spammers use devious techniques to go undetected, such as relaying mail through overseas servers and forging e-mail header addresses.

On the horizon, meanwhile, are legitimate U.S. businesses who view unsolicited e-mail as a natural extension of telemarketing and direct marketing by mail.

These businesses, according to Nicholas and other opponents of spam, want to see the practices used by more unscrupulous marketers outlawed in order to legitimize spam for use by mainstream businesses. This type of spam is often referred to by opponents as "mainsleaze."

"What we're seeing is the end of the chicken-boners and the rise of mainsleaze," Nicholas said.

MAPS, located in Redwood City, California, can be found on the Web at http://mail-abuse.org. Brightmail, in San Francisco, California, is at +1-415-905-5595 and on the Web at http://www.brightmail.com/. Sam Spade.org is on the Web at http://www.samspade.org. UXN is on the Web at http://www.uxn.com/.

(Additional reporting by Stephen Lawson in Hong Kong.)

Join the newsletter!

Error: Please check your email address.

More about America OnlineAOLBrightmailChina TelecomEarthLinkGartnerGartnerMail Abuse Prevention SystemMicrosoftMSNProdigy CommunicationsTelstra CorporationUltradesign

Show Comments

Market Place