Home / News I have a News Tip

Gary Warner: We Are Well Past Time to Declare a Spam Crisis in China

In a blog post last week, Gary Warner, director of research in computer forensics at the University of Alabama's (UAB) computer and information sciences department, wrote that it is well past time for someone to declare a "Spam Crisis in China". The warning comes along with UAB's reports that most of the spam they receive has ties to China.

"It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China to host their web pages."

Related Links:
Spam Crisis in China Gary Warner, Jun.20.2009
Chinese Registrars Need Rap on Knuckles, Expert Says PC World, Jun.29.2009

Related topics: Cybercrime, Cybersecurity, Malware, Spam


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


I can confirm this Suresh Ramasubramanian  –  Jun 29, 2009 9:23 PM PDT

Our statistics indicate that a huge majority of this originates from at the most three or four registrars based in China

Xiamen Ename - which is the registrar for over 50% of domains we find in unsolicited bulk email every week - quite often fastflux

Xinnet is another one that has several such domains (a few hundred compared to over a thousand a week on ename)

Also others like Onlinenic and Paycenter.com.cn

The above statistics are from analyzing domains listed on the SURBL blocklist - http://www.surbl.org Suresh Ramasubramanian  –  Jun 29, 2009 9:24 PM PDT

Just to clarify the above data point.

We should clean up our own house first Edward Falk  –  Jun 30, 2009 11:49 AM PDT

The spam may be coming through Chinese servers, but if you track it back to its source, half the time you'll find it actually originated here in the U.S.

Remember last November when McColo in San Jose, California was finally disconnected?  Spam dropped 60-70% worldwide over night.  The shutdown of rogue site 3fn, also in San Jose, earlier this month led to another significant drop in spam.

And frankly, if you dropped a nuke on Boca Raton, you'd probably see a huge reduction in worldwide spam.

If the U.S. were to take spam seriously, it would be the single most effective thing that could be done to combat the problem.

Granted / point taken about chinese IP space Suresh Ramasubramanian  –  Jun 30, 2009 6:07 PM PDT

The point Gary's making though is a bit different. Domains registered in spam, through registrars (in fact just two or three registrars for the most part) based in China.

As for origins, you'd be closer if you looked at eastern europe than at boca raton.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum