Custom Search

Saturday, March 5, 2011

How could China cut spam so effectively?

This week I have read many articles talking about one thing: spam from China has greatly reduced. Regularly in the top five just two years ago, China is now ranked at number 18 on IronPort's list of spam-producing countries, and at number 20 according to Sophos. For China, a country with internet population bigger than population of the United States, this is no simple feat. In comparison, the U.S. is still the top-spamming country, according to Sophos.

In fact, IronPort's "finding" has lagged by more than a year. Other groups already pointed out similiar facts long ago, for example:
But most people have no idea how China achieved that. Some refered to an anti-spam initiative in 2006, but it was not until the second half of 2009 when spam from China started to drop off dramatically. Other mentioned the stricter control China put on ".cn" domain registration, but forgot that when talking about spam source, we are only concerned about their IP addresses, which have nothing to do with their domain names. Everyone seems to be a bit clueless, so I might as well give my two cents.

What has caused spam from China to drop did not set out to do so. It was really an effort to solve the botnet problem within China. China government put two orders (or are they regulations? Both were written in Simplified Chinese.), "Notification Guidelines for Internet Security Incidents" and "Detection and Response Mechanism against Trojans and Botnets", into effect in June 2009. This builds the framework for all parties involved to work together to track and dismantle botnets. As we all know, 80% of global spam are sent by botnets. So when China gradually cleans up those malware-infected computers (I hope my notification to CNCERT is being put to good use in the process), spammers also lose their spam-sending machines in China. The spam reduction we see today is just a nice by-product of China's botnet mitigation effort.

While still high on my botnet chart, as someone who detects botnets every day, I can say that China has come a long way in botnet mitigation, which eventually leads to its spam reduction. The Chinese way of botnet mitigation (a formalized incident response mechanism), like the mitigation framework I proposed before, might not be for everyone, but eliminating malware-infected computers is absolutely the right way to cut down global spam, for the present.

1 comment:

  1. Chih-Cherng Chin:

    Not sure if our ICSA Labs blog alerts you. In case it does not I just today saw, posted, and replied to your question/comment. As a reminder it is at

    Take care,