I've been doing some research internally to prepare for Microsoft's next Security and Intelligence report, but I thought I'd give my readers a sneak preview. These numbers are quite surprising so I thought I'd share them.
In my department, we block about 92% of our total email at the network edge without accepting the message. When we do that, we don't see any traffic from that IP anymore and don't keep stats on it due to the overwhelming volume of mail. However, we do keep stats on mail that we block with our content filter.
I went and calculated how much spam we receive from each country by mapping the source IP back to its source country. The results are below:
If you were to look at this chart, you'd probably say "Hey, that tells us what we already know. The United States is the spammiest country in the world, followed by China. That Brazil, Argentina and Russia are on there comes as no surprise."
But is this the best way to measure how spammy a country is? I decided that I had to normalize the results. Of course countries with bigger populations will be in the top 20, there's more people and therefore more potential for spam. To normalize the data, I went and determined how many Internet users there were in each country by pulling it from the web. I then created a Spam per Internet User rating, by dividing the total amount of spam by the total number of Internet users. This normalizes the data. Now a country with a very large population does not necessarily outrank one with a smaller population. The results are below with the caveat that a country requires at least 2.5 million Internet users to get onto the table:
Looking at this table, the numbers completely change. The United States drops from first place to fourth place. China doesn't even make the top 20! The Czech Republic, which was 13th on the previous list, bolts up to number 1. South Korea moves up one spot to 2nd, and climbs nine spots from 12th to 3rd. The Netherlands didn't even rank on the previous chart but clocks into 4th place when the data is normalized against the base of Internet users.
The normalized data set changes my perception of who is spamming and who is not. China may send a lot of spam but Eastern Europe sure seems a lot more spammy than the Chinese. Indeed, the top 5 countries are much more efficient at spamming the rest of the world than the less developed countries. I'm not sure what this means in terms of how to interpret the data. Does it means that these developed countries are lax in their security policies? Does it imply that they are complicit in spamming? Does it imply that spammers are better organized over there?
In any case, another interesting study would be a projected spam count; if China had the same Internet penetration as Iceland (which is 90% of its population), then using the Spam Per User ratio, how much of the world's spam would they be responsible for? Maybe I'll play around with the numbers and take a look.
I don't think this is a good comparison. The number of internet users is incorrect, at least for the Netherlands.
population : 16,645,313
users : 5,470,000
penetration : 82.9 %
5,470,000 / 16,645,313 != 82.9%
I'm sure about everybody in the Netherlands is using internet so the number of users should be at least 15,000,000.
Countries with a low population are hit hard by just one spammer network which could easily send millions of spam messages. A zombie pc is sending a relative low volume of spam messages each, so a lot are needed to send large volumes. A better comparison would be to compare the number of zombie pc to the number of internet users.
The number of internet users used for the Netherlands is actually the number of broadband users. The number of internet users as of 2007 is almost 14 million (over 80% of the population instead of less than a third), which brings the spam per user down to approximately 0.99.
This mistake was made in the list on internetworldstats.com. If you visit the European stat list they list the right number.
The other numbers seem to be correct.
You guys are right. I need to fix that.
What is ‘SPAM’ & What is ‘Marketing’
It gets me every time…because; no-one and I mean no-one, is calling the advertising posted mail-shot ‘SPAM’ and making laws against it (Albeit you can opt out)…but you can opt out of receiving emails…can’t you?
I wonder would it be because big business, can afford the expensive posted mail shots, email packages and TV advertising and the small marketers cannot and then when the internet came along and big business seen that the small guy found it an affordable way to market his or her product, they invented the dirty word ‘SPAM’.
We get unsolicited advertising in our home called TV advertising. They even increase the sound by 3 decibels to make us notice, but they don’t call this ‘SPAM’. (Us small fry can’t afford this either.)
I only broach the subject because I am a small guy trying to get my product namely my shopping site ‘TheShoppersList.net’ up there with the big boys…I don’t promote anything that is bad or can’t be shopped for on the high street or seen or heard in all walks of life…but let me send an email advertising my site to someone who didn’t ask for it and WOW!!!!!...THEY’LL BAR ME FROM THE INTERNET AND THROW ME IN JAIL!!!!!.
My mailbox is full of what they call ‘SPAM’, i.e. emails for sex, drugs & scams, the very thing they said would stop if they called it ‘SPAM’ and made it illegal; Doesn’t seem to have made a difference, except against the real small advertisers who can’t afford expensive posted mail shots, email packages and TV advertising.
So once again the minnows lose out to the establishment on a platform that is supposed to be free!!!!
Or am I into…. “Conspiracy Theories”.