Spam may be the bane of our cyber-existence, but there are geographic considerations that go into producing it. One way security companies guard clients against junk mail and other attacks is by blocking IP addresses where spam has been known to originate. When too many IP addresses get blocked in one place, spammers pack up and move to a neighboring country and keep going.
By looking at IP blacklist data, we can see one such dance taking place in eastern Europe earlier this year. In January, only about 5% of IP addresses in Belarus were being blocked, a number that rose to almost 30% in May. The same study, produced by international message security company Cloudmark, points out that Romania currently has the most blocked IP addresses of any country. Spammers probably switched to using IP addresses in nearby Belarus and Russia to get around the problem, causing the spike in blocked Belarusian addresses. But then hosting companies in those countries wised up, implemented tighter restrictions, and forced them back to Romania’s more permissive hosts, which caused Belarusian IP blocks to drop back to normal levels in May.
It’s difficult to assess spam output because there are multiple ways to measure it: You can look at it in terms of how many spam messages are produced, how many IP addresses are blocked, or the percentage of blocked addresses in a given country, to control for population. Many sources cite the three countries with the largest populations, China, India and the U.S., as the origins for the majority of spam. This makes some amount of sense, but it doesn’t tell the full story unless you adjust the data for population and number of allocated IP addresses.
The security industry has operated using these measurements since email became a popular target for scammers, but the dynamics of spam are about to change. Now that all available IPv4 addresses have been allocated, security companies are beginning to turn their attention to what the spam environment will be like in IPv6. Once email providers moves to IPv6, some fear that spammers will have an advantage because they will be able to take over huge numbers of IP addresses without having to worry about the geographic constraints of a given country. But others point out that for this very reason an IP address’s “reputation” will no longer be a good indicator of its credibility at all when there are so many addresses, and that this will motivate the industry to discard IP blocking as a security strategy and adopt better methods.
Laura Atkins of Word to the Wise writes:
I don't expect IP reputation to become a complete non-issue. I think it's still valuable data for ISPs and filters to evaluate as part of the delivery decision process. That being said, IP reputation is so much less a guiding factor in good email delivery than it was 3 or 4 years ago. Just having an IP with a great reputation is not sufficient for inbox delivery. You have to have a good IP reputation and good content and good URLs.
As IPv6 rolls out among email providers and in general, the physical game of cat and mouse that spammers have been playing all over the world may morph into something different. It’s unclear whether this change will meaningfully affect how much spam we get every day, so until we know, keep those filters running.
Why We’re Tracking The Bad Internet
People’s lives and decisions are complicated. And the more they live them online the more ambiguity they introduce. But we’re not here to judge. This Bad Internet tracking story looks at offbeat or fringe Internet practices and people who are just trying to do a thing online. It explores the black hat spectrum, everything from scraping to vulnerability exploitation, and highlights utilities that could have both legitimate and dastardly functions.
[Image: Flickr user Pat Ferro]
Previous Updates
Lots Of People Can Read Your Private Chats--Not Just The NSA
July 12, 2013
The PRISM frenzy has added significantly to a discussion that was already simmering about the level of security protection on messaging apps like Apple’s iMessage. These services are so easy to use that most consumers don’t think about who might have access to their data. But usually at minimum, the company providing the service can parse messages and conversations, and often advertisers or investors have some access as well. But a desire to take advantage of now-basic digital communication should not preclude users from privacy, right? And probably anyone planning a bank heist knows about these security holes.
Peter Sunde’s new messaging app, Hemlis, promises to emulate the ease-of-use that makes messaging apps so popular, while also offering total anonymity from a data perspective. The company is saying that it won’t sell ads or user data and the plan is to fund Hemlis through donations and paid premium features.
All communications on today’s networks are being monitored by government agencies and private companies . . . That’s why we decided to build a messaging platform where no one can spy on you, not even us.
But the question is, what security strategies will Hemlis use? Because the extent of its security features will, at least in part, dictate who uses it. And how much shady business can be conducted over it. A lot of companies claim that messages sent via their apps live in encrypted fortresses. Even services with lousy track records, like iMessage, are touted as secure.
Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.
But just by taking a moment to think about how iMessage works, it’s clear that Apple is full of it. Messages must be somehow accessible if conversation histories are saved in iCloud for easy restoration on new devices, and if users have continuous, uninterrupted access to those histories even after they change their handset or iCloud password. These concerns were clearly outlined in a blog post by Johns Hopkins cryptographer Matthew Green a few weeks ago. He wrote:
That's the problem with iMessage: Users don't suffer enough. The service is almost magically easy to use, which means Apple has made tradeoffs--or more accurately, they've chosen a particular balance between usability and security. And while there's nothing wrong with trade-offs, the particulars of their choices make a big difference when it comes to your privacy.
These trade-offs are the crucial dictator for how a messaging service can be used for sensitive communication. If message histories are saved, even locally, the messages themselves are not secure. They can only function as such if their abstract meaning is transient and will not be useful to a later reader. A messaging system that works like SnapChat may sound like a better alternative, but it would run into similar issues between utilities that autosave received communications and the ubiquity of devices capable of taking screencaps.
No matter how sweeping a company’s privacy statements, they always seem to turn out bogus. For example, in 2008 Skype claimed that it could not tap users’ calls no matter what entity (private, government, etc.) requested data. Jennifer Caukin, Skype's then-director of corporate communications said, “Because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request.” But it turns out that this was never true, or at least wasn’t true by 2010 when a pre-Microsoft Skype signed on to provide the audio from calls for PRISM.
If Hemlis can deliver on its lofty privacy goals there will be no reason to use any other messaging app on principle. But it seems like the only way for a service like Hemlis to be trusted for intensely private communication is for its backend to be totally open to scrutiny and evaluation. Without complete transparency, it will just be another black box into which people subtly allude to tax fraud, unwisely share their bank PIN, or correspond with their pot dealer.
