How China stopped spam and malware distribution on its domains
I stopped following the spam problem in detail a while ago, but assumed that China was a major source of the stuff.
It just sort of seems like it would be, but it turns out this is no longer the case.
In most countries it's cheap and easy to register a domain name. Not in China where the government makes you run things past them. A side-effect was to kill off spamming from Chinese domains.
It all began with a directive from CNNIC (China Internet Network Information Center), which administers the .CN domain:
In order to further enhance the authenticity, accuracy, and integrality of the domain name registration information, now notify as following:
- Domain name applicants need to submit the formal paper based application material when making the online application to the registrar. The application material includes the original application form with business seal, company business license (photocopy), and registrant ID (photocopy).
- Registrar should carefully review the application material. When application is deemed qualified, registrar need to submit the application material via fax or E-mail to CNNIC, and withhold the original application material.
From the day of the submission of online application, if CNNIC does not receive the formal paper based application material within 5 days or the application material auditing is not qualified, the domain name to be applied will be deleted.
Spammers need for domain acquisition to be cheap and fast, as they will lose them frequently. These procedures make it uneconomical for spammers to use Chinese domains for their links.
Many thanks to Jack Walsh, Network IPS and Anti-Spam Program Manager at ICSA Labs who pointed this out in his own blog, citing a different blog by Microsoft's Terry Zink. Jack checked and the ICSA's numbers (see the chart nearby) correspond to the picture drawn by Zink. Nowadays the top countries for spamming (see this other ICSA chart) are Russia, South Korea, India, Brazil and Ukraine.
Not long after the CNNIC directive went into effect spam using Chinese links went into a decline to a point where they are not a large source anymore. About the same time India's contribution to the spam problem jumped. It doesn't matter where the domain is, and it's not like a .CN domain inspires confidence.
CNNIC's purpose was probably not to stop spamming, but rather to give the government more control over who got what domain. I wouldn't want it to happen here, but it does underscore one of the costs of freedom.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.