If current trends continue, China will
easily overtake the United States in the next few
years as the spam (unsolicited commercial e-mail)
capital of the world. This development could have
serious consequences for Chinese businesses and
consumers by inhibiting the continued growth of
China's vibrant economy.
In short, the
proliferation of spam is one of the greatest
threats to the effectiveness and efficiency of
legitimate electronic communications and
e-commerce in China.
In general, spam
includes both unsolicited commercial e-mail, or a
message that has not been granted verifiable
permission by the recipient, and unsolicited bulk
e-mail, where a message is sent as part of a much
larger collection of messages. A majority of
spam is
sent through hijacked personal computers - better
known as zombie computers - that send bulk e-mail
messages to users.
The inconvenience and
intrusiveness of spam are made worse by the fact
that in many cases, the content of the unwanted
e-mail is deliberately disguised to conceal
criminal intent. At first, the messages appear
legitimate to the recipient, advertising products,
get-rich schemes and legal services. But the
actual intent of the unassuming e-mails is to
penetrate, infect and steal, releasing destructive
spyware, worms and viruses into a user's computer
that are designed to steal personal information or
other relevant data.
According to the
Radicati Group, a California-based research
marketing firm specializing in emerging
information technologies, about 71% of daily
e-mails worldwide will be spam by the end of this
year, jumping to 79% by 2010. Such growth trends
are alarming for both mature and developing
economies, since massive amounts of unwanted
commercial and bulk e-mails can clog computer
networks, slow Internet service and increase
service costs for consumers.
Businesses
are faced with lost productivity, unexpected
network maintenance upgrades and increased
personnel expenses. Spam also increases the total
number of consumer complaints, boosts system
downtime, and wastes system storage space.
According to an April report issued by
Sophos, a global Web security company, Asia was
the worst spam-relaying continent during the first
three months of 2006, sending 42.8% of worldwide
spam. Moreover, China is now second only to the US
in relaying spam, sending nearly 22% of the
world's total.
Soon after the Sophos
report appeared, the first anti-spam e-mail survey
of 2006 conducted by the Anti-Spam Center of the
Internet Society of China (ISC) was released. The
report found that spam is increasing steadily
throughout China, with Internet users receiving
2.4% more e-mail spam this March than they did in
November.
Recognizing the overwhelming
impact of harmful spam on the country's growing
economy, Beijing has taken the offensive. A new
anti-spam law, the Draft Introduction of the ISC
Common E-mail Service Rules, went into effect on
March 30.
First drafted in 2004, the rules
are similar in many ways to the US CAN-SPAM
(Controlling the Assault of Non-Solicited
Pornography and Marketing) Act of 2003 in that it
regulates e-mail advertisements, imposes civil
fines for spam offenders, and requires marketers,
spammers and database warehousing companies to
display in the subject line of an e-mail the word
guanggao (advertisement), so that users and
Web administrators can better identify and filter
unwanted e-mail advertisements. The law creates a
new center to handle reports regarding spam and
requires e-mail service providers to be licensed
and to retain copies of user e-mails for two
months.
The Public Security Bureau, the
Ministry of Information Industry, and the ISC
continue to work with international groups to
identify possible ways to mitigate spam in China.
Last July, Beijing announced its intention to join
the US/UK-led London Action Plan on Spam
Enforcement Collaboration, a group of 29
governmental agencies and 17 private-sector groups
promoting the exchange of information among
affected countries.
Critics of the new
Chinese spam law say that it, just like the US
measure that inspired it, will do very little in
practice to stop spam. Richard Cox, senior
investigator for Spamhaus, a leading Internet
research firm, noted this year that the country's
small group of hardcore spammers will not be
deterred by the new legislation. Cox also noted
that the Chinese government and Internet service
providers (ISPs), companies that provide access to
the Internet for businesses and consumers, must do
more in the area of international cooperation to
protect Chinese citizens.
Moving beyond
legislative remedies, some businesses are taking
their own measures to stop spam, saying the
e-mails threaten the "security and safety" of
business communications, transactions and
ultimately profitability. Many of today's
businesses are employing anti-spam programs that
detect unwanted e-mails and prevent them from
reaching users' inboxes. These software programs
block e-mail originating from addresses that
appear on a "blacklist". By checking the
authenticity of a domain name or Web address,
conducting keyword or phrase searches and
searching for patterns that suggest the e-mail
sender is a fake, businesses can stop spam before
it causes harm.
The market for anti-spam
products is expected to increase in the immediate
future. A study released by the Radicati Group
last month, "E-mail Security Market 2006-2010",
found that the market for security products and
services will experience strong growth through
2010, driven by the need by businesses to protect
e-mail networks from a wide spectrum of external
e-mail threats. The report noted that many
organizations have found the need to insert
multi-layered solutions for protection which
include better encryption, archiving, compliance
and support for instant messaging. According to
the study, worldwide revenue in the e-mail
security market is expected to grow to US$6
billion by 2010, up from $3.5 billion this year.
In addition to the use of preventive
software, the implementation of robust
best-practices policies by businesses that use a
filtering solution at the e-mail gateway is the
most effective way to protect businesses from
outside threats. Additionally, businesses should
ask the following questions: Does an existing
proxy allow connections from untrusted networks
such as the Internet? Are the most current
software and hardware being used? Have the latest
patches or upgrades been applied? Are proper
server access controls in place? Is the proxy
server checked regularly for unauthorized access?
Finally, is a database of known abusive e-mails
kept?
But despite the best efforts of
businesses to stop spam, new ways to bypass
filtering solutions are being introduced every
day. A recent study funded by the Natural Sciences
and Engineering Research Council of Canada
discovered a way to create spam that could bypass
filters and deceive computer users. "Our
experiments have told us that this isn't as
difficult to do as we might have thought to begin
with, which is kind of depressing," said Professor
John Aycock, a computer scientist at the
University of Calgary.
In addition to
technological hurdles, businesses and ISPs are
increasingly faced by consumers who say that some
anti-spam efforts have gone too far - blocking
legitimate e-mails and therefore harming
longstanding personal and business relationships.
In May, millions of America On-Line (AOL)
customers were temporarily unable to receive
e-mail from Google's Gmail users after concerns
were raised over some e-mail messages sent from
Gmail servers. Recently, software updates
installed by US-based Verizon Communications
resulted in the stoppage of many legitimate e-mail
messages that allegedly included suspicious
Internet addresses.
E-mail has become an
integral part of our everyday lives. Going
forward, a combination of technology, legal
action, user education, and international
cooperation will be necessary to address the
growing threat of spam in China.
Fred Stakelbeck is an expert on
bilateral and trilateral alliances as they relate
to China foreign policy. His writings address the
implications of China's emerging regional and
global strategic influence and relationships on US
national security. Comments can be forwarded
to frederick.stakelbeck@verizon.net.
(Copyright 2006 Asia Times Online Ltd. All
rights reserved. Please contact us about sales, syndication and republishing
.)
