Researchers at security company Sophos found after scanning its global network of honeypots -- computers designed to attract spam emails and viruses -- that 42 percent of all spam sent this year came from the United States.
Sophos says this is evidence that America's anti-spam legislation simply isn't working.
"When we released the first report back in February, the US had the excuse that the Can-Spam Act had been in existence for only three months," said Graham Cluley, senior technology consultant for Sophos, on Friday.
"Almost a year and millions of spam messages later, it is quite evident that that the Can-Spam legislation has made very little headway in damming the flood of spam."
South Korea and China came in second and third place, respectively, but together they sent just half as much spam as the US.
The United Kingdom came ninth in the list, and was responsible for just 1.13 percent of the world's spam.
The results came in as follows:
United States: 42.11 percent
South Korea: 13.43 percent
China (including Hong Kong): 8.44 percent
Canada: 5.71 percent
Brazil: 3.34 percent
Japan: 2.57 percent
France: 1.37 percent
Spain: 1.18 percent
United Kingdom: 1.13 percent
Germany: 1.03 percent
Taiwan: 1.0 percent
Mexico: 0.89 percent
Sophos warned that many spammers are using hacked PCs with broadband connections to send out their spam. This could explain South Korea's position near the top of the list, as it leads the world for broadband penetration.
"Spammers are motivated by one thing -- quick, easy money," added Cluley. "There are plenty of spammers who have taken their money-making schemes to the extreme by hacking into innocent third-party computers in an effort to do their dirty work."
"Many of the computers sending out spam are most likely to have had their broadband internet connections exploited by remote hackers. Zombie computers -- PCs that have been compromised by hackers or virus writers -- are sending out over 40 percent of the world's spam, and many users who fall victim are unaware."
The reason the CAN SPAM Act of 2003 has "failed" to reduce the volume of unsolicited commercial email is simple.
Unlike the Australian legislation, the Act is not designed to control volume.
Why? I suggest you ask the Direct Marketing ****ociation and Congressional officials this question, but my understanding is that it was believed at the time:
* A law prohibiting the sending of unsolicited commercial would not reduce volume;
* The problem areas were email fraud and forgery.
The legislation:
* Gives recipients of commercial e-mail the right to opt-out;
* Prohibits the sending of commercial e-mail with misleading headers, deceptive subject lines and so forth;
* Gives Federal authorities, along with state attorneys general and internet access providers strong legal remedies;
* Does not interfere with the authority of Internet access providers to set policies blocking the transmission, handling, routing and storing of various types of e-mail.
In essence, the legislation accepts the view that a prohibition against UCE would unduly interfere with the commercial right of free speach, as Internet access providers are best suited to control volume.
Is this analysis correct? Well, according to recent news reports, the only large provider which has been able to substantially reduce the volume of unsolicited bulk e-mail hitting its network is America Online.
It remains to be seen whether:
* Other large Internet service providers can have the same level of success;
* Co-ordination of anti-spam activities, along with wide spread implementation of a workable proposal for sender authentication will result in an overall volume reduction.
However, as long as the law does not specifically ban unsolicited commercial email, backed by strong penalities, I suggest the exercise will not bear the results people want.
Even then, the best one can hope for is to bring the situation under control as online abuse will always be a problem.
John Glube
Toronto, Canada
Who Pays And Surviving The Email Transition
http://www.learnsteps4profit.com/emwp.html