The United States is still the world's top spammer, despite new anti-spam law and a series of high-profile court cases, but the problem is improving.
According to the latest report by Sophos, the US is still number one with 26 percent of all worldwide spam but that percentage has fallen since last year. In fact, it is a marked drop: in 2004, 42 percent of the world's spam originated from US machines.
"It has been lowering for awhile for a number of reasons," said Graham Cluley, senior technology consultant for Sophos. "The anti-spam task forces and the authorities and the ISPs in North America are getting much better at putting into practice methods that are lowering the amount of spam," he said.
But even as the percentage of spam from the US has been dropping, the increasing broadband capacity of South Korea and China has made these two countries more attractive sources for spammers, Cluley said. The percentage of spam originating in South Korea jumped from 12 percent to 20 percent over the past year. In China, it went from nine percent to 16 percent, he said.
The total amount of spam being sent worldwide remains about the same, Cluley estimated.
Spammers often operate by using malicious software to seize control of an unsuspecting user's PC, turning it into a "zombie". Spammers will then assemble a large number of these zombie machines to send out their e-mail messages.
As a result, countries with wide broadband use and who operate older versions of Windows are particularly attractive to spammers, said John Reid a volunteer with the Spamhaus Project, a worldwide anti-spam organization.
Increased legal activity against spammers and the improved security features of Windows XP Service Pack 2 have dampened prospects for some spammers, but the most effective way to cut back on the problem would be for ISPs to prevent most of their users from setting up servers that use the Internet standard "port 25" number, used to identify themselves as e-mail servers, Reid said.
"If it could be done tomorrow you'd just see spam just drop off the charts," he said. "And while customers who had set up their own SMTP servers would be unable to send mail, the vast majority of users would not suffer, Reid said. "There's no real need for granny to connect directly from her cable modem to anyone's SMTP server," he said.
ISPs, have been reluctant to block port 25, however, primarily because it's an expensive and time-consuming process, Reid said.
Sophos arrived at its numbers by analysing all of the spam messages it received during a six -month period in its network of spam traps. It found that the top five spam-generating countries were:
- United States - 26.35 percent
- South Korea - 19.73 percent
- China - 15.70 percent
- France - 3.46 percent
- Brazil 2.67 percent