Blame Canada

Last week, the CBC released an article claiming that Canada is the world’s worst spam source.  Some excerpts from the article:

Canadian computers — many of them unwittingly — send out over nine billion spam e-mails a day, almost five per cent of all global spam traffic, according to a report from network and internet security firm Cisco.

The United States was the single largest source of outgoing spam messages, Cisco reported, accounting for 17.2 per cent of all global spam.

Canada was the fourth biggest source, with 4.7 per cent of all global spam, behind the U.S., Turkey (9.2 per cent) and Russia (8.0 per cent), and had the highest percentage of spam on a per-capita basis of the 16 top nations.

Canada’s privacy commissioner, Jennifer Stoddart, has been pushing for over a year for Canada to enact legislation to fight spam. Canada is the only G8 country without anti-spam legislation, she said when first drawing attention to the issue last year.

I think that these statistics are interesting.  I’ve known for a long time that the United States was the number one source of spam, what surprises me is that Turkey is number 2.  For the longest time, China was number 2.  Even more surprising is that Canada is number 4.  For such a small country (population of only 33 million), it sends a very disproportionate amount of spam.  If we use the numbers above, then we have the following on a daily basis:

  • The US sends one piece of spam for every 9.26 citizens
  • Russia sends one piece of spam for every 9.26 citizens, the same as the US
  • Turkey sends one piece of spam for every 4 citizens
  • Canada sends one piece of spam for every 3.71 citizens, 2.5x the rate of the United States

These are interesting numbers because they don’t correlate well with Microsoft’s 2008 Security and Intelligence Report, which I have blogged about earlier.  In that report, Canada’s malware infection rate is slightly lower than the United States and Russia and substantially lower than what we see in Turkey.

Assuming that both sets of data are correct then what can we infer from these two sets of data?  Namely, that high rates of infection do not necessarily correlate to high rates of spamming.  Also, it is possible that rather than sending out spam, these infected machines in other countries do things other than spam – perhaps botnet armies create webmail accounts, perhaps they create new domains on which to host spam landing pages, perhaps they randomize domains in fast flux networks, or maybe they do other types of DDOS attacks.  In any case, we can blame Canada for being a major spam source, but if spammers were uniformly distributing their spam, Canada would actually be a minor player.