I've been doing some research internally to prepare for Microsoft's next Security and Intelligence report, but I thought I'd give my readers a sneak preview. These numbers are quite surprising so I thought I'd share them.
In my department, we block about 92% of our total email at the network edge without accepting the message. When we do that, we don't see any traffic from that IP anymore and don't keep stats on it due to the overwhelming volume of mail. However, we do keep stats on mail that we block with our content filter.
I went and calculated how much spam we receive from each country by mapping the source IP back to its source country. The results are below:
If you were to look at this chart, you'd probably say "Hey, that tells us what we already know. The United States is the spammiest country in the world, followed by China. That Brazil, Argentina and Russia are on there comes as no surprise."
But is this the best way to measure how spammy a country is? I decided that I had to normalize the results. Of course countries with bigger populations will be in the top 20, there's more people and therefore more potential for spam. To normalize the data, I went and determined how many Internet users there were in each country by pulling it from the web. I then created a Spam per Internet User rating, by dividing the total amount of spam by the total number of Internet users. This normalizes the data. Now a country with a very large population does not necessarily outrank one with a smaller population. The results are below with the caveat that a country requires at least 2.5 million Internet users to get onto the table:
Looking at this table, the numbers completely change. The United States drops from first place to fourth place. China doesn't even make the top 20! The Czech Republic, which was 13th on the previous list, bolts up to number 1. South Korea moves up one spot to 2nd, and climbs nine spots from 12th to 3rd. The Netherlands didn't even rank on the previous chart but clocks into 4th place when the data is normalized against the base of Internet users.
The normalized data set changes my perception of who is spamming and who is not. China may send a lot of spam but Eastern Europe sure seems a lot more spammy than the Chinese. Indeed, the top 5 countries are much more efficient at spamming the rest of the world than the less developed countries. I'm not sure what this means in terms of how to interpret the data. Does it means that these developed countries are lax in their security policies? Does it imply that they are complicit in spamming? Does it imply that spammers are better organized over there?
In any case, another interesting study would be a projected spam count; if China had the same Internet penetration as Iceland (which is 90% of its population), then using the Spam Per User ratio, how much of the world's spam would they be responsible for? Maybe I'll play around with the numbers and take a look.