Can most mail from *.ru be considered spam?

  • Is it safe to assume that most, if not all, emails from a *.ru domain may be considered spam? From a log of 30000 emails from *.ru, its all been spam (over two months).

    I would personally blacklist only the spamming domains with the .ru first level.

    It depends. I've had for a long time 100% working spam filter that everything in English was spam.

    @lechlukasz - that filter would cause me problems - I could effectively use the reverse of that as my first pass, as I don't get any useful email that is not in English :-)

    Have you considered using DNSBL and URIBL?

    Part of the reason these things happen in such countries is because of laxer laws.

    Worth pointing out that a .ru domain does not mean a Russian IP, nor vice-versa.

    Can you exclude any possibility that some "normal" non-spam mail would come from Russia? If yes, you may ignore and filter away the totality of the mail traffic from there. Otherwise you would need a more fine approach.

  • Chris Dale

    Chris Dale Correct answer

    9 years ago

    No, you cannot safely assume this. Maybe according to your mail servers you can assume this, but overall only 4.9% of total spam comes from Russia according to Trustwave.

    According to Securelist the number is as low as 1.7% for January 2012.

    See this picture for how far down Russia is placed on the spam list: Kapersky Lab

Inda: 11.6%
Indonesia: 8.1%
South Korea: 7.7%
Brazil: 7.6%
Peru: 3.9%
Vietnam: 3.5%
Italy: 3.2%
Great Britain: 3.2%
Poland: 3.0%
Argentina: 2.7%
Colombia: 2.4%
Taiwan: 2.4%
Kazakhstan: 2.0%
France: 2.0%
Spain: 1.9%
USA: 1.8%
Russia: 1.7%
Saudi Arabia: 1.5%
Romania: 1.3%
the Philippines: 1.3%
Other: 27.3%

    Edit: additional info.

    If you sometime have to do business with a Russian you would have a bug that may be hard to identify later on, perhaps in a couple of years when you forgot about this configuration. Russia is the 9th largest country population wise in the entire world so it may be quite a big deal to block it.

    I would look at the spam designated to you and see if you can identify any common denominators in the headers or content of the spam. There may very well be other ways to distinguish between the spam and no spam than blocking everything.

    Then, if the mail server logs and reports show that all (19999 out of 20000) messages from *.ru are spam, would you personally say that in the specific case of that report and those mailservers, it may be prudent to block *.ru? Global trends, of course would seem to suggest otherwise, but in this specific case, I'm inclined to suggest blacklisting *.ru.

    @LordofTime added the edit :)

    To be sure...although only 4.9% of spam comes from Russia, it may well be that 99% of Russian mail is spam. Your chart doesn't show that aspect of it.

    And that's the percentage I'm trying to find. It is pretty apparent that most of the mail coming from *.ru is spam (i run 6 sites, and russian spam keeps going to [email protected][domain]).

    Filter by language is also working in some cases, some time ago 100% mails in English I've got were spam.

    @LordofTime - What is your point? If you don't live in Russia, Read the Russian Language, Deal with Russian Users, block the russian domains since non-russian users won't be using a russian domain or email provider.

    -1 for propagating mathematical illiteracy. The percentage we're interested in is the percentage of Russian mail that is spam *(though even that might be irrelevant)*. However, the percentage of spam that is Russian mail has absolutely nothing to do with anything.

    @BlueRaja-DannyPflughoeft, The 4.9% is spam by russia as a percentage of all spam. The second chart is the top 20 sources of spam in January 2012 where Russia is only 1.7%. My answer answers mail origining from Russia, not if the mail is written in Russian.

    @Karrax: You still don't seem to get it: this has nothing to do with language vs origin. OP is asking if most mail from Russia can be ignored as spam. Your answer tells us whether most spam is from Russia. That is the answer to a *completely* different question, and does not help at all in answering OP's question. It could very well be the case that most spam comes from Russian mail, but most Russian mail is not spam; or, it could very well be that comparatively little spam comes from Russia, but most mail from Russia is spam anyways. **This answer has nothing to do with the question!!**

    +1 to @BlueRaja-DannyPflughoeft and mathematical illiteracy. The answer to "is drowning fatal?" has nothing to do with "only 0.01% of deaths are due to drowning"

    @BlueRaja-DannyPflughoeft, Aha I see what is meant here. I am trying to research the proper answer. I'll leave the current one up there as it seems to provide some value.

    i would downvote this answer if i had enough rep on security.se

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used