The United States is still the greatest source of spam, but tougher laws and other measures are helping stem the tide, Sophos says.
In contrast, the spam volume from South Korea and China is substantially up, compared with the same period last year, the security software maker said in a report released Wednesday. The report covered Sophos's analysis of messages received in its scanning network between April and September this year.
The United States was the country of origin for around 26 percent of global spam, down from 41.5 percent a year ago. The share of spurious e-mails from South Korea and China, which held the second and third position, has gone up to nearly 20 percent and 16 percent respectively, from 12 percent and 9 percent, Sophos said.
The company attributed the decline in U.S.-sourced spam in part to the nation's crackdown against fraudulent e-mail. In particular, Sophos pointed to jail sentences for spammers, tighter legislation and better system security.
"Efforts such as ISPs sharing knowledge on how to crack down on spammers, and authorities enforcing Can-Spam legislation, have helped North America thwart the efforts of spammers on their doorsteps. Some of the most prolific spammers have been forced to either quit the business or relocate overseas as a result," Graham Cluley, a senior technology consultant at Sophos, said in a statement.
The threat of punitive legal action has also worked in Canada, Sophos surmised, noting that the country's its share of spam generation has dwindled to 2.5 percent, from more than 7 percent last year.
Also helping the cause was the introduction of Windows XP SP2 a year ago, which has improved security. But, "the worry now is that devious spammers will turn to other Net-based money-making schemes, such as spyware and identity theft malware to make their dirty money," Cluley said.
Another revealing aspect of the study was that more than 60 percent of spam messages are generated by zombie computers, which are PCs that have been hijacked--sometimes without their owners knowing--through the use of viruses or other malicious code. This technique allows culprits to be in a different country from the innocent computers they exploit, Sophos said.