An average of 79.8 percent of email traffic in the three months to the end of September was junk. Of that, 14.8 percent originated in India, 10.6 percent came from Indonesia, and 9.7 percent from Brazil.
Darya Gudkova, a spam analyst at Kaspersky, said the statistics reflect a growing trend for spam to be sent from computers in Asian and Latin America countries.
India’s dubious top spot was attributed to lack of awareness about Internet security and anti-spam laws, which had effectively given spammers free reign, she added.
Vijay Mukhi, an Internet security specialist in India’s financial capital, Mumbai, said spammers, forced to look for new bases after other countries cracked down on the practice, can act with impunity in India.
“We have an Information Technology Act that was introduced in 2000. But we don’t have any convictions under it and it’s silent on spam,” he told AFP.
“If I’m a spammer, I would rather spam from India to India and the rest of world because nothing will happen to me.”
Spam — whose name is derived from the cheap, canned meat product that flooded the market in austere times after the end of World War II — refers to anonymous, unsolicited commercial or bulk emails.
These can include political messages, apparent appeals requesting donations from charities, financial scams, chain letters or emails used to spread harmful computer viruses.
Spammers run the gamut from legitimate marketing firms and advertisers who have adapted telephone cold-calling techniques to the computer age to “phishers”, who solicit personal data from naive recipients to defraud them.
India currently has 112 million internet users, the third-largest number in the world after China and the United States, according to the Internet and Mobile Association of India (IMAI).
The industry body estimates that five to seven million new users are being added every month and at the current pace the country will have more users than the US in under two years, deepening the pool of potential spam victims.
Experts say that basic Internet security — from the use of anti-virus software or “strong” passwords — is poor among individuals, companies and even the government.
Earlier this month, hackers broke into the official web site of India’s ruling Congress Party and defaced the profile page of party president Sonia Gandhi with a pornographic message.
In December 2010, a group identifying themselves as the “Pakistan Cyber Army” hacked the web site of India’s top police agency and claimed to have broken in to several other company sites.
Kaspersky’s Gudkova said in emailed comments that lack of awareness in India “means that for cyber-criminals, it is much easier to construct the botnets (networks of infected computers)”.
India’s booming mobile phone sector, which has recently seen the introduction of third-generation smart phones, also provides a potential open door for spam and malware (malicious software), industry figures say.
IT security firm McAfee, part of the Intel Corporation, said in its 2012 Threat Predictions report that the last 12 months saw the highest levels of mobile malware, with the mobile banking sector particularly at risk.
Mukhi said individuals and companies needed to take the issue seriously and India’s government has to get tough.
Legitimate companies advertise by email or text message and continue to operate, despite a directive from the telecoms regulator banning SMS spam.
Government officials and ministers were unlikely to act decisively against the email equivalent while the massive state sector, which is still heavily paper-based, lagged behind private companies in the use of computers, he added.
Until that happens “it will get better for spammers. More and more people will start realising that India doesn’t have an anti-spam law”, he said.