China Outlaws Private E-mail Servers

Use Netsparker


Ah China, always been famous for repressing their population, now there repression is moving onto the Internet and using digital means..

Just like the so called ‘Great Firewall of China’, I’ve been meaning to do an article about that for quite some time, I have something drafted.

Anyway the latest thing China has done has made it illegal to own a private e-mail server without a ‘licence’. I guess it could be said that it’s an effort to curb spam…but..

China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law.

More than 600,000 servers were sold in China last year, according to market researchers. It’s unclear how many of these are running mail server software, which includes programs like Microsoft Exchange Server, Sendmail, Qmail or Lotus Notes.

They are calling it part of the anti-spam effort..

The new email licensing clause is just a small part of a new anti-spam law formulated by China’s Ministry of Information Industry (MII). The chilling effect on corporate email servers, which are commonly used by companies with more than a handful of employees, appears to have gone unnoticed until now.

However, Singapore-based technology consultant, James Seng, who first drew attention to the new email licence requirement, believes the inclusion of the prohibition on mail servers is no accident.

“Looking at the Chinese text, it is clear they have worded it carefully”, he told vnnet,”They know exactly what they are doing and what they want. So this isn’t a case of clueless civil servants screwing up or just bad translation.”

To be fair though spam originating from China has become a massive problem in the last 6-12 months, I’ve even noticed the amount of Chinese language spam increasing exponentially.

Under the new regulations, Email Service Providers must register their mail servers’ internet protocol (IP) addresses with authorities 20 days before they start operating the server. The must also keep a record of all emails sent and received for 60 days. The rules even prohibit open relays: mail servers which accept and relay email from any source without verification

The regulations also ban many of the techniques commonly used by spammers, such as hijacking servers to use as ‘zombie’ spam relays. In addition, advertisers sending unsolicited commercial mail also need to prefix the subject line with ‘Advertisement’ or ‘AD’, and comply with recipients’ requests to cease sending them unwanted email.

Perhaps in a way it might be a good thing?

Source: VNUnet

Posted in: Spammers & Scammers

, , ,


Latest Posts:


Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.


5 Responses to China Outlaws Private E-mail Servers

  1. The shtint September 20, 2006 at 8:42 am #

    Where did you read this information? Is there a reference to a newspaper article or govn’t news release?

    cheers,
    The Shtint

  2. Darknet September 20, 2006 at 8:51 am #

    There is a link at the bottom “Source: VNUnet” if you click the orange VNUnet link it will take you to the source article. Cheers!

  3. Dan September 20, 2006 at 3:14 pm #

    Although China is interested in spam control, you have to really wonder. No one, especially countries, do things for “free”. China loses nothing if it is seen as a hub for spammers – fighting spam will be a costly thing, and “registering” e-mail servers and requiring the lock-down of servers will do nothing if they do not police it, and police it they will. This costs money — but why? What’s in it for them to take these steps?

    Yes, it looks like it’s very well crafted, this plan to lock down spam. However, the more important thing, the one that the Chinese goverment will pay good money for, is control. Knowing exactly where every e-mail server is in the country (and being able to punish rogue e-mail servers for no reason other than that they haven’t registered) gives them the next step of control they need. Once they know this, it’ll be a small step to require “monitoring software” to be placed on each server, to ensure that they remain “safe”.

    Doesn’t anyone else see where this is going? Think of China vs. Microsoft, Google and Yahoo. It doesn’t take much to see that this is one more step in the lock-down, not of e-mail servers and spam, but of free speech in China itself.

  4. Nigel Mellish September 20, 2006 at 6:28 pm #

    You really think this is about Spam? Are you kidding? This is about access to communication – an email version of wiretapping, plain and simple. The Chinese gov’t doesn’t want you to send or receive email unless it’s to or from a server that they can access.

  5. Darknet September 20, 2006 at 7:37 pm #

    Dan: I totally agree. China already took control of their own DNS a while ago…next it will be a seperate Chinese Internet? Well the regulation states all e-mails must be kept for 60 days, so that saves them having to install anything directly, as they monitor all links anyway so if they want anything they sniffed whilst it flew past they can grab it directly from the licenced e-mail it originated from or was sent to..

    Nigel: Who thinks it’s about spam? If I really thought it was about spam I wouldn’t have mentioned the great firewall of China and the repression of the Chinese populace in the first paragraph..