The End of Spam?

by Christopher on July 31, 2011

The computer scientists from the University of California who made news in 2008 for determining that one in 12.5 million spam email messages yielded a sale are at it again. The team, comprised of staff from UC, Berkeley and UC, San Diego, believes they have found a viable way to end spam for good.

In recent times, we’ve witnessed increasing prosecution of spammers and cyber criminals, as well as more significant action against spam affiliate programs and computer networks. Most notably so far this year, the world’s most prolific botnet, Rustock, was taken offline in March by a cooperative effort between such unlikely partners as Microsoft, U.S. Marshals, Pfizer, Dutch law enforcement, and the University of Washington.

While it feels good to cheer on these anti-spam assaults, there’s no denying they are ultimately a losing battle. The holes left in spam networks invariably turn into vacuums quickly filled by other spammers. Such efforts ultimately amount to bailing water out of a sinking ship while ignoring the leak.

The reality is that spam will continue as long as it remains profitable. And though spam may seem laughable and pointless to you and me, it often turns a nice profit for successful spam entrepreneurs.

Almost three years ago, the team of UC computer scientists released their findings on spam success rates. The results were determined by hijacking the Storm botnet, one of the biggest and baddest botnets at the time. After infiltrating the botnet, they simply used it to do what it did best: send out massive quantities of spam. The team discovered that one in 12,500,000 spam emails got a response.

And while that does not sound too impressive, sending spam is an almost entirely automated process that costs practically nothing. More importantly, spammers are able to distribute spam in staggering quantities. In 2010, botnets sent out an average of 71.1 billion spam emails a day, according to the MessageLabs Intelligence 2010 Annual Security Report. Most of it originated from the 10 leading botnets. So, with one of every 12.5 million making a sale, that comes to 5,688 sales daily.

The UC researchers also found during their 2008 experiment that the average sale was for $100. To further extrapolate, that means botnets generate $568,880 a day in sales. That works out to almost $208 million a year.

Now, instead of peddling spam, the UC computer scientists welcomed as much of it as possible into their inboxes. For three months, they received it and opened it all. Then, to add to the insanity, they systematically made purchases from the websites advertised in the junk emails. You can read the full paper they published on their research’s purpose, methods, and findings at http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf.

The team ignored the already extensively studied aspect of spam distribution. Instead, they set out to identify a “bottleneck” in the process of monetizing spam. This refers to a behind-the-scenes step in the financial process where spammers have such limited options that their ability to make money could reasonably be disrupted.

They located such a step. They found that only three financial companies processed 95 percent of the credit card transactions with which they purchased spam-advertised pharmaceuticals and supplements. These three companies are based in Denmark, Azerbaijan, and the West Indes.

Of course, it’s not possible to prevent every financial institution around the globe from handing money over to spammers. The international community could certainly put pressure on these companies to stop facilitating the exchange of money between online shoppers and spammers. This would take time, however. And in that time, spammers would find alternatives.

It is more practical to stop credit card issuers from settling transactions with financial companies that deal with spammers. If Western banks refuse to settle payments with banks determined to support the spam infrastructure, spam would instantly become almost entirely demonetized. The UC team also asserts that a financial blacklist of spam-supporting financial institutions can be easily established and kept up-to-date.

It will certainly prove challenging to make such a plan reality. But if it can be set in motion, spam might be rendered unprofitable and as useless as it is annoying. It remains to be seen how Western banks and politicians will respond to the information and suggestions put forth by the UC computer scientists. Still, it’s reassuring to know there is a possible light at the end of the tunnel.

Posted in: Spam

Previous post:

Next post: