May 21, 2011

Scientists Find ‘Choke Point’ Of Spam Email

Computer scientists have found a "choke point" that could greatly reduce the flow of spam email.

Scientists at two University of California campuses set out for three months to receive all the spam they could, then systematically make purchases from the Web sites advertised in the messages.

They found that just three financial companies handled 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought.

The scientists looked at nearly a billion messages and spent several thousand dollars on about 120 purchases.  There was not a single purchase made of over $277.

Stefan Savage of the University of California, San Diego told The New York Times that if a handful of companies like these refused to authorize online credit card payments to the merchants, "you'd cut off the money that supports the entire spam enterprise."

Steve Kirsch, chef executive of Abaca Technology, said the findings help potential for "a very powerful deterrent" to spammers.

"If the credit card companies wanted to shut down the spammers, we can easily aid them in rapidly and unambiguously identifying the merchant accounts used by spammers," he said in a press release.

An earlier study found that a single commercial spam email campaign generated three messages for every person on the planet.  The same study found that to sell $100 worth of Viagra, a spam provider needed to send 12.5 million messages.

"In the end, spam is an advertising business," Savage told the Times. "However, it only makes sense if you can find a way to take people's money.

"This means credit cards. Credit cards are the only payment platform that is ubiquitously available to Western consumers and can be used for Internet commerce."

The researchers wrote in a statement, "It is the banking component of the spam value chain that is both the least studied and, we believe, the most critical."

The team said that because spam relies on just a few banks, the business is highly vulnerable to disruption by regulators and law enforcement agencies.

The Times said that by blocking the transactions at the point at which the consumer uses a credit card, it is possible to shift the burden of cost to the spammer.

"The defenders can, in principle, identify which banks the scammers are using far faster than they can get new banks," Savage told The New York Times, "and for basically zero cost."


On the Net: