Welcome to the SecAware blog

I spy with my beady eye ...

6 Jun 2011

Creative ways to tackle spam

A research project at UCal has determined that just three credit card processors are responsible for processing most credit card purchases responding to a sizable sample of spam advertisements, suggesting the possibility of persuading them to block purchases associated with spam campaigns.
While I like their creative approach to this intractable problem, I can see some issues with the proposal.  First someone would need to identify the transactions corresponding to spams, differentiating them from transactions for the same or similar goods that are not the result of spamming.  Secondly, they would need to persuade the processors to block the transactions, presumably cutting their fee income in the process.  Thirdly, the spammers seem likely to respond to such an attack, for example by diversifying their card processing, so it would turn into a cat-n-mouse chase.

That aside, the article includes some interesting spam stats:
"Spam has proved notoriously difficult to defeat over the years, despite sophisticated filtering technologies and legal investigations and convictions. Seven years after the famous prediction by Bill Gates, then chairman of Microsoft, that spam would be eradicated in just two years, about 90 percent of all e-mail is spam.  An earlier study undertaken by the scientists showed that a single commercial spam e-mail campaign generated three messages for every person on the planet. That same study revealed that to sell $100 worth of Viagra, a spam provider needed to send 12.5 million messages."
... so that's 125,000 spam messages per dollar of consequential Viagra sales.  Assuming the spammers make 50% profit (which I suspect is an overestimate), they would need to send a quarter of a million spams to earn every dollar of profit.  If it cost them just 4 micro-dollars to send a spam (for example if email was 'taxed' or charged like the post, and the spammers were somehow forced to pay up - a significant assumption), they would not earn a thing.

Gary (Gary@isect.com)

No comments:

Post a Comment