NordVPN Promotion

Home / Blogs

A True Final Ultimate Solution to the Spam Problem?

A common acronym in spam-fighting is FUSSP—Final Ultimate Solution to the Spam Problem. It’s used (usually derisively) to describe the latest proposed scheme to end spam once and for all. Usually these schemes are based on false assumptions or have already been tried with no results.

This time—be still, my beating heart—it looks like some researchers at the University of California might really be on to something.

According to the New York Times, researchers have discovered that 95% of drug and herbal remedy credit card transactions are handled through just three financial companies in Azerbaijan, Denmark and the West Indies. Presumably, if these companies could be persuaded to stop supporting spammers, then the money supply which drives spam would dry up, and the spammers would be forced to close shop.

The UC paper is available here (pdf).

I’ve said before that spam exists because ISPs tolerate it. This seems to hold true for financial institutions as well. If the financial institutions stopped abetting spammers, the theory goes, then spam would be significantly curtailed.

Of course, I don’t have any illusions that this is the final solution to the spam problem. There will always be spam as the spammers find ways around the shut-down of their credit card processing suppliers. But as the shut-downs of major botnet command-and-contol centers in the past have shown, you can fight spam, if you’re just willing to do it.

BLACK FRIDAY DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Edward Falk, Computer professional

Filed Under

Comments

Good countermeasure; not solution The Famous Brett Watson  –  May 21, 2011 4:21 AM

Presumably, if these companies could be persuaded to stop supporting spammers…

...other companies or payment techniques would soon rise to fill the vacuum. Yes, you would see a temporary drop in spam, much as you do when C&C;clusters are taken down, and that’s a good thing, but this isn’t a solution to the spam problem, much less a final one. Then again, I suppose you already conclude as much, despite your article’s title and opening remarks.

The spam problem in general will be solved when the costs of the activity exceed its benefits. I don’t think we’re likely to achieve that, but it behoves us to use as many countermeasures as can be applied without causing collateral damage. In that context, I welcome this research, and hope that we can successfully bring negative consequences to bear on those who aid and abet the financial dealings of spammers, and thereby raise the costs of doing business as a spammer.

It remains to be seen whether the finance industry is prepared to “break connections” with spam-complicit services in the way we’ve seen with ISPs and their service agreements. I understand Internet connectivity well enough in this context, but I’m only vaguely familiar with the inner workings of credit card payment processing. Which links in that chain are worth our attention? A few companies have been named and shamed so far, but it remains to be seen whether they can or will shrug it off. There was a lot of shrugging off of the spam problem by ISPs in the early days: it took the consequences of DNSBLs and other tools to pierce that wall of indifference.

I made much the same points but it turned out longer than I expected .. so its a new blog post Suresh Ramasubramanian  –  May 23, 2011 2:26 AM

http://www.circleid.com/posts/university_of_california_next_hard_target_in_never_ending_war/

Nice research, wrong conclusion Alessandro Vesely  –  May 25, 2011 9:00 AM

I appreciated Savage‘s paper for its detailed description of the spam ecosystem.  However, its conclusion that the payment tier is the optimal target for intervention, just because it “is by far the most concentrated and valuable asset”, doesn’t seem to be particularly well founded.  I think that customers who decide to buy something and find out that their credit card doesn’t work, would rather consider looking for an alternative credit card company.

Why do people buy spamvertized items?

Actually - they might call their credit card company and complain Suresh Ramasubramanian  –  May 25, 2011 9:08 AM

But the credit card company may or may not have as much incentive to shut down CNP transactions for accounts where there's far less risk of fraud. People do get something on the lines of what they paid for. If the transaction is for illegal or controlled drugs such as narcotics, the case does get altered. Please see the points I made (and the discussion between me and Prof Savage) at http://www.circleid.com/posts/university_of_california_next_hard_target_in_never_ending_war/

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

NordVPN Promotion