Spam, the business model

Recent highlights from the Ideas blog

EVERY NEW communications technology seems to bring with it its own form of spam: Today’s junk mail and telemarketing, for instance, merely replaced the scourge of the unsolicited telegram (the first was sent in 1864, by a London dentist’s office). Electronic spam, though, has proven unusually resilient, continuing despite the efforts of legions of IT professionals. The problem, essentially, is that spammers use the Internet’s global nature to spread their operations far and wide, beyond the reach of regulators.

Now a group of computer scientists has figured out how to get the upper hand. Fifteen scientists in California and Budapest analyzed thousands of spam e-mails, ordered a huge number of spam products, and discovered exactly how the spam gets made. In their new paper, “Click Trajectories: End-to-End Analysis of the Spam Value Chain,” presented recently at an IEEE symposium on security, they reveal the spammers’ weak point: banks.

Each individual spam e-mail in your inbox, it turns out, is only the tip of a huge global iceberg. Respond to an e-mail hawking counterfeit Viagra, and your computer might connect with domain registrars in Russia, name servers in China, Web servers in Brazil, a bank in Azerbaijan, and a pharmaceutical supplier in India. This global network of firms makes it impossible for regulators to pursue all the companies simultaneously, giving spammers room to maneuver. They even hack into random Web servers and use them to send the spam, making it difficult to figure out who, exactly, is doing the spamming. And it’s worth all the trouble: Spammers make a lot of money when faraway consumers buy the advertised goods. (In case you’re wondering: those counterfeit handbags often do get delivered.)

Most anti-spam efforts have focused on blocking the e-mails. But the researchers have found a more fundamental vulnerability in the spam enterprise: “Just three banks,” they explain, “provide the payment servicing for over 95% of the spam-advertised goods in our study.” The biggest payment processor is Azerigazbank, located in Azerbaijan.

It’s comically easy to find a new Web server, but, they point out, extraordinarily difficult to find a new bank willing to process sales for counterfeit goods. So, they argue, there’s a straightforward way to stop spam: Ask credit card companies to disallow transactions involving spam-type goods, like pharmaceuticals, whenever those transactions go through these particular banks. Cut off the money, and you cut off the spam.

Joshua Rothman is a graduate student and teaching fellow in the Harvard English department and an instructor in public policy at the Harvard Kennedy School of Government. He teaches novels and political writing.

© Copyright 2011 Globe Newspaper Company