Money makes the spam go round … and banks worldwide know it

Who are middle-men in the global spam network? freezelight

Spam is everywhere. Its persistence is attributable to gullible internet users, to well-known software giants and, ultimately, to money.

Unfortunately, spam is not going to be vanquished through use of “internet driver licenses” or “assured sender” fixes, as proposed in a recent article for The Conversation by Dr Mark Gregory.

Let’s unpack that claim.

Spam – unsolicited, bulk, commercial email – accounts for more than 70% of the world’s email traffic. It is a global, rather than purely national or individual problem.

It includes offers from legitimate but naïve and opportunistic manufacturers and wholesalers in India, China and other emerging economies. More annoyingly, it includes:

Spam exists because, from the sender’s perspective, it works: email addresses can be intuited, readily collected from websites or purchased from dealers who sell thousands of addresses for a few dollars.

The cost of sending messages to those addresses is staggeringly low: fractions of a cent per address when someone adds a list to an automated mailing program and hits “send”.

Costs are important for information economics: enough people respond to spam for it to be financially worthwhile.

When distribution costs are so low it doesn’t matter if the vast bulk of the messages go to defunct or neglected addresses (most Australians have more than four addresses) or are caught in filters operated by ISPs, organisations and individuals.

It helps that much distribution involves inadequately secured personal computers (thank you, Mr Gates).

Most spam doesn’t originate from Australia, partly because there has been effective enforcement of the Spam Act 2003 (a million dollar penalty tends to dissuade local ‘entrepreneurs’), and partly because ISPs are wary of being blacklisted by their peers.

It instead comes from offshore, with much of the revenue ending up in the former Soviet Bloc.

Of course, Australian, European Union and US laws don’t extend to Russia or Bulgaria and we can expect junk mail en masse from those jurisdictions until there’s regime change or until tougher regulation of spammers becomes attractive to the people in power.

This might happen through bilateral sanctions or through an international agreement that’s respected by the people in both Moscow and Vladivostok.

Government capacity still matters in a world where cyber-utopian Nicholas Negroponte prophesied that after exposure to the internet the state would dissolve like a mothball.

If people are irresponsible and industry support for technological fixes is underwhelming (reflecting the ease with which particular fixes can be subverted and the costs involved in their operation), we might think holistically.

Although there’s no silver bullet, we can reduce spam through a mix of fact-based legal and other measures.

Research indicates that much spam originates from a handful of entrepreneurs, in the same way that the plethora of commercial adult content sites are controlled by a small number of businesses.

More importantly, the spammers only deal with a handful of financial institutions. In a 2011 study Kirill Levchenko et. al. argue that “95% of spam-advertised pharmaceutical, replica and software products are monetised using merchant services” from institutions such as:

  • Latvijas Pasta Banka
  • The St. Kitts & Nevis Anguilla National Bank
  • The State Bank of Mauritius
  • Wirecard AG
  • Azerigazbank

It is axiomatic that although “information just wants to be free” (and cyber criminals are prepared to move to permissive jurisdictions, with or without palm trees and places to park a yacht) financial institutions – particularly those leveraging globally-recognised credit cards – are located on Earth.

They and their partners, such as Visa and MasterCard, are susceptible to persuasion by governments.

If we want to reduce spam we should therefore contemplate both the mechanisms outlined by Mark Gregory and mechanisms such as restricting money flows.

And how do we restrict money flows?

Well, spammers are unlikely to spend a lot of effort promoting dodgy pharmaceuticals if banks and payment card services won’t go near them.

We may not be able to stop spammers creating spam sites, stealing addresses, “borrowing” the family PC or misusing the email system. Nor can we take out the server farms in Vladivostok or Odessa.

But we can stop the middleman who transfers the money from Mr Gullible to Mr Mafia.

Spam is ultimately about the dollar: change the economics and it becomes much less attractive.