Home / Blogs

A True Final Ultimate Solution to the Spam Problem?

A common acronym in spam-fighting is FUSSP — Final Ultimate Solution to the Spam Problem. It's used (usually derisively) to describe the latest proposed scheme to end spam once and for all. Usually these schemes are based on false assumptions or have already been tried with no results.

This time — be still, my beating heart — it looks like some researchers at the University of California might really be on to something.

According to the New York Times, researchers have discovered that 95% of drug and herbal remedy credit card transactions are handled through just three financial companies in Azerbaijan, Denmark and the West Indies. Presumably, if these companies could be persuaded to stop supporting spammers, then the money supply which drives spam would dry up, and the spammers would be forced to close shop.

The UC paper is available here (pdf).

I've said before that spam exists because ISPs tolerate it. This seems to hold true for financial institutions as well. If the financial institutions stopped abetting spammers, the theory goes, then spam would be significantly curtailed.

Of course, I don't have any illusions that this is the final solution to the spam problem. There will always be spam as the spammers find ways around the shut-down of their credit card processing suppliers. But as the shut-downs of major botnet command-and-contol centers in the past have shown, you can fight spam, if you're just willing to do it.

By Edward Falk, Computer professional

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Good countermeasure; not solution By The Famous Brett Watson  –  May 20, 2011 9:21 pm PDT

Presumably, if these companies could be persuaded to stop supporting spammers…

...other companies or payment techniques would soon rise to fill the vacuum. Yes, you would see a temporary drop in spam, much as you do when C&C;clusters are taken down, and that's a good thing, but this isn't a solution to the spam problem, much less a final one. Then again, I suppose you already conclude as much, despite your article's title and opening remarks.

The spam problem in general will be solved when the costs of the activity exceed its benefits. I don't think we're likely to achieve that, but it behoves us to use as many countermeasures as can be applied without causing collateral damage. In that context, I welcome this research, and hope that we can successfully bring negative consequences to bear on those who aid and abet the financial dealings of spammers, and thereby raise the costs of doing business as a spammer.

It remains to be seen whether the finance industry is prepared to "break connections" with spam-complicit services in the way we've seen with ISPs and their service agreements. I understand Internet connectivity well enough in this context, but I'm only vaguely familiar with the inner workings of credit card payment processing. Which links in that chain are worth our attention? A few companies have been named and shamed so far, but it remains to be seen whether they can or will shrug it off. There was a lot of shrugging off of the spam problem by ISPs in the early days: it took the consequences of DNSBLs and other tools to pierce that wall of indifference.

I made much the same points but it turned out longer than I expected .. so its a new blog post By Suresh Ramasubramanian  –  May 22, 2011 7:26 pm PDT


Nice research, wrong conclusion By Alessandro Vesely  –  May 25, 2011 2:00 am PDT

I appreciated Savage's paper for its detailed description of the spam ecosystem.  However, its conclusion that the payment tier is the optimal target for intervention, just because it "is by far the most concentrated and valuable asset", doesn't seem to be particularly well founded.  I think that customers who decide to buy something and find out that their credit card doesn't work, would rather consider looking for an alternative credit card company.

Why do people buy spamvertized items?

Actually - they might call their credit card company and complain By Suresh Ramasubramanian  –  May 25, 2011 2:08 am PDT

But the credit card company may or may not have as much incentive to shut down CNP transactions for accounts where there's far less risk of fraud.  People do get something on the lines of what they paid for.

If the transaction is for illegal or controlled drugs such as narcotics, the case does get altered.

Please see the points I made (and the discussion between me and Prof Savage) at http://www.circleid.com/posts/university_of_california_next_hard_target_in_never_ending_war/

Add Your Comments

 To post your comments, please login or create an account.



Domain Names

Sponsored byVerisign


Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias

Brand Protection

Sponsored byAppdetex

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byIPv4.Global


Sponsored byVerisign


Sponsored byWhoisXML API