Thursday, May 26, 2011

Death to Spam!

It is generally believed that the reason unsolicited email advertising messages are called spam can be linked to the famous Monty Python skit about spam, now nearly 40 years old, in which the group of Vikings in the back of the café (don’t ask me why there are Vikings in the back of the café; it works, all right?) keeps interrupting to sing the word “Spam” over and over again, until that’s all you can hear. Whether or not the name is appropriate depends on whom you ask; Spam (or SPAM®, to give it the official trademarked spelling) is considered a delicacy along much of the Pacific Rim, and is beloved by people native to the area around Austin, Minnesota (where most of the North American, South American and Australian supply is manufactured). Others will tell you that the acronym should stand for “stuff posing as meat” (although I also like “special product of Austin, Minnesota”), or that the substance is only marginally edible. Email advertising messages, on the other hand, is almost universally reviled. Which makes the revelation that there is a simple and straightforward way to destroy it all the more interesting…

A story published last week in the New York Times recounts the findings of two key studies about spam. Everyone knows that spam is hard to defeat, and that generations of spam filters have only resulted in more sophisticated spam, which requires better filters, in a never-ending cycle of measure and counter-measure. What you may not realize is the volume of messages involved: according to the University of California study cited in the article, it takes on average 12.5 million spam emails to sell $100 worth of Viagra – just to take the most common example. Or, if you like, the exchange rate is somewhere on the order of 125,000 spam messages for each dollar received. Even more remarkable, however, was the fact that 95 percent of the purchases investigated by the study were handled by just three companies (one in Azerbaijan, one in Denmark, and one in Nevis, in the West Indies) – and all of them were made using Visa cards…

Now, it’s hardly surprising that most of these Internet purchases are being made by credit card; most e-commerce is done that way, since there aren’t a lot of other options. But the degree to which these offers are being funneled through only a few companies – and only a few banks and credit card processors – is quite another matter. Normally it isn’t possible for local authorities to put pressure on people who distribute spam, since it comes from outside their jurisdiction (and quite literally from all over the world on any given day), but getting local banks to block credit-card payments to any institution known to be used by spammers wouldn’t take much, and getting them to block payments to specific companies that are used by known spammers wouldn’t be much harder. This wouldn’t keep anyone from transmitting spam messages, of course, but it could eliminate any profit to be made by doing so, which would rather defeat the purpose of doing so…

On the whole, I think the Times reporters are being overly optimistic in saying that this will be the death of spammers. Even assuming that you can get local financial institutions to play along, and assuming that they really can cut off payments to specific foreign banks faster than spammers can find new ones, that won’t keep people from making payments using Pay-Pal, pre-paid credit cards, electronic fund transfers (effectively on-line money orders) or other methods. I would also expect to see spammers using legitimate companies (or at least ones that don’t send spam) as a front to clear their orders. But if this method works, it might be able to lower the volume of spam being sent overall, not just the number of Viagra-related messages. It might even be possible to lower the total percentage of emails sent world-wide that consist entirely of spam down below the 90% level once again…

No comments: