Fighting Spam Through Regulation and Economics

Bryan29 writes ""Next door to our offices was a spam operation... One day they weren't there anymore". Apparently in the past several months some black hat SEO companies (comment spammers) closed shop. Mr. Evron explores using a couple of case studies how spam was directly impacted by the UIGEA online Casinos law, disallowing payment processing, and how the subprime mortgage collapse made many former clients of spammers "move on". The article draws its conclusions from an economic standpoint "Perhaps the next step policy makers should take is to work to change this economy, possibly by legalizing and regulating ... More to the point, they can make the act of processing funds for this type of operation illegal.""

Interventionism isnt completely "useless"

[sethstorm]

Sometimes a good mix of regulation with the market does help instead of just cutting away at it.

Less regulation

[Anonymous Coward]

I seems every time we make new regulations to make something illegal, we make something legal. For example, by passing laws against pornography to "protect the children (TM)", we told pornographers exactly what they had to do to avoid breaking the law. Now, with no legal uncertainties, pornographers flourish. Better, they now had a definite set of laws to challenge which, if overturned, made their operations more open and profitable - which, by the way, is exactly what they did. The CAN-SPAM act had the same effect. Do we really want to do this again with instructions on how to handle their ill-gotten gains?

I already said this...

[damn_registrars]

Previous [slashdot.org] slashdot [slashdot.org] discussions [slashdot.org] have discussed some of the ways that most people try to fight spam. I already said [slashdot.org] that we need an economic solution to what is an economic problem [slashdot.org].

Unfortunately, the suggestion from this article misses the boat. Trying to price the spammers out of operation doesn't get the job done, because there's hardly a shortage of money to keep them running. We need to price the middle men out of operation.

In particular, when the spammers register new domains (which they do by the hundreds or more at a time), they give kickbacks to their favorite registrars, who in turn will turn the other way regarding the illegal operations.

If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.

But as someone else already pointed out, you cannot just simply tax spam out of existence. You need real, working, economic solutions. And if ICANN was worth their own weight in bat guano, they could make it happen.

Re:Interventionism isnt completely "useless"

[hedwards]

Exactly, the only way that spam is reasonably going to stop is if there is no longer enough money in it to justify the risk and effort.

The proper solution to it is almost certainly going to include a mix of the following elements. I just wish I could suggest a reasonable mix and a way of putting it all together.

Filtering so that fewer eyes see the spam, larger fines/longer sentences when caught, SPF/domain keys and similar to make identification of spam somewhat easier, shun servers that are known to be openrelays until they stop that, antivirus/antimalware, getting people to stop clicking on things indiscriminately and fine companies that are advertised by spam.

I think a lot of that also applies to phishing as well.

Re:This one is better, but no cigar

[spikedvodka]

(*) No one will be able to find the guy or collect the money
(*) Requires too much cooperation from spammers

Specifically, your plan fails to account for

(*) Lack of centrally controlling authority for email

The whole point of this plan is that those are wrong. If you can make it illegal for process transactions for things like online casinos, you can make it illegal for things like online pharmacies.

You're not controlling the e-mail, but you're controlling the money. if they can't accept "Visa/MC/AMEX/Discover/Diners/etc." they won't make as much money. paypal is the same way.

Yes, the "mark" could still send a check, but at that point you know exactly where the check went, and you get the copy (electronic) back.

I think this plan has half a chance of working... however, then I think we'll start seeing more phishing... and I really would hate to see more laws

*sigh~*

[Elledan]

Would it be too obvious to point out that what enables abuse of services including spam and such in the first place are botnets?

Kill the botnets and you kill spam. A technological solution to a mostly technological problem. Oh, and you'd stop DDoS attacks at the same time, along with other nasty stuff. Sometimes it pays to go for the root of the issue.

Government shouldn't be in technology

[webmaster404]

Every time government in some form is involved in non-government related technology things go wrong. Think of the DMCA and other laws, if we try to pass laws to "fight spam" all that will do is further restrict our freedoms by perhaps forcing e-mail carriers to do logs of IP address and your real name and such. Yes, spam is a problem, however, when we get out of the "Oooohh A link click it" phase of the internet and finally after 10 years or so after teaching people that, they finally don't go randomly clicking links and double clicking on binaries to run them, spam will cease to be profitable. People don't pay money for advertising only to get .0000001 percent of people to actually buy it. Government (expectantly in the age of the *IAA controlling congress) doesn't need to mess in technology or else it will be horribly messed up, education is the answer (or Thunderbird and SpamAssasin)

Re:This one is better, but no cigar

[ravenspear]

I think we need another entry on the philosophical objections list.

Something like, draconian regulation of ecommerce is a bad solution.

Re:I already said this...

[www.sorehands.com]

If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.

AMEN to the first part!

ICANN needs to get rid of the AGP (grace periods) for domain name registration which allows domain tasting. This allows people to register a domain name for up to 5 days and then get a refund on the fees.

I have had this discussion with ICANN staff. The liaison claims that since there is no partial penalties for registrars that violate their agreements that the only punishment available is to terminate the registration status. Bull! They can always terminate the ability to register new domain names to get the registrar to behave. Then the domain name registrars that don't bother terminating domain names with false whois information.

Re:This one is better, but no cigar

[longacre]

But where do legislators and credit card companies draw the line between a shady online pharmacy and a legitimate one like Express Scripts? Even with new regulations to prevent use by criminals and terrorists, it is still pretty easy to get a merchant account. When a merchant signs up for a card processing service they simply ask you what you're using it for...and they believe you. There's not much to prevent you from using the same account on a legitimate site and one that advertises PLEASE YOUR GIRLFRIEND TONIGHT. This is good for legitimate businesses because it requires very little time or hassle to get started selling. The more laws we have banning transactions from entire sectors of businesses, the more questions and verifications merchant processors will demand from new merchants, thereby discouraging entrepreneurship without necessarily hurting the bad guys.

Re:This one is better, but no cigar

[cayenne8]

"The whole point of this plan is that those are wrong. If you can make it illegal for process transactions for things like online casinos, you can make it illegal for things like online pharmacies."

I dunno. Given that the WTO finding against the US with regard to online gambling...the US 'may' have to change its laws or get massively fined, etc. I'd think if the US had to take action on that finding, the law regarding online gambling transactions/payments would have to be repealed? I actually hope so....but, that's just me. I think the govt should get out of telling people what they can do with their money and themselves...but, that's another thread.

Re:Regulation will never work...

[Z00L00K]

It can work - if you track the money involved.

Most spam messages does contain advertisement for something and there is usually a site involved in the end. By tracking down the purchase channel where the money flows it's possible to do a further analysis and possibly prosecute for tax evasion, unlicensed selling of prescribed pharmacy or something else. There is always something that can be prosecuted or at least investigated in a way that requires a temporary close of business.

There are of course some spam messages that aren't directly traceable like the stock spams, but there are possible measures for those too, even if it's more complicated. But if the spammers lose enough of their channels it becomes unprofitable. If it also starts to get dangerous to be a spammer - like a few years imprisonment - it can also help. Since businesses utilizing spammers can be tracked the spammers can be tracked in turn from the investigation of these businesses.

Re:Cleanup Wall Street

[LrdDimwit]

And what about predatory lending? Consider how they make bonsai trees. If the tree grows in a way the grower doesn't like, he trims it. Eventually the tree looks exactly how the grower wanted it to look. The tree grew under its own power the entire time, its own 'will' (if plants have such a thing). It was in full control of its own growth, and yet it danced to the grower's tune. Who's responsible for that? The tree, or the gardener?

If I am a dishonest lender, I offer these loans. I hawk them loudly, like a carnival barker, knowing that some people won't be able to keep up. There's enough stupid people out there that some of em will fall for it. (This is the spammer's strategy.) Sure, they'll eventually crash and burn, but that won't happen for several years. Meanwhile, I've taken the mortgage contract and sold it for cash - up front - to another broker (who either didn't ask to many questions or was stupid) **. After three years, shortly before the first people I chained to impossible-to-repay loans give up and default -- I get out of the business.

Sure, the people who signed deals they didn't understand, and lost everything, bear some responsibility. But they -- at least some of them -- were systematically taken advantage of by people who absolutely DID know better, and kept their mouths shut.

** - In older times it was common for banks to hold the mortgages themselves. Lately though, the bank just sets it up -- they don't want to sit on 50-year contracts anymore, they sell the mortgages to companies who specialize in that.

Re:*sigh~*

[Anonymous Coward]

Kill the botnets and you kill spam. A technological solution to a mostly technological problem. Oh, and you'd stop DDoS attacks at the same time

We had spam and DDoS attacks long before botnets. Killing botnets will stop the way muich of the spam is sent today but cannot stop spam

The root of this problem is people. People who buy the drugs from websites linked in spam, people who open the attachments that lead to their computers being used for spamming, and people who care more about making money by providing business to spammers. This is a people problem, not a technological one at all.

Re:Interventionism isnt completely "useless"

[ajs318]

Would a public education campaign be worth trying? TV ads explaining to people that spam is an on-going problem partly because some people keep rewarding the spammers with sales.

NO NO NO NO NO

You have fallen into the trap of believing that the spam game is about getting ordinary punters to buy counterfeit watches, handbags, penis enlargement pills and pirated, obsolete software.

The spam game really about persuading people that they can get rich quick, by spamming customers.

The product which is being sold is not Viagra. The product which is being sold is a complete package consisting of some dodgy spam-sending and blog-defacing software, the use of a botnet and an audience of millions of eager customers (only a few of whom, it is claimed, have to bite for you to recoup your investment).

Nobody ever has to order a single //atch or tablet of \/!agr4. And they don't. The money has already been made when the spamming kit was sold. It's the people who send the adverts who are the real marks; they spent money on a get-rich-quick scheme and lost out.