Spam control should involve banks
Researchers in San Diego, Berkeley and Budapest have analysed the business model of spammers to find potential starting points for combating spam. They examined approximately 1 billion emails that were collected from various sources over three months in late 2010. The emails contained 93 million different URLs which originated from 17 million domains.
By further limiting their scope, including advertisements for pharmaceuticals, replica luxury goods and counterfeit software, the researchers restricted their survey to about 300 million emails coming from 70,000 domains, around 1,000 web clusters and only 45 affiliate programs. Among these affiliate programs was Rx promotions which offers affiliates a commission of up to 60 per cent of the sales they generate. Affiliates can choose from various web store templates that will ultimately lead to the same affiliate program.
The researchers also investigated whether there was any clustering in terms of the domain registrars or hosting companies used. They found that only a few companies handled a large number of the affiliate programs. For example, around 40 per cent of the domains in question were registered with Russian company NauNet, and Romanian ISP Evolva Telecom operated about 10 per cent of the DNS and web servers for the domains that were being advertised in spam. However, the researchers believe that bringing action against these companies would only yield limited success; they said that there are too many hosting companies and that domain names are so cheap that spammers could soon find new providers.
They concluded that exercising influence on the banks would have a higher chance of success. When making test purchases, the researchers found that only 14 banks handled all the credit card payments involved. Two of them, Azerigazbank in Azerbaijan and St. Kitts & Nevis Anguilla National Bank in St. Kitts, worked for 14 affiliate programmes. Together with a third financial establishment, Latvian DnB, these banks reportedly handled 95 per cent of the payment traffic of all the investigated banks. The study also found that two German institutions, (B+S Card Service and Wirecard), were each active for one small affiliate program. Repeat purchases four months after the first ones showed that, although some affiliate programs had changed banks, the financial institutions used remained the same overall.
Therefore, the researchers suggested the creation of a blacklist for banks who process credit card transactions for spammers. They said that card issuers should refuse to make any payments to the blacklisted institutions. As such a blacklist could be updated relatively quickly, the researchers concluded that this approach could dramatically de-monetise the affiliate programs behind the spammers.