Science of Spam

spam ethicsWho hasn’t received a spam email with some kind of clause laying claim to compliance with the CAN-SPAM Act of 2003? They usually say something about the message being anything but spam. But, it quickly becomes obvious, if you actually waste the time to read the content, that it is a generic marketing message for some kind of herbal remedy for enhancing one or other, or two, parts of your body, making you money, or offering an ugly gold-plated watch at a knock-down price.

Of course, the can-the-spam legislation was meant to squash spam forever, although by not making spam officially illegal across the globe, it did nothing of the sort. It was baloney, in a can. In fact, Petur Jonsson, the Professor of Economics and Chair of the Department of Finance, Economics, Entrepreneurship, and Marketing at Fayetteville State University, in North Carolina argues that while CAN-SPAM may have stemmed the tide of traditional marketing spam, it did nothing to protect net users from the subsequent tsunami of malicious spam. The surge of phishing spam, scam spam, and messages bearing malware has washed over many of us time and again left many users beached and hung out to dry, digitally speaking, in its wake.

In 2002, when the Act was first proposed there were some 30 billion e-mail messages being sent across the globe every day, almost half of which were “unsolicited and unwanted” spam. The legacy accounts of many email users, my first ISP email account and work account included, had no filtering or spam protection and were drowned in hundreds of spam messages every day. Some pundits argued at the time that spam would become such a huge problem that it would herald the demise of email. This was at a time when people still worried that if someone’s email signature, their .sig file, was too big it was wasting bandwidth. Oh, the irony…

“The Act banned a variety of deceptive practices,” Jonsson says, but unfortunately, “it also pre-empted the passage of stricter state laws that would have outlawed spam altogether.” Some of the states, led by California, were at the time preparing anti-spam laws that would essentially have outlawed all unsolicited bulk email. But, the CAN-SPAM Act nipped these state efforts in the bud.

Some commentators have described spam as “information pollution”; it is simply the waste product of an industry marketing its product. And, while this is a reasonable analogy when discussing benign spam, it no longer applies to much of the bulk email flooding the net today.

In the last few years, spammers have exploited technological loopholes for malicious ends. Thousands if not millions of computers have been recruited without their owners knowledge into zombie networks or botnets that propagate malicious spam. Open proxies are harvested and their systems used to reroute email rendering it essentially untraceable, while open relays allowing email header spoofing to confuse spam filtering systems on a massive scale as well as allowing slice after slice of spam to be sent at zero cost to the spammer.

The bottom line is that spam pays even if just one in ten thousand recipients is scammed, the spammers are then in profit when sending out millions of spam messages each day. Jonsson points out that the risk of being caught while phishing is smaller than the risk of getting caught peddling illegally imported bogus Viagra. This means phishing makes more sense. Spam is not just about annoyance it is about cybercrime on an enormous scale. The sooner the authorities recognize and respond to that fact the better for all of us.

Research Blogging IconPetur O. Jonsson (2009). The economics of spam and the context and aftermath of the CAN-SPAM Act of 2003 International Journal of Liability and Scientific Enquiry, 2 (1), 40-52