Fighting Spam Through Regulation and Economics

Bryan29 writes ""Next door to our offices was a spam operation... One day they weren't there anymore". Apparently in the past several months some black hat SEO companies (comment spammers) closed shop. Mr. Evron explores using a couple of case studies how spam was directly impacted by the UIGEA online Casinos law, disallowing payment processing, and how the subprime mortgage collapse made many former clients of spammers "move on". The article draws its conclusions from an economic standpoint "Perhaps the next step policy makers should take is to work to change this economy, possibly by legalizing and regulating ... More to the point, they can make the act of processing funds for this type of operation illegal.""

I already said this...

[damn_registrars]

Previous slashdot discussions have discussed some of the ways that most people try to fight spam. I already said that we need an economic solution to what is an economic problem.

Unfortunately, the suggestion from this article misses the boat. Trying to price the spammers out of operation doesn't get the job done, because there's hardly a shortage of money to keep them running. We need to price the middle men out of operation.

In particular, when the spammers register new domains (which they do by the hundreds or more at a time), they give kickbacks to their favorite registrars, who in turn will turn the other way regarding the illegal operations.

If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.

But as someone else already pointed out, you cannot just simply tax spam out of existence. You need real, working, economic solutions. And if ICANN was worth their own weight in bat guano, they could make it happen.

Re:I already said this...

[www.sorehands.com]

If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.

AMEN to the first part!

ICANN needs to get rid of the AGP (grace periods) for domain name registration which allows domain tasting. This allows people to register a domain name for up to 5 days and then get a refund on the fees.

I have had this discussion with ICANN staff. The liaison claims that since there is no partial penalties for registrars that violate their agreements that the only punishment available is to terminate the registration status. Bull! They can always terminate the ability to register new domain names to get the registrar to behave. Then the domain name registrars that don't bother terminating domain names with false whois information.

Re:This one is better, but no cigar

[spikedvodka]

(*) No one will be able to find the guy or collect the money
(*) Requires too much cooperation from spammers

Specifically, your plan fails to account for

(*) Lack of centrally controlling authority for email The whole point of this plan is that those are wrong. If you can make it illegal for process transactions for things like online casinos, you can make it illegal for things like online pharmacies.

You're not controlling the e-mail, but you're controlling the money. if they can't accept "Visa/MC/AMEX/Discover/Diners/etc." they won't make as much money. paypal is the same way.

Yes, the "mark" could still send a check, but at that point you know exactly where the check went, and you get the copy (electronic) back.

I think this plan has half a chance of working... however, then I think we'll start seeing more phishing... and I really would hate to see more laws

Re:This one is better, but no cigar

[longacre]

But where do legislators and credit card companies draw the line between a shady online pharmacy and a legitimate one like Express Scripts? Even with new regulations to prevent use by criminals and terrorists, it is still pretty easy to get a merchant account. When a merchant signs up for a card processing service they simply ask you what you're using it for...and they believe you. There's not much to prevent you from using the same account on a legitimate site and one that advertises PLEASE YOUR GIRLFRIEND TONIGHT. This is good for legitimate businesses because it requires very little time or hassle to get started selling. The more laws we have banning transactions from entire sectors of businesses, the more questions and verifications merchant processors will demand from new merchants, thereby discouraging entrepreneurship without necessarily hurting the bad guys.

Re:*sigh~*

Kill the botnets and you kill spam. A technological solution to a mostly technological problem. Oh, and you'd stop DDoS attacks at the same time We had spam and DDoS attacks long before botnets. Killing botnets will stop the way muich of the spam is sent today but cannot stop spam

The root of this problem is people. People who buy the drugs from websites linked in spam, people who open the attachments that lead to their computers being used for spamming, and people who care more about making money by providing business to spammers. This is a people problem, not a technological one at all.