TR Editors' blog

Why Don't Spammers Get Shut Down Faster?

Spam schemes survive significantly longer than other types of Internet fraud. Why?

Erica Naone 10/16/2009

  • 8 Comments

While researching today's story about crafty phishing techniques, I came across some statistics that reveal the lifespan of various types of nefarious Internet schemes. The chart below, put together by Milcord, a company that collects real-time data about botnets, shows that spammers survive for a couple of months, while phishers typically make it only about five to ten days. Malware schemes are in between.

The chart shows the respective lifespans of botnets engaged in phishing, spam, and malware distribution. The data is for botnets that use a trick called flux to extend their lifespans. Credit: Milcord

What's the reason for this time difference?

Alper Caglayan, Milcord's president, thinks it's due to the nature of the victim. "Phishing targets well-known brands, like Citibank, Bank of America, eBay, or Paypal," he says. "Obviously, these folks are willing to spend a lot of money defending their brands."

Though ordinary people are the ones who ultimately get burned, phishers can affect the reputations of companies with deep pockets. Caglayan says that some security companies offer service-level agreements that promise to get a phishing site hosted in the U.S. taken down in under an hour.

Spam, on the other hand, has no such highly-motivated opponents. While it's a nuisance to everyone, no particular company suffers publicly for it, and therefore, the money to halt it simply isn't there.

Most individuals may want someone to do something about spam, but they end up relying on anti-virus software or intervention from law-enforcement agencies.The motivation to go after and shut down the botnets just isn't the same.

Print

Close Comments

To comment, please sign in or register

Forgot my password

jragosta

2 Comments

  • 850 Days Ago
  • 10/16/2009

Spammers

If any politicians propose the life in prison without a computer for spammers, they'd get my vote.

I run a small bulletin board. The board is run by a well-known (locally) IT person who has implemented all the controls he can (including Captcha - which I hate). Yet I'm still having to delete several dozen spam messages PER DAY from this board. Compare that to the 4 or 5 legitimate messages per week and you can see the hassle that spam creates.

Reply

wcfloyd

13 Comments

  • 847 Days Ago
  • 10/19/2009

spammers

When I get spam, I check the return address. If it somebody major like yahoo, gmail, hotmail, etc. I open the headers and forward to "abuse@yahoo" or whoever.They take action if the spammer is hosted on their network. Once I decided to have some fun with a fraudster in Nigeria. He had a trunk full of money to share with me if I would help him get it out of Amsterdam.I emailed him and he replied to call him immediately with a pass word. His phone was open 24/7.I replied I was very busy, and for him to contact my trusted assistant, Sharif DiParman (Sounds like Sheriff's Dept!), and explain his proposition to her, as she screens all my projects. I gave him the phone number of my local sheriff's dept. I reported him to abuse@yahoo and they shut him down. I had fun!

Reply

dtutelman

117 Comments

  • 847 Days Ago
  • 10/19/2009

"We" are to blame

The unfortunate fact remains that people actually buy things from the spammer. Enough people buy enough stuff so spamming is worthwhile. If nobody responded to the spam with purchases, it would stop.

No I don't know how to stop it. But just think: did you ever -- ever! -- buy anything where the purchase was inspired by unsolicited email? If so, you are part of the problem. Mass email is so cheap that a very small response makes it pay. But it is not zero cost; if it produced zero revenue, nobody would do it.

One additional point: Unlike phishing, spam is not INHERENTLY criminal. Phishing is outright fraud; it is a real crime, being committed with the aid of a computer. Spam is just annoying; the automation raises the annoyance to the point of unbearable. So it makes moral sense to be more aggressive about controlling phishing.

BTW, I am not a spammer, and not normally an apologist for spam. I hate it, too. I also run several forums, and have to take measures to prevent spam. Just trying to keep things in perspective here.

Reply

pasward

32 Comments

  • 847 Days Ago
  • 10/19/2009

Re: "We" are to blame

SPAM, as sent, _is_ illegal in many jurisdictions, and in many (most?) instances clearly satisfies the legal definition of fraud in exactly the same way as phishing does.

Reply

dtutelman

117 Comments

  • 846 Days Ago
  • 10/20/2009

Re: "We" are to blame

"SPAM, as sent, _is_ illegal in many jurisdictions"

I'm trying to distinguish here between what would be a crime if no computers were involved, and bad behavior unsing computer that some legislature has decided to outlaw.

Junk mail is not a crime. Spam is junk email. So it is not INHERENTLY criminal, even if it has been deemed illegal in certain jurisdictions. (The fact notwithstanding that I would like to see it outlawed.)

"in many (most?) instances clearly satisfies the legal definition of fraud in exactly the same way as phishing does."

I was not aware of that. In fact, it remains to be shown, AFAIK.

Most of the spam I get is for some product or another which is cheap enough that it's hard to believe they would not deliver. I mean, they admit it's a FAKE Rolex; why would they fail to deliver an imitation Rolex, and risk fraud prosecution. And if they deliver, where is the fraud -- at least compared with buying the same thing from a storefront? (Counterfeiting, maybe; but you said 'fraud'. Also, counterfeiting has nothing inherently to do with spam.) Of course, I don't take them up on their offers, so I don't know from personal experience if they actually do send the goods.

If you have credible information to the contrary, I'll shut up.

Reply

pasward

32 Comments

  • 818 Days Ago
  • 11/17/2009

Re: "We" are to blame

The fraud is not in what is advertised, but in the form of the e-mail, which in the vast majority of SPAM is sent with false sender information, usually false DNS information, typically from botnets which are themselves a fraudulent use of other people's machines.  As a side note, the contents of most SPAM is also frequently set deliberately so as to get around SPAM filters, again, effectively fraud, since it is unrelated to the clearly intended purpose of the e-mail.

Reply

fiberman

186 Comments

  • 847 Days Ago
  • 10/19/2009

Spam makes money for everybody!

That's right - all the companies who supply equipment to run the Internet make most of their money from Spammers. If 90% of the Internet traffic is spam, viruses, etc., as TR has reported, 90% of all the revenue for the companies supplying equipment (you know who you are!) comes from Spam. If we really stopped it - a simple solution is charging a penny an email - we'd practically put those companies out of business.
If there is no economic incentive, it will continue unabated.

BTW, I've had the same email address for 18 years and periodically some Spammer uses it as the return address for spam, filling my inbox with undeliverables. When I caught a hacker in one of my websites, I ended up with 2000 mails from them using our return address!
I'm #$%^&*()_ but have no faith in seeing any real action on this issue.

Reply

b_calder

8 Comments

  • 847 Days Ago
  • 10/19/2009

Re: Spam makes money for everybody!

#1, that's 90% of email traffic, not all traffic.
#2, if Internet traffic is like other types of traffic, halting all email would mean a short hiccup in total traffic.

Reply

About

Insights, opinions, and our editors' analysis of the latest in emerging technologies.

Subscribe to the TR Editors' blog RSS Feed

Advertisement

Recent Posts From
TR Editors

Blog Topics

ces 2012 genetically modified organisms gesture GPS OLED patents SCOTUS Supreme Court

Advertisement

Facebook

Advertisement