North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Spam and "following the money"
- From: Joe St Sauver
- Date: Tue Jun 17 21:30:45 2003
Whenever the topic of spam comes up, the suggest always arises that people
"follow the money" to track the spammers. Sometimes, it is true, that will
be useful, but it takes a rather naive approach to the spammer's business
In many cases, spammers don't actually need to *deliver a product or service*
to the person they are spamvertising to make money from sending spam.
Some spammers make their money via banner advertising revenues: if they can
get you to visit one of their pages (even an "unsubscribe" page), they can
get "hits" for some advertising program and make money from you.
Or consider pump-and-dump stock tout spam... no direct product or service
needs to be delivered to a spammee for the spammer to make money, assuming
he can use spam to run the stock price up and the SEC doesn't jump on traders
with unusual purchase and sale patterns.
In some cases, the spammer's scheme is outright fraud: one of the reasons
that penis enlargement spam (or spam for Viagra or other "embarassing"-to-
purchase products) is so common is that spammers are counting on people
being too embarassed to admit that they (a) fell for a scam, and (b) that
they were dumb enough to send cash to some PO Box in Romania, and (c) that
they needed the particular product that was being spamvertised in the
Likewise spam for pay-per-view cable descramblers/theft of service devices
and other illegal/semi-illegal products: if your pay-per-view theft of service
cable descrambler provider fails to deliver a functioning theft-of-service
device for your use, who are you going to complain to, the police?
It is also worth noting that in many cases people are providing their name,
credit credit number, and expiration date to some random server hosted
somewhere in China, hmm, whaddya think, any possibility of fraud taking
place? I could make fifty bucks selling some fake human growth hormone, or
thousands charging stuff on a steady stream of live credit card numbers. If
I had to point at the most common way to make money from spam these days,
I'd bet on credit card fishing...
But even routine credit card fraud pails in comparison to the costs
associated with trying to regain your financial identity after it has been
completely co-opted following provision of complete financial details to
some "mortgage referral specialist..."
And then there are the pr0n "dialer" dudes, who offer "free" access to
their pr0n site, you "just" need to use their special software (which calls
a 900 number somewhere in the Caribean for $15.00/minute, and/or sends more
spam for them).
Lastly, there are plenty of spam service providers who make money from
selling email addresses, selling spam software, selling spam hosting services,
you name it... in fact, some of the largest American carriers are *perfectly*
willing to provide connectivity for spamvertised web sites so long as the
spam doesn't actually get sent from that connectivity (and with hundreds of
thousands of open proxies out there, well, there's no need for a spammer to
be that gauche!)
If you want to stop spam, take the time to see where spamvertised web sites
are being hosted, and who's providing transit for those hosts. I've been doing
this for a while now, and I can *definitely* see some pretty obvious patterns.
I guess those transpacific OC3s and OC12s for "strategic" customers
are just too lucrative to risk jeopardizing with trifles like enforcing
terms of service...