Click trajectories: End-to-end analysis of the spam value chain


Anyone who has come into even casual contact with the Internet is familiar with the concept of spam advertising, which often promotes questionable financial schemes and pharmaceuticals such as Viagra. The United States, among many other countries, has laws criminalizing certain deceptive tactics frequently employed by spammers. To date, most anti-spam initiatives have focused on defensive tactics such as email filters, URL blacklists and site flagging. Yet a deeper system supports spam advertising, and it could potentially be disrupted.

A 2011 study from the University of California, San Diego and the University of California, Berkeley, “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, cataloged three months of online spam data and researched website naming and hosting infrastructures. As a research endeavor, more than 100 purchases from spam-advertised sites were made. The researchers tried to get an overall picture of the process employed to monetize spam email — from the banks that spammers use to the emails sent out — in order to defend against it.

The study’s findings include:

  • Half of all spam programs have their domains and servers distributed over just 8% or fewer of the total available hosting registrars and Autonomous Systems. Overall, 80% of spam programs are distributed over just 20% of all registrars and Autonomous Systems.
  • Of the 76 purchases for which the researchers received transaction information, there were only 13 distinct banks acting as credit card acquirers and only three banks provided the payment servicing for 95% of the spam-advertised goods in the study.
  • A “financial blacklist” of banking entities that do business with spammers would dramatically reduce monetization of unwanted emails. Moreover, this blacklist could be updated far more rapidly than spammers could acquire new banking resources, an asymmetry favoring anti-spammers.

The researchers concede that there are legal challenges in some countries from which spam originates, and some spammers in non-Western countries complain that they are catering to real needs and “efforts to criminalize their actions are motivated primarily by Western market protectionism.” However, the study points out that spam is primarily supported by Western money: “The payment tier is by far the most concentrated and valuable asset in the spam ecosystem, and one for which there may be a truly effective intervention through public policy action in Western countries.”

Tags: crime, law, technology, Russia, telecommunications

Last updated: June 14, 2011


We welcome feedback. Please contact us here.

Citation: Levchenko, K.; et al. "Click Trajectories: End-to-End Analysis of the Spam Value Chain", Security and Privacy (SP), 2011 IEEE Symposium on, May , 2011, PDF.DOI: 10.1109/SP.2011.24