For years, a team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, the billions of unwanted e-mail messages generated by networks of zombie computers controlled by the rogue programs called botnets. They even coined a term, “spamalytics,” to describe their work.

Now they have concluded an experiment that is not for the faint of heart: for three months they set out to receive all the spam they could (no quarantines or filters need apply), then systematically made purchases from the Web sites advertised in the messages.

The hope, the scientists said, was to find a “choke point” that could greatly reduce the flow of spam. And in a paper to be presented on Tuesday at the annual IEEE Symposium on Security and Privacy in Oakland, Calif., they will report that they think they have found it.

It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies.