Study May Shed Light On How To Stop Spam

Robert Siegel speaks with Stefan Savage, a computer science and engineering professor at the University of California, San Diego. Savage is a co-author of a new study that looks at why 95 percent of credit card transactions for spam-advertised products are processed by only three financial companies — and what this information can do to help stop spam.

MICHELE NORRIS, Host:

From NPR News, this is ALL THINGS CONSIDERED. I'm Michele Norris.

ROBERT SIEGEL, Host:

And I'm Robert Siegel.

NORRIS: Two years from now, spam will be solved. He said that in 2004. And today, the typical online mailbox is still packed with it. It's estimated that 90 percent of email traffic is spam, and there doesn't seem to be any technical solution out there that's up to the job of controlling it.

NORRIS: Stefan Savage is a professor of computer science and engineering at the University of California, San Diego. Welcome to the program.

P: Thank you very much, pleasure to be here.

SIEGEL: And first, tell us about the scope of your work here. How much spam did you and your colleagues actually consume?

P: We looked at about a billion unique spam messages over the course of three months and then followed all of the links contained therein and visited the websites that were advertising projects.

SIEGEL: And actually bought stuff?

P: That's right.

SIEGEL: And then when you analyzed all of these transactions, what did you find?

P: And what we found is that at most stages of this pipeline, it's very hard to do anything effective because there are so many alternatives and it's so easy to switch. The single biggest exception, however, is in the case of payment processing and merchant bank services.

SIEGEL: Banking, you found that a very small number of banks account for a very large share of the spam business.

P: That's absolutely right. Ninety-five percent run through just a handful of banks.

SIEGEL: A handful, meaning?

P: Three: One in Azerbaijan, one in Saint Kitts and Nevis, and another - previously they were using one in Latvia, now it appears to be in Russia.

SIEGEL: And is there obvious recourse to these banks or these countries to get them to stop doing it?

P: The alternative is to look at this from a domestic standpoint, because ultimately the money that funds this activity is U.S. money. And the banks that issue credit cards - Chase, Bank of America, and so forth - were simply to refuse to honor transactions with those particular foreign banks for these particular class of services, it would demonetize the entire activity.

SIEGEL: And which was your view here? That it just happens that there are three banks eager to do this trade? Or that if you blocked transactions of this sort being paid by American banks for SPAM, to those three banks, that three more banks in three different countries would step in and do the work?

P: So it's one of those rare cases where the defender actually has a huge time advantage, if they choose to take this approach.

SIEGEL: Professor Savage, thank you very much for talking with us.

P: Thank you, my pleasure.

SIEGEL: That's Stefan Savage, professor of computer science and engineering at the University of California, San Diego.

Copyright © 2011 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.