A must read paper has been published:
Levchenko, Click Trajectories: End-to-End Analysis of the Spam Value Chain, Proceedings of 32nd annual Symposium on Security and Privacy 2011 (PDF)
It really goes without saying that someone must click on those links that come in spam emails or they wouldn’t send them. Spam isn’t a pointless annoyance; it’s a form of direct marketing. The basic technology behind spam is just vast networks of computers (often botnets) sending email and is fairly pedestrian as it goes. The only impressive thing is really the scale and a very healthy proportion of all human communication in history is spam.
The technological side of spam has been fairly well researched but spam has not really been examined from a technical-economic perspective and certainly not in an end-to-end fashion. This is what this paper does. It works out where the money goes and that’s revolutionary.
The weak link in the money chain seems to be the relatively few banks willing to handle the credit card transactions. Spam regulation, if we want to regulate it, could do worse than target these organisations.
Why wouldn’t we want to regulate spam? For me the most interesting lesson of the paper is the sheer quality of the spam based retail service. You tend to get what you ordered, it tends to be the real thing and you tend not to get your credit card ripped off at the end of it. I had pretty much assumed that even just clicking on a link in a spam email would be signing up for viruses and credit card fraud. It turns out some of these people even have pretty decent customer service set up.