Spam Penalties and Growth
Most readers of this blog are aware of the unholy alliance between the world's spammers and cybercriminals. This partnership is based upon the spammer's ability to present scams to millions of innocent users on behalf of those the crooks that would defraud them. The work of these two groups of miscreants most typically presents itself as phishing attacks on individuals and more recently spear phishing attacks of target corporations.
So it was with some interest that I noted two headlines in the data security trade press this week. The first was the verdict handed down to the self proclaimed "King of Spam," Sanford Wallace. A judge in California ordered Wallace to pay Facebook $712 million in damages for sending bogus emails to Facebook users. While it's a another positive sign that the judicial system is willing use what little control it has to penalize spammers, there is little chance any money will actually change hands as Wallace declared bankruptcy earlier this year.
The other, somewhat more depressing headline, claimed that 92% of global email traffic is now spam. Back when I worked for one of the pioneering anti-spam companies, we were surprised when the fraction of spam in all global email sailed through the 50% point and appeared to be on a vertical trajectory. Now that nearly all email is effectively spam, it's little wonder that many Internet users are abandoning email and simply communicating via Facebook, Twitter, and other social media platforms.
So will verdicts like the one handed down in the Facebook case cause the amount of spam (and their cybercrime payloads) to finally start to decrease? It's unlikely. Spammers continue to clog the Internet with junk mail because it's profitable and will continue to do so until it becomes less profitable than the next most profitable thing they can do with their time and resources.
Sam O'Rourke, senior counsel at Facebook, was quoted after the verdict as saying, "This is another important victory in our fight against spam." I wish he were right, but as Facebook will likely collect nothing and the spam flow in our email is showing no signs of abating, I'm having a hard time seeing why it's important. Is it a moral victory for Facebook? Sure. Does Judge Jeremy Fogel deserve praise for sending a signal that at least in his court, spammers will receive no mercy? Absolutely. But, will this outcome have any affect on the amount of spam in our email or the number of people defrauded by the bogus offers delivered? I think that's very unlikely.
Until the governments (primarily in Asia and Eastern Europe) that are aiding and abetting the criminals perpetrating these crimes stop protecting them from the reach of global law enforcement, we'll continue to see headlines like the two cited above. Unfortunately, we're also likely to see ever more sophisticated scams and delivery mechanisms appear as the perpetrators learn how to best exploit the social media platforms and legacy communications tools we all use every day.