We're in a vicious circle. Spammers work on commission of up to 50 percent of the sale price of the goods they pimp. A couple of thousand sales can net them upwards of £10,000, and they don't care whether it takes a hundred million or a billion emails to get there. As anti-spam techniques get better, all the spammers have to do is increase the range and number of emails they send out -- and the greater the pressure on the Internet's mail systems.
In America, the Can-Spam Act tried to moderate this problem by creating legal pathways for unrequested email advertising while making spam that didn't stick to the rules illegal. It's resulted in some prosecutions, and it's impossible to say what would have happened if the act hadn't been passed. Nevertheless, the amount of spam in America has continued to rise at much the same rate as before.
There has to be a co-ordinated response across the board. Governments must create laws that make spamming not worth the risk, with fines that dwarf the riches that tempt the spammers. Germany's new law promises fines of up to €50,000 -- which a good spammer could make back in a month, a ferocious one in a week. ISPs must be more aggressive in spotting and filtering zombies, and cooperate more with each other and with researchers. Individual users must follow basic rules of online hygiene. Operating system and application software vendors must accept responsibility for security holes in their products. They should also cooperate on developing the protocols and systems needed to stop spam at source. If any one of these components is lacking, the cash equation will make it worthwhile for spammers to carry on spamming.
Spam will stop when spamming is too difficult, too expensive and too dangerous to be profitable. Only a systematic attempt to make it so can have that effect. We don't have long to get it right.
Talkback
If people stopped buying from e-mail spammers it would solve the issue easily and relatively quickly.
I've often wondered what the profile of a buyer might be.
Implementing new protocols to stop the flow of spam will only hurt more. It'll require public records which black hat hackers and spammers can have a field day with. It'll only increase the administrative load on the Internet. It won't stop zombied PC's. It'll cost companies a lot to make it somewhat working and guess who will pay for that 'extra service' in the end. Etc, etc.
The irony being that solid anti-spam, anti-spim, anti-virus, anti-spyware, anti-phising, anti-ID-theft and what not 2 to 4 figure solutions already exist today but PR brainwashed and commercially motivated people would rather see 6 figures or more solutions that can also be billed for per customer.
Great, that's exactly the kind of environment spammers and the like can exploit to the fullest. No-one feels responsible. There's no low-cost combined effort. And the only thing that really gets attention is: how much can I charge for that?
If ISP's would be required to install an anti-spam, etc solution of their choice as a standard free service for all of their customers then things would dramaticly change for the better in no time. Thing is that mainstream ISP's charge by the byte. So filtering out spam would hurt their business model. On the other hand. The first batch of mainstream ISP's that do filter out spam etc etc will most likely see an increase in the number of customers they have.
Nevertheless. Stopping spam as close to the source as possible is key to putting a stop on it. Also because stopping spam as close to the source as possible greatly increases the chance that there's some form of legal contract between the spam source and the ISP detecting that source.
Another thing that will be key to stopping spam will be resorting to simple, yet effective by strength in numbers, and cheap solutions. Symptom fighting by means of complex and expensive new technology will only result in a low adoption rate that'll most likely be bypassed within months.
Today, and there are a bunch of people out there who'll have a hard time accepting this, the most promising weapon of defence against spam etc etc that's cost efficient, simple in method yet great in strength and fast enough to solve new emerging problems in time would be the wide scale adoption of Open Source solutions.