Competing with Spams More Fiercely: An Empirical Study on the Effectiveness of Anti-Spam Legislation

Spam mail still accounts for more than 80% of the total email traffic. More recently, it has played a role as a potential propagator of vicious attacks such as viruses, phishing, and malware. Although anti-spam legislation has already been established in many countries, it appears to be ineffective. In this context, the anti-spam policy regime in South Korea was radically changed in November 2014, which provides a natural experimental setting to investigate the effect of the policy. The policy change includes a set of the substantially enhanced regulations, such as a transition from an “opt-out�? to an “opt-in�? approach, informed consent requirements periodically, and an increase of maximum penalty. This paper empirically tests whether the policy effectively reduced the intentions of spammers in South Korea. For empirical work, we use a unique and large-scale dataset of 5.6 billion spam messages originating from over 200 countries during a twenty-month period. Our main findings suggest that this policy change significantly decreased the spam volume in South Korea, compared to those originating from other countries. We conduct an additional economic analysis and find that the expected benefits for users are up to 150 million USD in the country. Despite the importance of preventing spams, there have surprisingly been few studies on the topic from the policy perspective in the information systems field. This paper contributes to the literature by highlighting the importance of the properly designed policy to reduce unsolicited messages on the Internet.

[1]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[2]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[3]  Guido Schryen,et al.  Anti-spam legislation: An analysis of laws and their effectiveness , 2007 .

[4]  Gordon V. Cormack,et al.  Spam and the ongoing battle for the inbox , 2007, CACM.

[5]  Robert J. Aalberts,et al.  Trespass, nuisance, and spam: 11th century common law meets the internet , 2007, CACM.

[6]  V. Kumar,et al.  Modeling Customer Opt-In and Opt-Out in a Permission-Based Marketing Context , 2014 .

[7]  Krishna Jayakar Can We Can Spam? A Comparison of National Spam Regulations , 2013 .

[8]  Alex Kigerl,et al.  Deterring Spammers , 2016 .

[9]  Grant C. Young CAN-SPAM: A First Step to No-Spam , 2004 .

[10]  Gordon V. Cormack,et al.  Email Spam Filtering: A Systematic Review , 2008, Found. Trends Inf. Retr..

[11]  Andrew B. Whinston,et al.  How Would Information Disclosure Influence Organizations' Outbound Spam Volume? Evidence from a Field Experiment , 2016, J. Cybersecur..

[12]  Kissan Joseph,et al.  Investigating pricing solutions to combat spam: Postage stamp and bonded senders , 2008 .

[13]  A GrimesGalen Compliance with the CAN-SPAM Act of 2003 , 2007 .

[14]  David H. Reiley,et al.  The Economics of Spam , 2012 .

[15]  Farida Ridzuan,et al.  Factors Involved in Estimating Cost of Email Spam , 2010, ICCSA.

[16]  Jae Kyu Lee,et al.  Guest editorial: research framework for AIS grand vision of the bright ICT initiative , 2015 .

[17]  Dennis W. K. Khong An Economic Analysis of Spam Law , 2004 .

[18]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[19]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2009, CACM.

[20]  Weilai Yang,et al.  Understanding and Reversing the Proflt Model of Spam (Position Paper) , 2005 .

[21]  Mark Clemons,et al.  A simple approach for eliminating spam. , 2015, Current oncology.

[22]  Kai Lung Hui,et al.  Marginal deterrence in the enforcement of law: Evidence from distributed denial of service attack , 2013 .

[23]  Stu Sjouwerman,et al.  The Real Cost of Spam , 2004 .

[24]  Yada Zhu,et al.  Social Phishing , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[25]  Stephen R. Barley,et al.  E-mail as a Source and Symbol of Stress , 2011, Organ. Sci..

[26]  John G. Palfrey,et al.  A Comparative Analysis of Spam Laws: The Quest for a Model Law , 2005 .

[27]  Kang Shin Gak,et al.  Proposal of a new effective spam mail regulation , 2005, The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005..

[28]  Evelyne Beatrix Cleff,et al.  Privacy Issues in Mobile Advertising , 2007 .

[29]  Fabio Roli,et al.  A survey and experimental evaluation of image spam filtering techniques , 2011, Pattern Recognit. Lett..

[30]  Rui Chen,et al.  Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service , 2014, Inf. Syst. J..

[31]  Galen A. Grimes Compliance with the CAN-SPAM Act of 2003 , 2007, CACM.

[32]  Ivan P. L. Png,et al.  The Deterrent Effect of Enforcement Against Computer Hackers: Cross-Country Evidence , 2007, WEIS.

[33]  Chih-Hung Wu,et al.  Behavior-based spam detection using a hybrid method of rule-based techniques and neural networks , 2009, Expert Syst. Appl..

[34]  S. Godin Permission Marketing: Turning Strangers Into Friends And Friends Into Customers , 1999 .

[35]  Jacek Gwizdka,et al.  Email in personal information management , 2006, CACM.

[36]  Szde Yu,et al.  Email Spam and the CAN-SPAM Act: A Qualitative Analysis , 2011 .

[37]  Mariko Morimoto,et al.  Consumers’ Attitudes Toward Unsolicited Commercial E-mail and Postal Direct Mail Marketing Methods , 2006 .

[38]  Dominik Papies,et al.  The Cost Impact of Spam Filters: Measuring the Effect of Information System Technologies in Organizations , 2008, Inf. Syst. Res..

[39]  D. P. Majoras,et al.  Effectiveness and Enforcement of the CAN - SPAM Act: A Report to Congress , 2005 .

[40]  Paul Judge,et al.  Understanding and Reversing the Profit Model of Spam , 2005, WEIS.

[41]  Vinton G. Cerf Spam, spim, and spit , 2005, CACM.

[42]  Younghwa Lee The CAN-SPAM Act: a silver bullet solution? , 2005, CACM.

[43]  Ross J. Anderson,et al.  The Economics of Online Crime , 2009 .