The root of the ecrime problem is not technology: it is money.
The black hats have a thriving black market that coordinates them and motivates them in hard cash. The white hats try to go it mostly organization by organization, and they’re just a cost center. What is needed to beat the black hats is not new network protocols nor more laws: what is needed is better coordination and motivation through reputational and financial incentives.What’s missing is transparency and reputation: nobody knows which service providers let the most spam escape. We propose to make sure everybody knows. Since nobody wants to be branded a spam haven and providers that do good work want to be known for it, such rankings will provide reputational and financial incentives for providers to do better about preventing and stopping spam. On top of such rankings providers can turn SLAs into self-insurance, and insurers can turn that into insurance policies with requirements for better spam prevention, thus dealing with the current problem of moral hazard. That all can build financial incentives for the white hats to cooperate to defeat the black hats.