Organizing the Cloud Against Spam

In RIPE Labs, here’s a paper on Internet Cloud Layers for Economic Incentives for Internet Security by the IIAR Project (I’m the lead author). Anti-spam blocklists and law enforcement are some Internet organizational layers attempting to deal with the plague of spam, so far reaching a standoff where most users don’t see most spam, yet service providers spend large amounts of computing and people resources blocking it.
The root of the ecrime problem is not technology: it is money.
The black hats have a thriving black market that coordinates them and motivates them in hard cash. The white hats try to go it mostly organization by organization, and they’re just a cost center. What is needed to beat the black hats is not new network protocols nor more laws: what is needed is better coordination and motivation through reputational and financial incentives.
What’s missing is transparency and reputation: nobody knows which service providers let the most spam escape. We propose to make sure everybody knows. Since nobody wants to be branded a spam haven and providers that do good work want to be known for it, such rankings will provide reputational and financial incentives for providers to do better about preventing and stopping spam. On top of such rankings providers can turn SLAs into self-insurance, and insurers can turn that into insurance policies with requirements for better spam prevention, thus dealing with the current problem of moral hazard. That all can build financial incentives for the white hats to cooperate to defeat the black hats.