Composite Blocking List

Abstract: While the volume of spams tended to increase over time, the proportion of spam mails was constantly above 80%. Also, cybercriminals have become more sophisticated in their scams and phishing schemes, which are designed to steal personal data and financial information. Emails are often used as a bridgehead for their criminal act, and the scale of cybercrime being spread over email is massive. In this context, many countries adopted national policies that aim to decrease the volume of spam emails, and the intensity of regulation shows a wide variation. For example, the South Korean government strengthened the spam-related regulation and legal compliance in November 2014 by which commercial information using any types of the electronic medium including emails and instant messengers can only be sent when the recipient consented to the message beforehand, i.e., from "opt-out" to "opt-in" policy scheme. The new policy also contained legal provisions that raised the amount of a fine for violation. This compelling setting provides a favorable condition to examine the effect of the national-level policy on the volume of spam emails. For an empirical work, we use a unique dataset collected from Real-time Black Lists (RBL) such as Composite Blocking List (CBL). It collected a list of IPs that have sent email to their spam traps, and the IP is not a known mail server on the Internet. Using this information, we can distinguish outgoing spams originated from South Korea from those from other countries. Our dataset contains 5.7 billion spam emails for 20 months from April 2014 to November 2015, which also identifies 235 countries where the origin server is located. Assuming that there was no particular policy in other countries that would affect the volume of spam emails during our study period, we investigate the impact of the newly enacted regulation of South Korea by using an appropriate econometric model. Our findings can be summarized as: (1) the national spam policy of South Korea has a moderate effect on the reduction of spam volumes; (2) the decrease was mostly led by large autonomous systems in the country; and (3) the average number of autonomous systems used to send at least one or more spams a day was decreased in South Korea, compared to other countries. Our findings suggest that the strong government intervention can be effective to reduce unwanted spam emails, and, as a policy implication, other countries may take into account the adoption of similar regulations that was implemented in South Korea. Furthermore, in an attempt to prevent the proliferation of cybercrime, this study is novel in making the potential origins of cybercrime responsible for the consequences.