Geoff Voelker, left, and Stefan Savage (UC San Diego photo)

UC San Diego computer scientists Geoff Voelker and Stefan Savage have made an intriguing discovery about the infrastructure by online scams that suggest they may be easier to shut down than previously thought.

Turns out that although the vast majority of spam is now sent via botnets of hijacked computers, 94 percent of the scams they advertise and link back to are hosted on individual Web servers. In other words, they have a single point of failure.

"A given spam campaign may use thousands of mail relay agents to deliver its millions of messages, but only use a single server to handle requests from recipients who respond," they wrote in a paper accepted for publication at the USENIX Security 2007 conference this week. "A single takedown of a scam server or a spammer redirect can curtail the earning potential of an entire spam campaign."

Voelker and Savage studied more than 1 million spam messages sent in one week and analyzed both online scams that sold merchandise and used phishing or other software tricks to defraud users. Interestingly, more than half of the scam servers they discovered were based in the United States whereas most spam is relayed from overseas. They speculate that scammers may want the "perceived enhanced credbility" that comes with being hosted in the U.S., or that they find U.S.-based servers more stable and reliable. It's also a lot easier to manage a single server, of course.

Of course, now that the white hats know, the scammers will probably change their tactics and find ways to serve their sites from multiple servers.