Legal solutions to combat the spam problem are the method to do this, although laws and their subsequent enforcement in mitigating the harms of spam are not nearly as well developed as technical defenses. However, law enforcement has the potential to both deter and incapacitate the individual spammers and spam gangs with the intent of preventing them from continuing to violate the law. Yet spam, like most other forms of cybercrime, does not respect international borders. Much of spam received in one country can be sent from any other nation in the world, so there is a confusion of legal jurisdiction when investigating and prosecuting spammers. The problem can be compounded by difficulties with the home countries of the spammers being unwilling to cooperate with other jurisdictions.
International laws ought to be more developed, yet ratification among most countries of the world would be necessary, something unlikely to happen anytime soon. The Convention on Cybercrime is one such example, although there is little evidence the treaty serves as a sufficient deterrent against global email spam and phishing attacks at this time. Local laws regulating spam may be similarly ineffective to date. Spammers are unlikely to be deterred as spam is a highly profitable business, and the risks of apprehension are relatively low. That is, spam crime pays, and it may be a particularly rational crime to commit as the rewards often outweigh the risks.
While the deterrent effectiveness of cyberlaws in preventing spam may be weak, an incapacitation approach may have more merit. When top spammers are arrested, there is often a noticeable drop in spam sent worldwide, albeit temporarily. Despite this, it does not take long for rival spammers or spam gangs to fill the void and make up for the short-lived reduction in spam. It is still noteworthy that arresting as little as one individual spammer can affect the spam received around the world. This is what is known as the Pareto principle, where 80% of the events originate from just 20% of the causes. This ratio may be even more exaggerated when it comes to spam, as 80% of the global spam sent may originate from just 300-400 known spammers. Despite this, arresting all top spammers, and preventing new cybercriminals from taking their place, is easier said than done. Given the unlimited access to information and possibilities for group collaboration and division of labor that the internet provides, anyone anywhere in the world can work hard towards becoming involved in the spam business. Such a reality can mean spammers can crop up anywhere at any time to fill the gap left by the spammers who are actually incapacitated.
The Pareto principle does not just apply to spammers, it can also apply to institutions that enable and facilitate spammers in sending and profiting off of spam. A disproportionate amount of spam is sent by a small number of ISPs who make no effort in eliminating spam from their networks. Most ISPs succeed in limiting spam on their networks, but for a minority of ISPs, combating spam would be an undesirable business expense. Additionally, most spam is intended to sell a spamvertised product, such as pharmaceutical or other goods. Banks of course are needed to facilitate these transactions. In one sample of 76 spamvertised goods purchased, as much as 95% of those purchases were serviced by just 13 distinct banks. It only takes a few complacent banking institutions to keep the spam trade profitable.
It may be easier to target and place pressure on the small number of institutions that enable illicit spam. While individual spammers are unlikely to be deterred, institutions may be more amenable to legal actions. There are also fewer facilitative institutions than cybercriminals in general, so targeting them may be more effective in having an impact on global spam rates. While technological solutions continue to be highly effective, they do not get at the root of the problem. While spammers are the root of the problem, focusing on the institutions that enable illicit spamming may have the strongest result in mitigating the spam problem.