When an abuser–a spammer, phisher, or malware distributer–attacks someone, they have to do two things. First, they deliver a communication (often a spam e-mail), that entices the victim. Second, they "seal the deal" by actually selling the product, stealing the personal information, or installing the malware. (The second part is sometimes referred to as "collecting the conversion.") Dick Craddock and I have talked about some of the steps we take to block abusers’ initial communications in previous posts (Fighting the war on spam, Spam, phishing, and other annoyances, and Preventing spam and phishing using e-mail authentication). I’m going to talk about some of the work we do to keep abusers from "sealing the deal."
