> I'm saying that spam like this is a consequence of cheap domains.

Technically correct, but the thing is, spam like this is a consequence of a lot of things. Why draw attention to that specific cause out of everything else?

You could just as accurately say that spam like this is a consequence of human-readable domains. If humans weren't visually validating URLs, it would be impossible for a scammer to use unicode tricks to make a URL look legitimate.

A lack of gatekeepers means we'll have more scammers, yes. But, gatekeepers almost universally don't scale well in any system as large as the Internet, and they come with so many additional problems that they're not worth paying special attention to or prioritizing as a solution to any problem on this scale.

Chances are the scammers didn't even pay the domain name or the SMS. Maybe the real issue is the state of payment services. You provide some random numbers in an unknown form....and this is since forever. How stupid is that? Things like Apple Pay seem to go a bit in the right direction but at the root you still use that random card number as identity/authentication.

So the phone/device IMEI is not recorded for the session?

Not that it would tell who sent it, but would allow to track if the same devices were used as part of ongoing campaign.

The sending network may have a record of the IMEI, but I don't think the receiving one gets it.

But SMS sending devices are cheap and disposable. Sure, it's illegal to alter your IMEI in the UK - but if they're already committing one crime, I don't think that'll stop them.

If you watch kitboga (youtube / twitch) and in the odd chance kitboga gets to talk about why they do it the spammers fall into a couple of categories:

1) The angry/evil spammer. Doesn’t give a shit and wants make his dollars. Usually someone higher up. 2) The worker. Just his bills paid. Usually rather uncaring what they are doing, although they acknowledge its wrong 3) Playing oblivious, just ignoring and avoiding any sense of blame or justice

It’s lucrative and as long as we keep falling for it, it will stay. Making domains more expensive will make the barrier of entry higher, but the top players will likely just consolidate more resources vs little scammers.

If a domain is like an address then maybe we could or should enforce some more legitimacy, but such a thing would be hard to implement in the countries where spam usually originates from.

Sending bulk sms costs waaaay more than any domain. This theory doesn’t really make any sense.

Bulk SMS costs around 1p/message - if you're sending from the UK. If you're sending from overseas it can be significantly cheaper.

So, sending a couple of hundred messages is about the same price as a domain.

Of course, if you've stolen a SIM or hacked peoples' phone in order to send the messages, it's even cheaper.

IME good providers tend to charge at least 2p/message. You also need to get decent leads from somewhere or your conversion rates will suck.

Then there’s also a significant time investment in setting up accounts with those SMS services that’ll constantly be banning you.

Couple of hundred messages isn’t going to get you very many hits unless you’re collecting low value information.

And who sent it shouldn't be recorded. Your problem is not the spammers but the reason users fall for the phish. Why are prepaid pins special and free email is not?