Can It Clean Up Your Inbox? Evidence from South Korean Anti‐spam Legislation

Although spam email messages have been the primary source of cybercrime since the early Internet era, there is no quick fix to this problem. Governments have established anti-spam legislation, but surprisingly, there has been no measurement of policy impact. This study aims to fill the gap by utilizing a quasi-experimental setting in South Korea, where the anti-spam policy was substantially amended in November 2014. A significant change was in the default setting, switching from an opt-out to an opt-in scheme, which required that commercial email senders obtain recipients' prior consent. Also, the law notably escalated the deterrent penalties for perpetrators. To empirically examine the policy effectiveness, we use a large-scale data set of 5.61 billion spam emails originating from over 38,000 spammers in 226 countries during twenty months in 2014-2015. Our findings suggest that the amended policy adopting the opt-in scheme decreased the volume of spam originating from Korea by 16.1%. The expected economic gain from the increased productivity of recipients is 7.649 million USD per year. This study contributes to the literature by highlighting that a well-designed policy can lower cybersecurity incidents that threaten organizations, operations, and individuals. Our finding also provides important implications for policymakers and managers in designing effective policies with data-driven evidence.