The Economics Of Spam… And Are We Winning The War Against Spammers?
from the maybe,-maybe... dept
Bruce Schneier has a post where he goes through the basic economics of spam, which is nothing new, but it’s put in a simple to understand manner. The basics (which, yes, you already know…) is that spam works because it’s insanely cheap for the sender, who just needs a tiny number of responses to make it worthwhile. The real “expense” (annoyance) is often paid by the recipient, so the spammer doesn’t care (it’s a negative externality). So, any spam solution has to look at ways to increase the cost to a spammer. What’s more interesting is the claim that we may be reaching the point that this is working. Filters have gotten good enough that fewer people are bothered by spam, while raising the costs to spammers of sending spam. Combined with the occasional long jail sentence for a spammer, Schneier suggests we really are winning the war against spam. Others might disagree. It seems like we’ve been able to contain the spam problem in many areas (not perfectly, but it’s a start), but it’s not clear if this is just a battle that’s being won, or the war. Given the ability of spammers and scammers to adapt and change over time, there’s still plenty to be worried about.
Comments on “The Economics Of Spam… And Are We Winning The War Against Spammers?”
Spam
Yes – I agree. I get much less spam than I used to 5 years ago, but the spam I do get is more sophisticated . Outlook 2003 copes really well with spam I get virtually none.
At work I installed a Mail program that virtually stopped it overnight.
Re: Spam
I get much less spam than I used to 5 years ago,
No, you are just not seeing it. Doesn’t mean it’s not being sent to you – then filtered.
Progress
I can’t say that we are winning the war on spam. But I think that we are definately making progress. The company that I work for recently installed a MailFoundry appliance (mailfoundry.com) which has dropped my spam to virtually nothing. Appliances like these are making a huge difference in the war. Companies can free up time of their employees by taking the employee out of the process. The spam gets stopped before it ever reaches our exchange server. Making our exchange server, and my inbox and lot happier.
I think that spam will end up being much like viruses. It will always be there. There will be good days and bad days where we will see some major breakouts that get past the filters. But technology will continue to evolve and in the end, I think that we will be able to make spam a minor annoyance in our daily digital lives. And while that is not perfect, it’s the win that I think we are looking for.
Re: spam progress
Posted at:
http://www.schneier.com/blog/archives/2005/05/combating_spam.html
While this was a good article and brings out some points that others have glossed over (such as looking deeper at both the real and intangible cost of spam), in the end, there is still no single solution proposed, nothing for people to rally around and focus on..
Look, spam costs virtually nothing to send. So there isn’t any control to limit the amount of spam mail, unlike snail mail. Also, it is not always easy to distinguish spam from real mail. Furthermore, opening junk mail or watching an ad on TV never leads to getting a virus/trojan/spyware infection or exposing personal information. Spam email is just not the same as advertising or junk mail!
Fortunately, I use a free Bayesian email filter program which catches virtually 100% of the spam. Based on years of experience and the rating added to the spam header by the software, my Outlook rules automatically dispose of the garbage for me. But most people aren’t sophisticated nor patient enough to train and use Bayesian filters.
As to the goal of stopping spam, it ain’t going to happen UNLESS we have to pay postage to send email. There’s just no other way. PERIOD. As you note, for every measure we take, spammers come up with a counter measure. It’s like cops with radar guns vs. the radar detector manufacturer’s.
I’m thinking that .005 (1/2 of 1 cent) per email might do the trick to end the spam deluge. If the typical user sends 200 emails per month, a charge of .005 cent per email would be a mere $1.00 extra per month – a pittance to be permanently rid of spam! THAT’S ONLY ONE DOLLAR PER MONTH PEOPLE! ISP’s could even give users 200 free emails monthly to mitigate this point.
But the spammer would be on the hook for $5,000 for every 1,000,000 emails sent. That should be enough to take any profit out of that business. Even for legitimate marketers, a small charge like this adds up and would encourage them to ensure that everyone on their lists were opt-in customers. We could kill two birds with one stone.
Furthermore, for those who might respond that spammers will hijack user systems for spending spam email, then the user would be on the hook for paying for letting their system be vulnerable. It’s called personal responsibility, something many of us don’t want anything to do with these days. Forcing the user to ante up for their lack of knowledge or refusal to learn how to protect their computer would actually be an additional positive, as it would “encourage” users to learn safe computing practices. Nothing like draining $$ out someone’s pocket to engender a bit of motivation on someone’s part, I say [lol].
Of course, any mention of having to, god forbid, PAY for sending email is 100% GUARANTEED to raise many people’s hackles. I find this humorous insight of how many people seem perfectly comfortable paying $3-5 for a cup of coffee, spending $50 weekly on lottery tickets, paying $50-100/month for a cell phone bill and/or paying up to $120/month for a maxed out cable service subscription.
We need to face reality. There is no way to legislate spam out of existence since it can originate from any country on this planet with a good telephonic system. Charging for sending email is the ONLY solution that spammers will not be able to find a technological way around. Half-measures just won’t cut it. The sooner we acknowledge this, the sooner we can be rid of this problem and move on to deal with other important problems.
Re: Re: Why charging won't solve spam.
Re: “Charging for sending email is the ONLY solution that spammers will not be able to find a technological way around.”
Unfortunately there’s a simple techological solution – they can use an overseas botnet. You might find it not so easy to collect “$5,000 for every 1,000,000 emails sent” when the owners of the computers involved are innocent Chinese citizens whose computers have been hijacked.
Most spam generated by botnets, says expert
Re: Re: Re: Why charging won't solve spam.
This is true. Also the problem with charging for outgoing mail is adoption – you want every ISP to change their setups overnight. And the first ISP that tries it will go bust from the exodus of its customers.
Nope, still haven’t thought of anything better than our favoured open-source weighted-summed-score filter on top of bayes, razor2/pyzor, rbl and custom rule backends…
Re: Re: Re: Why charging won't solve spam.
Yes, I would expect this problem.
People pay a monthly charge for their ISP service. Just like with telephone or cable service, the charge would be added to the person’s bill. It is the responsibility of the provider to collect what is owed. If they can’t collect, then they can shut down the person’s internet access, again, just like with telephone or cable service.
Missing the other consequences
There are many more consequences to this “win”, whether it is the battle or the war.
Those are the fact that email has become an unreliable mode of communicating. Because of the battles with spammers, phishers, etc., the acutal email messages are the collateral damage. And when you don’t get an email that someone sent because it was “filtered” (many times without your control), you lose faith in the system.
So, as long as there is filtering and other bombing methods to keep spam out of the inbox, the trust will continue to decline.