Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Is The Real Cost of Spam?

Posted by timothy on from the human-depravity dept.

securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."

1 of 316 comments (clear)

  1. Stupid System Administrators by sirket · · Score: 4, Informative
    I have said this before, and I will say it again:

    If people would set up their email servers correctly, I could eliminate 99% of the spam from my systems. Unfortunately, a bunch of administrators seem to feel that they do not actually have to configure their systems correctly. If I want to be able to receive mail from them, then I need to open my server up and allow misconfigured servers to talk to it. Guess who has the majority of (usually intentionally) misconfigured servers. You guessed it, spammers.

    Getting rid of spam is simple. Stop bitching about it and fix your own damned mail server.

    Do you:
    1. Have a postmaster account?
    2. Have an abuse account?
    3. Have reverse DNS?
    4. Have matching forward and reverse DNS?
    5. HELO with your server's Fully Qualified Domain Name (FQDN)?
    6. Use a FQDN at all points during the transaction?
    7. Have an A Record in DNS for those FQDN's?
    8. Have proper MX records?
    9. Use strict RFC821 envelopes?
    10. Reject unauthorized command pipelining?
    11. Reject non-existent sender domains? (joe@doesnotexist.com)
    12. Reject invalid HELO names (Either non-FQDN's, HELO names that do not resolve, HELO names that do not resolve to the IP address of the connection, or hosts that use a numeric HELO without brackets)
    13. Accept email for postmaster@a.b.c.d (Where a.b.c.d is the external address of your email server and e.f.g.h is the internal, non-NAT'd address). Many hosts fail this test (Though this is not something that you, as the receiver, would be checking.)

    Just my two cents.

    -sirket