Slashdot Mirror
What Is The Real Cost of Spam?
securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."
how do they figure $1/msg? It maybe only takes me 10 seconds to alt-tab over to outlook and see that it's spam, delete it, and alt-tab back. let's see... that amounts to $360/hr! I wish I were making that kind of money! If it weren't for all this spam...
if they'd just get spambayes they wouldn't have this problem anymore. hardly any junk mail gets past spambayes...
for now,we have to live with it (or with what gets through our filters).
"If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain."
In other words, stop whining and hit delete.
DO NOT WRITE IN THIS SPACE
okThat's not the fault of spam- that's the fault of whiny executives. Execs are always whining about efficiency, "making the sacrifice", cutting the fat...yet they're responsible for more productivity loss for most IT departments than other employees combined.
When 2-3 execs moved into the office I was supporting, they were a massive drain, killing my productivity- because any time even the slightest thing was wrong, we had to drop what we were doing, and rush to make the Big Baby happy.
Executives, hear this. One sure fire way to enhance the productivity of your IT staff is to learn how to use your #$!@ing email program, not complain when your desktop is the wrong color, learn how to back up your data, and don't make us run in circles on your bloody little pet projects. Don't even get me started about personal printers/fax machines.
Please help metamoderate.
It could be that cost is the wrong focus. Advertising the lack of benefits might deter spammers. By now most people have a knee-jerk reaction to delete the stuff before ever seeing what's in it; therefore, it stands to reason that the cost of paying someone to send ads anonymously may now outweigh the payback. Posting some hard stats on that might get organizations to send less spam, or pay spammers less money, or fire some spammers - all of which could result in less spam.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
You can't just hit the delete button. You have to figure out that it's spam first. This involves viewing the message, reading at least part of it. If you're talking about someone that costs the company $60/hr (doesn't mean he takes that home, when you include overhead/ss/unemployment/insurance etc. a lot of people cost more than that to employ) that's $1 per minute, and a 'clever' spam that slips past your filters can take a minute to conclusively identify and delete.
Not to mention all the problems that are created when the filters catch the wrong mail...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
A number of people have responded "But I can delete spam really fast" etc.
claiming that the costs quoted seem way to high. What they don't estimate is
the full cost within an organization of dealing with a problem like spam which
is greatly increased by a number of factors:
1. Management get annoyed by spam and see it as a drain on their team's
time and want to do something about it: that costs time there for them---
because they are thinking about spam and not making widget X---and the IT
department of the company who has to respond to the manager's questions re:
what are we doing about this problem?
2. Not all employees are as sophisticated as the Slashdot crowd (can't believe
I said that) and so for them spam is a far greater time sink (== $$$). They
start wondering why they got the spam (especially when it's pornographic) and
wonder if they did something wrong or if someone is going to "find out". While
they think about spam they are not working.
3. Spam is a workplace nuisance for the HR department because offensive material
that enters the workplace becomes the employer's problem when people go to HR
to say that the employer should "do something" about the offensive material
(after all an employer would "protect" its employees from a calendar of nude
women or a harrassing coworker). More $$ spent in the time to complain and HR
doing something about it.
4. And finally there's the IT guy who bears the brunt trying to fight the battle
against spam when he's got plenty of other stuff to do. And so he buys expensive
software to deal with the problem. More $$ spent on his time and the software and
maintaining the software.
It's just a little more complicated than "can't people just delete the stuff". Even
people who say "just get tool XYZ" overlook the cost of deploying (to 1000s of
desktop machines), training employees (to use the thing) and maintaining it. That's
a very expensive proposition.
John.
Here's a different kind of cost though. I have always been careful with my email addresses and managed to avoid most spam. But now it has affected me. Because of spam, my block of IPs (Comcast) has been blacklisted by quite a few mail servers. I can still send email if I go through Comcast servers, but I'd rather send it directly, and to me it's sad to see locks and fences thrown up (the "taming of the wild west" if you will), in opposition to the peer-to-peer model that makes the Internet great, necessitated by spam.
That one had me confused as well.
The First Amendment says the government can not stop you from speaking out aginst the government.
If the government isnt the ones stopping the spam from getting to you, it does not voilate the amendment.
Anyone else can do so.
Additionally, the government CAN stop spam from reaching their own staff (IE their own mail server can use spam filters) as long as that mail server ONLY serves the workers and noone else.
The only way the first amendment is involved is if a non government related person attempts to say something to another non government related person, and a government related person steps in to prevent that from happening.
This is the main reason its so hard to pass a federal law to stop spam.
Spam can NOT be defined as a type of email for them to outlaw it.
They have to define it in another way that relates to an already criminal act.
This is why in some states (not nearly enough), it is already illegal to forge headers or use misleading subject lines.
But this is the only thing the first amendment prevents, is a law aginst spam directly. Doesnt prevent anyone else from stopping it.
Average it out - as it said in the story, if senior management gets a bee in their bonnet about spam they received, you could have several guys spending an hour or two doing whatever it takes to placate them.
Funny thing is that Viruses actually cost more than spam, yet these folks are worrying about spam.
I prefer the "u" in honour as it seems to be missing these days.
Anybody who says otherwise is BULLSHITTING.
The first amendment talks about Freedom of speech - freedom of the press. Nowhere does it permits anyone from using someone else's press, as spamming does by using someone else's computer/network ressources.
Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.
First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".
Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.
If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.
When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?
The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.
Because, I am a spammerhunter.
I disagree with this positive outlook on spam. Technically, Dr. Fader is right: the infrastructure grows because spam forces it to do so.
This is not productive growth to me, it's just fat. One needs more bandwidth and processing capability to manage spam. This capacity could be used for other avenues, or the money spent someplace else. This is bad economics - something along the lines of the broken window fallacy.
I do think spammers have made us think smarter about email (a good thing), but we have paid for that in many ways. There are no net gains here - at least not from my perspective.
Every case is going to be different, but response rates for junk mail are typically claimed in the 2-4 per thousand range,
.sig
and spam is estimated at 1-3 per ten thousand.
(A response is not a sale, but the response to sale ratios are fairly high - usually double digits.)
A full color piece of junk mail costs about $1.
A single spam costs less than $0.00001.
That $500,000 mail campain would have cost less than $5 if done through email.
That, in a nutshell, is the real problem with spam.
It doesn't have to work well because it's so cheap.
-- this is not a
I take it you don't have much spam, where you are...sure, $1 per message sounds like a lot, but my guess would be $.50: think of the _interruption_ time it involves. These (lucky, few) people with jobs are getting paid $50 a day or more, and have to stop what they're doing 'cause the 'you have mail' flag comes up. [No, they don't have to stop, but burn someone for not responding to the boss's mail in a hurry, and you'll see that recipient watching that flag like a TV set] And every time it's spam, he merely deletes it, and goes back to what he was working on. It really _does_ add up.
But as to spam coverage; I have sendmail check the RBLs before accepting mail, and that blocks in excess of 2,000 spams a day. Then spamassassin filters the rest, and I'm down to a mere several-hundred a day in the "Spam" folder. I'm not even a company. No one here is on AOL. People have no reason to think my penis is small, or my breast need enlargement, or that I'm in dire need of pharmaceuticals from Canada. I'm a guy, staying with his Mom, now that she's had a stroke.
Say what you will about the delete key, spam is outta control. I'm personally surprised that someone hasn't blown up some spammer's house thus far.
--- For a good time mail uce@ftc.gov
Some older people do not understand spam. I found my boss replying with individual, very professional messages to the spammers. His assistant, who is not as old as my boss, caught on and then went to me for help about it. She knew what spam was, but did not know how to deal with it.
The spam that slips past my filters is easy to identify, mark, report, and add to my bayesian corpus. It's the spam that DOESN'T make it past my filters that I have to pull up, display, and review, about 200 messages PER DAY (or 400-500 messages per sitting, since I review the trapped messages every other day.) This is the stuff that costs me time, since now I'm hunting for any good mail that might have been filtered in a sea of spam.
:(
I can't just purge all the trapped mail without reviewing it, because I do all my business online. I've whitelisted everyone I do business with on a normal basis, but new customers, customer support, and eBay notices go to the same address that gets heavily filtered (because they're public.) Public, in this case, means that the addresses have gotten spam (although they're not posted to the web, for obvious reasons.) This includes addresses that I don't use, but have been dictionary attacked.
The solution is obvious - I need to add more rules to be more selective about which messages to trap, and which messages to pass. However, that takes time...
"Spammers know they are going to be kicked off, so they won't pay their first few months' bill," said Craig Silliman, the legal director for MCI's network and facilities operation. "By the time you catch them, they turn into a net loss."
So, not only do they fail to act on SPAM reports, but they don't disconnect for failing to pay? What are they thinking? I mean, how long does it take to "catch" a SPAMMER on their own network?
The real "Libtards" are the Libertarians!
Now your mom doesn't want to check her mailbox at all anymore. But many people would just tell mom to call instead, since they no longer want to search for her letter amidst the toxic waste. And they certainly wouldn't send their kids down to stick their hand in the mailbox anymore with all those wrapped and unwrapped filthy needles.
People will stop wasting their time with email (as currently implemented), and thus this new form of communication will be strangled soon after its birth.
So let's say it takes five seconds to recognized and delete one message. That's not really significant, is it? But if you do the math, for someone who receives 100 per day, at minimum wage it works out to over $300 per year!
Ok, but someone who is getting paid minimum wage isn't gonna be docked for those wasted 500 seconds each day. Frankly, they should be. Then people would start caring more about spam and we would get a blue-collar army to rise up and get some real anti-spam laws passed.
Or, make it known to management (i.e. the ones who pay the people minimum wage) that spam is causing them to lose 500 seconds of productivity a day per worker, which means $300 in lost annual revenue for each worker they are employing. Maybe if all managers knew that, they'd be more inclined to throw money at the legislators to solve the spam problem. The only way to solve a problem in america is to throw money at it (it being those who can make laws to fix the problem). I know that sounds cynical, but if you think I'm wrong about that, please take your head out of your ass.
Stupid people make stupid things profitable.
All of our plans have a minimum of 5 included email accounts. We're not cheapasses, we cater to small business and sites that go beyond what would be better off on Geocities where they started.
We do provide a web form, but the fact that 2% of our customers use it over the email-based system does indicate that what you're suggesting is inconvenient for customers. In fact, the only customers we seem to find using the web system are the ones who have web-based mail, such as Yahoo or Hotmail.
And I understand completely -- it's much easier to open up your email client and fire out an email to tech support in 15 seconds that says "OMG HELP ME I CANT GET TO ANY WEBSITES AND MY EMAIL ISENT WORKING!!!!!!1111one" than it is to open up your web browser, navigate to the user login page, log in with SSL, find the support link, then fill in your "issue" and send.
While I hate spam as much as the next person, we (Americans in this case) have to look at it from a more legal and governmental nature. While alot of us would chomp at the bit to outlaw spam, set fines and jailtime for spammers, you have to look at what that would do to the laws over the internet. It would set a precident stating that the governments of the world HAVE CONTROL OVER THE INTERNET. This is bad... very very bad.
First of all, the first thing that would come out the door after the anti-spam laws would be taxes. That's right, taxes on E-mail, taxes on webpage badnwidth, taxes on everything. Why have they not done this yet? Because the governments cannot establish that they have any ruling or administrating connection to the internet, therefore they cannot tax it. Once an internet law is passed, taxes will follow.
After taxes will come modified libel(slander) laws, court cases over websites (i.e.: he has an anti-gay site, I'm sueing!!), next maybe even such things over e-mail and the like.
Passing any internet-based law would open the door for the government to get its paws on the one truly unmoderated frontier left in the world. They futz with it enough as it is, do we really need that?
Thinking outside the box is so big now that doing so is really putting youself back in the box. There is no box.
I used to work in the spam-filtering industry, so I saw a LOT of spam. I think my two favorites while I worked there were:
"I ride ze boat and I take it in ze poopah"
and
"Fill your pants with an elephantine schlong"
An "elephantine schlong"?! First off, who the hell uses the word "elephantine"?! Then to follow it up with the word "schlong"? This particular one was one of about 1000 possible permutations of subject lines for a particular penis-enlargement spam (ie they had a whole list of "Grow a", "Get a", "Please her with a", starting lines, followed by dozens of synonyms for "big", then dozens of slang words for "penis", and the mailer randomly built a subject line from them, common trick for spammers, though usually not too difficult to filter), but of all the possible permutations, the "elephantine schlong" was definitely the funniest IMO.
Of course, my favorite actual spam message of all time was the guy asking for a supplier of Acme flux capacitors and the mind warper. I haven't got a frigging clue how this spam ever made any money for anyone!
I hate reading about figures based on 'loss of productivity' and such crap.. By that logic I think we need to start sueing theaters for wasting my time with commercials, making the movie experience take longer than the running time... the city for doing road construction that made my commute longer.. telemarketers for interupting diner.. bulk mail companies for having to spend an extra 10 sec to find my bills and throw away the rest... basically anything in life that is slightly annoying.
:/
Hell... by that logic, computer workers that read slashdot daily must cost US biz. billions a year.
Take the cost of running a mail server. Hardware, upgrades, bandwidth, administration.
Multiply by 40-60%. This is the noise part of the signal-noise ratio that is e-mail. I'm sure you get the picture.
And that's if you don't even try to squelch the noise. Hardware and administration costs go up exponentially when you start diverting CPU time from sorting mail to filtering it.
Oh, and don't forget the problem is getting worse - exponentially.
It won't be long until 80-90% of the cost of running a mail server goes towards dealing with ads for things that would make the ACLU wish they hadn't fought the CDA. Now consider how much money Sprint spends on providing e-mail to their clients. And consider how Sprint would love to see 70-80% of that cost go away. I would imagine the next conservative administration would introduce legislation that would legalize the public flogging of spammers, just based on pressure from big business, nevermind the public.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Guess again. The company I work for has a filter in place but NOTHING (exception: virus infected files) is discarded until a human being has checked it and either released or deleted. No matter how good a Bayesian filter may be it's still not good enough to guarantee it won't quarantine a £24 million bid proposal by mistake. What if the person sending the proposal at 1am then heaves a sigh of relief because it's gone and shuts down before the quarantine warning mail gets back to them? With an unmonitored system this would go unnoticed until they next read their mail!
This is why we have someone monitoring the crap filter 24/7, it's not the only thing they are doing but every hour or so they'll go through the servers and release/delete the crap.
And for those who say "It's the users problem if they don't phone to check delivery or request a receipt!", you obviously don't work front line support :/
It's really about a bunch of senior executive yes-men overreacting. Usually what happens is something like this:
Exec: "Oh look, somebody is trying to extend my member. I hate spam."
Assistant: (takes mental note and walks into a neighbouring execs office, usually somebody in IT, and says) "--insert head hancho's name-- is getting deluged with spam, it's a real problem. Could we have somebody come up here and do something?"
IT Exec: "That's unfortunate, I'll see what I can do"
IT Exec: (calls personal friend in technical support (kiss-ass middle management), chats about golf, the latest corporate results, a couple real business related things, and adds: --insert head hancho's name-- is having a real problem with Spam, can we do anything?
Kiss-ass middle managment: (calls lower management of tech support) "--insert head hancho's name-- has a critical presentation to do and their computer won't work anymore! Send somebody up there quick! I don't care what they're doing, this takes priority, this is --insert head hancho's name--!"
Lower management to techie(this response can really vary): "--insert head hancho's name--'s computer is messed up, I need you to pop up and have a look. --kiss assed middle management-- is very concerned, so this is unfotunately high profile."
Techie, calls Assistant: "What's up?"
Assistant: "We're being killed with spam, --insert head hancho's name-- is furious, get up here now!"
Techie to Exec: "Hello, --assistant-- says you're being killed with spam, do you have any of it left?"
Exec: "No, I deleted it, don't worry about it"
Techie: "Next time you get one, hang on to it and we might be able to do something about it. --spout summarized corporate spam policy--. Do you need anything else?"
Exec: "No, that's all for now, thanks."
...and the end result is that everyone it the IT department thinks that the top exec doesn't know how to hit the delete key.
Not to say that there aren't technophobes in senior management, but in my experience, they're quick learners. Just tell them what to do and they'll remember. Often to your detriment.
The actual problem is the opportunity cost of the loss of legitimate email, both inbound and outbound. Files we send to customers often bounce back because attachments aren't allowed anymore (more of a virus thing than a spam thing, I suppose), requiring time to find alternatives (FTP or mail a CD?). Even emails without attachments are trapped by customer spam lists. Our mailserver has been unfairly blacklisted once or twice (some zealots put you on the list for sending an email circular to paying customers!) and as a result there are several customers we can't email at all. Emails customers send to us sometimes bounce back to them as spam -- this is the worst one, because we never even realise there's a problem unless they call us and complain (in which case it's always ourfault).
The real problem is that email is no longer a reliable means of communication. What is the value of a communication channel that loses many of its messages?