Slashdot Mirror
What Is The Real Cost of Spam?
securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."
how do they figure $1/msg? It maybe only takes me 10 seconds to alt-tab over to outlook and see that it's spam, delete it, and alt-tab back. let's see... that amounts to $360/hr! I wish I were making that kind of money! If it weren't for all this spam...
if they'd just get spambayes they wouldn't have this problem anymore. hardly any junk mail gets past spambayes...
That's not the fault of spam- that's the fault of whiny executives. Execs are always whining about efficiency, "making the sacrifice", cutting the fat...yet they're responsible for more productivity loss for most IT departments than other employees combined.
When 2-3 execs moved into the office I was supporting, they were a massive drain, killing my productivity- because any time even the slightest thing was wrong, we had to drop what we were doing, and rush to make the Big Baby happy.
Executives, hear this. One sure fire way to enhance the productivity of your IT staff is to learn how to use your #$!@ing email program, not complain when your desktop is the wrong color, learn how to back up your data, and don't make us run in circles on your bloody little pet projects. Don't even get me started about personal printers/fax machines.
Please help metamoderate.
It could be that cost is the wrong focus. Advertising the lack of benefits might deter spammers. By now most people have a knee-jerk reaction to delete the stuff before ever seeing what's in it; therefore, it stands to reason that the cost of paying someone to send ads anonymously may now outweigh the payback. Posting some hard stats on that might get organizations to send less spam, or pay spammers less money, or fire some spammers - all of which could result in less spam.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
You can't just hit the delete button. You have to figure out that it's spam first. This involves viewing the message, reading at least part of it. If you're talking about someone that costs the company $60/hr (doesn't mean he takes that home, when you include overhead/ss/unemployment/insurance etc. a lot of people cost more than that to employ) that's $1 per minute, and a 'clever' spam that slips past your filters can take a minute to conclusively identify and delete.
Not to mention all the problems that are created when the filters catch the wrong mail...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
A number of people have responded "But I can delete spam really fast" etc.
claiming that the costs quoted seem way to high. What they don't estimate is
the full cost within an organization of dealing with a problem like spam which
is greatly increased by a number of factors:
1. Management get annoyed by spam and see it as a drain on their team's
time and want to do something about it: that costs time there for them---
because they are thinking about spam and not making widget X---and the IT
department of the company who has to respond to the manager's questions re:
what are we doing about this problem?
2. Not all employees are as sophisticated as the Slashdot crowd (can't believe
I said that) and so for them spam is a far greater time sink (== $$$). They
start wondering why they got the spam (especially when it's pornographic) and
wonder if they did something wrong or if someone is going to "find out". While
they think about spam they are not working.
3. Spam is a workplace nuisance for the HR department because offensive material
that enters the workplace becomes the employer's problem when people go to HR
to say that the employer should "do something" about the offensive material
(after all an employer would "protect" its employees from a calendar of nude
women or a harrassing coworker). More $$ spent in the time to complain and HR
doing something about it.
4. And finally there's the IT guy who bears the brunt trying to fight the battle
against spam when he's got plenty of other stuff to do. And so he buys expensive
software to deal with the problem. More $$ spent on his time and the software and
maintaining the software.
It's just a little more complicated than "can't people just delete the stuff". Even
people who say "just get tool XYZ" overlook the cost of deploying (to 1000s of
desktop machines), training employees (to use the thing) and maintaining it. That's
a very expensive proposition.
John.
That one had me confused as well.
The First Amendment says the government can not stop you from speaking out aginst the government.
If the government isnt the ones stopping the spam from getting to you, it does not voilate the amendment.
Anyone else can do so.
Additionally, the government CAN stop spam from reaching their own staff (IE their own mail server can use spam filters) as long as that mail server ONLY serves the workers and noone else.
The only way the first amendment is involved is if a non government related person attempts to say something to another non government related person, and a government related person steps in to prevent that from happening.
This is the main reason its so hard to pass a federal law to stop spam.
Spam can NOT be defined as a type of email for them to outlaw it.
They have to define it in another way that relates to an already criminal act.
This is why in some states (not nearly enough), it is already illegal to forge headers or use misleading subject lines.
But this is the only thing the first amendment prevents, is a law aginst spam directly. Doesnt prevent anyone else from stopping it.
Funny thing is that Viruses actually cost more than spam, yet these folks are worrying about spam.
I prefer the "u" in honour as it seems to be missing these days.
Anybody who says otherwise is BULLSHITTING.
The first amendment talks about Freedom of speech - freedom of the press. Nowhere does it permits anyone from using someone else's press, as spamming does by using someone else's computer/network ressources.
Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.
First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".
Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.
If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.
When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?
The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.
Because, I am a spammerhunter.
Every case is going to be different, but response rates for junk mail are typically claimed in the 2-4 per thousand range,
.sig
and spam is estimated at 1-3 per ten thousand.
(A response is not a sale, but the response to sale ratios are fairly high - usually double digits.)
A full color piece of junk mail costs about $1.
A single spam costs less than $0.00001.
That $500,000 mail campain would have cost less than $5 if done through email.
That, in a nutshell, is the real problem with spam.
It doesn't have to work well because it's so cheap.
-- this is not a
Some older people do not understand spam. I found my boss replying with individual, very professional messages to the spammers. His assistant, who is not as old as my boss, caught on and then went to me for help about it. She knew what spam was, but did not know how to deal with it.
The spam that slips past my filters is easy to identify, mark, report, and add to my bayesian corpus. It's the spam that DOESN'T make it past my filters that I have to pull up, display, and review, about 200 messages PER DAY (or 400-500 messages per sitting, since I review the trapped messages every other day.) This is the stuff that costs me time, since now I'm hunting for any good mail that might have been filtered in a sea of spam.
:(
I can't just purge all the trapped mail without reviewing it, because I do all my business online. I've whitelisted everyone I do business with on a normal basis, but new customers, customer support, and eBay notices go to the same address that gets heavily filtered (because they're public.) Public, in this case, means that the addresses have gotten spam (although they're not posted to the web, for obvious reasons.) This includes addresses that I don't use, but have been dictionary attacked.
The solution is obvious - I need to add more rules to be more selective about which messages to trap, and which messages to pass. However, that takes time...
Now your mom doesn't want to check her mailbox at all anymore. But many people would just tell mom to call instead, since they no longer want to search for her letter amidst the toxic waste. And they certainly wouldn't send their kids down to stick their hand in the mailbox anymore with all those wrapped and unwrapped filthy needles.
People will stop wasting their time with email (as currently implemented), and thus this new form of communication will be strangled soon after its birth.
It's really about a bunch of senior executive yes-men overreacting. Usually what happens is something like this:
Exec: "Oh look, somebody is trying to extend my member. I hate spam."
Assistant: (takes mental note and walks into a neighbouring execs office, usually somebody in IT, and says) "--insert head hancho's name-- is getting deluged with spam, it's a real problem. Could we have somebody come up here and do something?"
IT Exec: "That's unfortunate, I'll see what I can do"
IT Exec: (calls personal friend in technical support (kiss-ass middle management), chats about golf, the latest corporate results, a couple real business related things, and adds: --insert head hancho's name-- is having a real problem with Spam, can we do anything?
Kiss-ass middle managment: (calls lower management of tech support) "--insert head hancho's name-- has a critical presentation to do and their computer won't work anymore! Send somebody up there quick! I don't care what they're doing, this takes priority, this is --insert head hancho's name--!"
Lower management to techie(this response can really vary): "--insert head hancho's name--'s computer is messed up, I need you to pop up and have a look. --kiss assed middle management-- is very concerned, so this is unfotunately high profile."
Techie, calls Assistant: "What's up?"
Assistant: "We're being killed with spam, --insert head hancho's name-- is furious, get up here now!"
Techie to Exec: "Hello, --assistant-- says you're being killed with spam, do you have any of it left?"
Exec: "No, I deleted it, don't worry about it"
Techie: "Next time you get one, hang on to it and we might be able to do something about it. --spout summarized corporate spam policy--. Do you need anything else?"
Exec: "No, that's all for now, thanks."
...and the end result is that everyone it the IT department thinks that the top exec doesn't know how to hit the delete key.
Not to say that there aren't technophobes in senior management, but in my experience, they're quick learners. Just tell them what to do and they'll remember. Often to your detriment.