Slashdot Mirror
What Is The Real Cost of Spam?
securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."
here
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Or has this been calculated in the same way that they calculate money lost from 'piracy' and 'hacking'?
I can certainly see how spam costs real money in terms of bandwidth and all, but I'm wondering whether they actually did some research or just guessed.
This
Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?
And the person quoted about the cost of setting up spam filters and following up on incorrect filtering seems to ignore the fact that the effort for this person to do this is spread across all the users... thousands of them (or tens or hundreds of thousands, in this case).
Marc
-- PGP keyID: 0x4C95994D
The real issue about costs of spam is not what it costs today, but what it costs a year, two or 5 years from now, if it's not killed today.
The volume of spam is increasing exponentially. It will reach a point when it will start choking up Email entirely.
At that point it's too late.
Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death
In Soviet Russia, I ruled you
Sift through hundreds, sometimes thousands of messages a day searching for legitimate technical support issues
Only accept email from addresses belonging to customers on file.
This has had a detrimental effect, and we often do get calls from customers saying their emails never got through and that they need to know which of their email addresses is on the account because they don't remember. This is inconvenient, and these measures may have led to the loss of a few customers for us. This isn't terrible, however, compared to spending hours a day sifting through spam, which would probably cost us more than the customers we lost.
This is still unacceptable.
I wonder about the effectivity of Spam because I just chuck it all. I can't remember a single time I clicked on a spam email. Nobody I know gets any spam that's worthwhile in any regard.
I just read James Cramer's bio and he talks about how TheStreet.com did a bulk mailing that they paid $500,000 for it. End result? 5 subscribers. $100,000 per subscriber. That's a terrible conversion rate for junk mail. Now I know that was junk mail, not spam email, but I simply can't imagine the rates being all that much better for Spam.
I'd say one way to fight spam is have a "do not spam" registry ... like what's being done with telemarketers.
Since most, if not virtually all spam is commercial in nature, it is not protected by the First Amendment. Kind of like the whiny telemarketers suing the FCC -- nobody has a "right" to try and sell me anything, thanks. And use of a recipient-pays delivery model removes them even more from the collective good graces of everyone trying to wade out from under the deluge. So screw the bogus legal pretext and lets get on with some gruesome public executions.
In other news, astrophysicists have announced that they now know what all that dark matter is: it's stupidity.
But yes, execs do sometimes need handholding. Years ago, while I was still doing sysadmin, the head of one of the neighboring departments would ask me for help when his Mac wouldn't print. Hey, I was a Unix guy, not a Mac guy, though if they'd gotten me a Mac I'd have been quite happy - but 95% of the time it was a matter of rebooting the network printer frob a couple of times and it'd work....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This depends on just how "senior" your executive is. If you're dealing with the senior management of a struggling startup, you can have an indifferent attitude. On the other hand, if Rick Wagoner gets an add for "free porn" in his inbox, you can damn well bet all hell will break loose. If he gets spam it indicates a breakdown occurred in a chain of responsibilities shared by multiple highly paid people. I'd be mad too.
We need to move beyond email. If executive management is using email to do actual business then it needs to grow up. Messages need electronic signatures than can be examined and verified before a message is accessed. Getting a worthy signature needs to cost a bit of money. That's all it would take to kill spam. If you want to get a message to me I require that you pony up and get yourself a signature, otherwise, forget it. Send messages to people who like dysfunctional communication mechanisms.
Maw! Fire up the karma burner!
I'm pulling these numbers partly from my experience and partly from my ass.
Average user at work receives ~ 10 spam messages per day, with our spam filters catching 80%, so the user receives 2 per day.
I figure you can classify spam messages into 3 types which require varying amount of effort to determine when to delete them.
First, you have obvious spam that can be deleted by reading the subject. I figure that 25% that get though spam filters are this type. Let's say they require 5 seconds to read/delete.
Second type requires the user opening the message and reading the contents. Let's say 70% are this type and require 15 seconds.
The last type are the ones that confuse users or they think they are legit. These are the messages that users will reply to, talk to their coworkers about, or forward to IS to be verified. This would be the remaining 5% and require 5 minutes (300 seconds) of time.
With those numbers, the users spend 27 seconds per message or 54 seconds per day.
Per year, that is 5.475 hours. If the average cost of a user (pay + benefits) is $30/hour then the annual cost for spam per user is $164.25/year or $0.225/spam.
Now, we are running spam software in this situation. Figure that the spam software cost $10/user/year in licensing, and an additional $10/user/year in hardware or administrative costs. I'm also assuming that the spam load on our mail servers is minimal enough that the costs involved there are insignificant.
That puts the total now at $184.25/year. However, without antispam software, that total would sky rocket to $821.25/year since the user would have to deal with 5x the spam. Of course, this may be high since there will probably a larger percentage of those 5-seconds-to-delete messages.
About the only interesting thing about these BS numbers is that the lower one ($184) is close to Ferris Research's estimate of $168/year; while the higher number ($821) is close to Nucleus Research's $874/year.
ÕÕ
What kind of BS is that? No they do not.
IU and other public institutions are NOT lawmakers, nor are they free public resources. Now if individual students are doing the spamming, there may be some complexities to deal with, especially if other students are the targets of the spam. But public schools are not a resource that anyone may just freely use.
If the school does make certain facilities open for public use, then they do have to do so fairly. That means, for example, if a facility like a stadium is used for a convention by members of the public (and usually these are done on a basis of school use has first priority, student use second priority, and public use last and usually paid), then spammers would probably have to be given equal access as members of the public. So you might see a spammer's convention meeting there.
The real issues are:
Does Kinkos have a right to post signs anywhere on school property to advertise their copying services to students? No! They must follow specific rules. There might be places designated for signs to be posted. The school newspaper might be advertising supported and Kinkos could buy ad space there. The school might even sell naming rights to the gymnasium to Kinkos (if they want to buy that). But there exists no free right for anyone, not even students or faculty, to come and commandeer any resource they wish for their own purposes.
Certainly this rules out students spamming the internet, and I would argue it also gives no one in the public any particular right to communicate with a student on the school's network, even if the student grants that permission by signing up for advertising. The school owns the property and it is generally well considered to not be public use property. The school is definitely not preventing people from using their own personal property/resources when that school restricts the ways the school's property/resources are used to be limited to what the mission of the school is.
It might be a whole different matter if a government entity were setting up a network, such as an open WiFi node, for anyone in the public to make use of. That is not what public institutions of higher learning do.
now we need to go OSS in diesel cars
I can say that spam does cost. Many calls I get have me spending time walking clueless people through the steps necessary to enable the server-side spam filter and the client-side mail rules.
It doesn't end there, either. From what users are saying, it seems like spammers trade their mailing lists which cause users to recieve increasing amounts of spam. Some users complain that it takes too long to download the spam. I kindly remind them that not only does our mail server have to download the mail but also transmit the mail to them.
Figure you are on a bit of mailing lists, and you receive 500K of spam per day (some messages are html with images). The ISP has to use 1000k (say a megabyte) for that user. Multiply that by 4,000 users, and you have 4 GB of data transfer. Think of it as a T1 simultaneously using maximum up and down bandwidth for almost THREE HOURS.
That is not even mentioning the users who get on a billion mailing lists and never check their mail/delete their messages. Say (a conservative figure) 50 users got 500K of spam per day. That's almost 750 MB/month. 9 gigs of hard drive gone in the name of unread spam in a year. It all adds up folks.
Screw the Do-Not-Call list, I would rather have had a Do-Not-Email list _first_. When an occasional telemarketer calls my home or my workplace, there is a ~30 second distraction. End of story. Nothing like a day of 20 minute phone calls walking users through setting up spam filters and explaining to them why they get so much spam. Although my job is a part-time one, I figure around $150 in labor is paid by both parties per day (the ISP and customers) to set up a *workaround* (which sometimes isn't enough for high-volume victims of spam).