What Is The Real Cost of Spam?

securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."

My own thoughts

[Phroggy]

here

Is this real money?

[eric434]

Or has this been calculated in the same way that they calculate money lost from 'piracy' and 'hacking'?

I can certainly see how spam costs real money in terms of bandwidth and all, but I'm wondering whether they actually did some research or just guessed.

84 seconds per spam?!

[mrand]

Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?

And the person quoted about the cost of setting up spam filters and following up on incorrect filtering seems to ignore the fact that the effort for this person to do this is spread across all the users... thousands of them (or tens or hundreds of thousands, in this case).

Marc

The real issue is not now, but tomorrow

[gorbachev]

The real issue about costs of spam is not what it costs today, but what it costs a year, two or 5 years from now, if it's not killed today.

The volume of spam is increasing exponentially. It will reach a point when it will start choking up Email entirely.

At that point it's too late.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death

This is an issue.

[AntiOrganic]

This is a big issue for me. I work for a web hosting company, and we had two options when it came down to dealing with spam:

Sift through hundreds, sometimes thousands of messages a day searching for legitimate technical support issues

Only accept email from addresses belonging to customers on file.

This has had a detrimental effect, and we often do get calls from customers saying their emails never got through and that they need to know which of their email addresses is on the account because they don't remember. This is inconvenient, and these measures may have led to the loss of a few customers for us. This isn't terrible, however, compared to spending hours a day sifting through spam, which would probably cost us more than the customers we lost.

This is still unacceptable.

Is spam even effective?

[YllabianBitPipe]

I wonder about the effectivity of Spam because I just chuck it all. I can't remember a single time I clicked on a spam email. Nobody I know gets any spam that's worthwhile in any regard.

I just read James Cramer's bio and he talks about how TheStreet.com did a bulk mailing that they paid $500,000 for it. End result? 5 subscribers. $100,000 per subscriber. That's a terrible conversion rate for junk mail. Now I know that was junk mail, not spam email, but I simply can't imagine the rates being all that much better for Spam.

I'd say one way to fight spam is have a "do not spam" registry ... like what's being done with telemarketers.

First Amendment rights my ass

[mudshark]

Since most, if not virtually all spam is commercial in nature, it is not protected by the First Amendment. Kind of like the whiny telemarketers suing the FCC -- nobody has a "right" to try and sell me anything, thanks. And use of a recipient-pays delivery model removes them even more from the collective good graces of everyone trying to wade out from under the deluge. So screw the bogus legal pretext and lets get on with some gruesome public executions.

Re:Senior management, ugh

[Tailhook]

This depends on just how "senior" your executive is. If you're dealing with the senior management of a struggling startup, you can have an indifferent attitude. On the other hand, if Rick Wagoner gets an add for "free porn" in his inbox, you can damn well bet all hell will break loose. If he gets spam it indicates a breakdown occurred in a chain of responsibilities shared by multiple highly paid people. I'd be mad too.

We need to move beyond email. If executive management is using email to do actual business then it needs to grow up. Messages need electronic signatures than can be examined and verified before a message is accessed. Getting a worthy signature needs to cost a bit of money. That's all it would take to kill spam. If you want to get a message to me I require that you pony up and get yourself a signature, otherwise, forget it. Send messages to people who like dysfunctional communication mechanisms.

Sensitive to First Amendment rights? BS!

[Skapare]

Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.

What kind of BS is that? No they do not.

IU and other public institutions are NOT lawmakers, nor are they free public resources. Now if individual students are doing the spamming, there may be some complexities to deal with, especially if other students are the targets of the spam. But public schools are not a resource that anyone may just freely use.

If the school does make certain facilities open for public use, then they do have to do so fairly. That means, for example, if a facility like a stadium is used for a convention by members of the public (and usually these are done on a basis of school use has first priority, student use second priority, and public use last and usually paid), then spammers would probably have to be given equal access as members of the public. So you might see a spammer's convention meeting there.

The real issues are:

• Students spamming students (and we might include faculty here, too) using school computing and/or network facilities.
• Students spamming the internet from school facilities.
• Spammers spamming students (ingress use of school facilities).

Does Kinkos have a right to post signs anywhere on school property to advertise their copying services to students? No! They must follow specific rules. There might be places designated for signs to be posted. The school newspaper might be advertising supported and Kinkos could buy ad space there. The school might even sell naming rights to the gymnasium to Kinkos (if they want to buy that). But there exists no free right for anyone, not even students or faculty, to come and commandeer any resource they wish for their own purposes.

Certainly this rules out students spamming the internet, and I would argue it also gives no one in the public any particular right to communicate with a student on the school's network, even if the student grants that permission by signing up for advertising. The school owns the property and it is generally well considered to not be public use property. The school is definitely not preventing people from using their own personal property/resources when that school restricts the ways the school's property/resources are used to be limited to what the mission of the school is.

It might be a whole different matter if a government entity were setting up a network, such as an open WiFi node, for anyone in the public to make use of. That is not what public institutions of higher learning do.