Slashdot Mirror
What Is The Real Cost of Spam?
securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."
here
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Well, yes, since the CEO needs to ask his assistant to ask a senior manager to ask the Spam Control Committee to ask a freshly-hired sysadmin to fucking hit his goddamn delete key. All that and more for just $50 million a year, plus golden parachute!
...which costs the company about $1 in lost productivity per message.
Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!
Or has this been calculated in the same way that they calculate money lost from 'piracy' and 'hacking'?
I can certainly see how spam costs real money in terms of bandwidth and all, but I'm wondering whether they actually did some research or just guessed.
This
Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?
And the person quoted about the cost of setting up spam filters and following up on incorrect filtering seems to ignore the fact that the effort for this person to do this is spread across all the users... thousands of them (or tens or hundreds of thousands, in this case).
Marc
-- PGP keyID: 0x4C95994D
how do they figure $1/msg? It maybe only takes me 10 seconds to alt-tab over to outlook and see that it's spam, delete it, and alt-tab back. let's see... that amounts to $360/hr! I wish I were making that kind of money! If it weren't for all this spam...
if they'd just get spambayes they wouldn't have this problem anymore. hardly any junk mail gets past spambayes...
The real issue about costs of spam is not what it costs today, but what it costs a year, two or 5 years from now, if it's not killed today.
The volume of spam is increasing exponentially. It will reach a point when it will start choking up Email entirely.
At that point it's too late.
Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death
In Soviet Russia, I ruled you
Sift through hundreds, sometimes thousands of messages a day searching for legitimate technical support issues
Only accept email from addresses belonging to customers on file.
This has had a detrimental effect, and we often do get calls from customers saying their emails never got through and that they need to know which of their email addresses is on the account because they don't remember. This is inconvenient, and these measures may have led to the loss of a few customers for us. This isn't terrible, however, compared to spending hours a day sifting through spam, which would probably cost us more than the customers we lost.
This is still unacceptable.
Spam has cost me over $10,000, and my dick STILL isn't any bigger.
I wonder about the effectivity of Spam because I just chuck it all. I can't remember a single time I clicked on a spam email. Nobody I know gets any spam that's worthwhile in any regard.
I just read James Cramer's bio and he talks about how TheStreet.com did a bulk mailing that they paid $500,000 for it. End result? 5 subscribers. $100,000 per subscriber. That's a terrible conversion rate for junk mail. Now I know that was junk mail, not spam email, but I simply can't imagine the rates being all that much better for Spam.
I'd say one way to fight spam is have a "do not spam" registry ... like what's being done with telemarketers.
That's not the fault of spam- that's the fault of whiny executives. Execs are always whining about efficiency, "making the sacrifice", cutting the fat...yet they're responsible for more productivity loss for most IT departments than other employees combined.
When 2-3 execs moved into the office I was supporting, they were a massive drain, killing my productivity- because any time even the slightest thing was wrong, we had to drop what we were doing, and rush to make the Big Baby happy.
Executives, hear this. One sure fire way to enhance the productivity of your IT staff is to learn how to use your #$!@ing email program, not complain when your desktop is the wrong color, learn how to back up your data, and don't make us run in circles on your bloody little pet projects. Don't even get me started about personal printers/fax machines.
Please help metamoderate.
Since most, if not virtually all spam is commercial in nature, it is not protected by the First Amendment. Kind of like the whiny telemarketers suing the FCC -- nobody has a "right" to try and sell me anything, thanks. And use of a recipient-pays delivery model removes them even more from the collective good graces of everyone trying to wade out from under the deluge. So screw the bogus legal pretext and lets get on with some gruesome public executions.
In other news, astrophysicists have announced that they now know what all that dark matter is: it's stupidity.
It could be that cost is the wrong focus. Advertising the lack of benefits might deter spammers. By now most people have a knee-jerk reaction to delete the stuff before ever seeing what's in it; therefore, it stands to reason that the cost of paying someone to send ads anonymously may now outweigh the payback. Posting some hard stats on that might get organizations to send less spam, or pay spammers less money, or fire some spammers - all of which could result in less spam.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
A number of people have responded "But I can delete spam really fast" etc.
claiming that the costs quoted seem way to high. What they don't estimate is
the full cost within an organization of dealing with a problem like spam which
is greatly increased by a number of factors:
1. Management get annoyed by spam and see it as a drain on their team's
time and want to do something about it: that costs time there for them---
because they are thinking about spam and not making widget X---and the IT
department of the company who has to respond to the manager's questions re:
what are we doing about this problem?
2. Not all employees are as sophisticated as the Slashdot crowd (can't believe
I said that) and so for them spam is a far greater time sink (== $$$). They
start wondering why they got the spam (especially when it's pornographic) and
wonder if they did something wrong or if someone is going to "find out". While
they think about spam they are not working.
3. Spam is a workplace nuisance for the HR department because offensive material
that enters the workplace becomes the employer's problem when people go to HR
to say that the employer should "do something" about the offensive material
(after all an employer would "protect" its employees from a calendar of nude
women or a harrassing coworker). More $$ spent in the time to complain and HR
doing something about it.
4. And finally there's the IT guy who bears the brunt trying to fight the battle
against spam when he's got plenty of other stuff to do. And so he buys expensive
software to deal with the problem. More $$ spent on his time and the software and
maintaining the software.
It's just a little more complicated than "can't people just delete the stuff". Even
people who say "just get tool XYZ" overlook the cost of deploying (to 1000s of
desktop machines), training employees (to use the thing) and maintaining it. That's
a very expensive proposition.
John.
But yes, execs do sometimes need handholding. Years ago, while I was still doing sysadmin, the head of one of the neighboring departments would ask me for help when his Mac wouldn't print. Hey, I was a Unix guy, not a Mac guy, though if they'd gotten me a Mac I'd have been quite happy - but 95% of the time it was a matter of rebooting the network printer frob a couple of times and it'd work....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Wow. Marriage sure has changed you, CmdrTaco!
Do you even lift?
These aren't the 'roids you're looking for.
Funny thing is that Viruses actually cost more than spam, yet these folks are worrying about spam.
I prefer the "u" in honour as it seems to be missing these days.
Anybody who says otherwise is BULLSHITTING.
The first amendment talks about Freedom of speech - freedom of the press. Nowhere does it permits anyone from using someone else's press, as spamming does by using someone else's computer/network ressources.
Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.
First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".
Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.
If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.
When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?
The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.
Because, I am a spammerhunter.
I'm pulling these numbers partly from my experience and partly from my ass.
Average user at work receives ~ 10 spam messages per day, with our spam filters catching 80%, so the user receives 2 per day.
I figure you can classify spam messages into 3 types which require varying amount of effort to determine when to delete them.
First, you have obvious spam that can be deleted by reading the subject. I figure that 25% that get though spam filters are this type. Let's say they require 5 seconds to read/delete.
Second type requires the user opening the message and reading the contents. Let's say 70% are this type and require 15 seconds.
The last type are the ones that confuse users or they think they are legit. These are the messages that users will reply to, talk to their coworkers about, or forward to IS to be verified. This would be the remaining 5% and require 5 minutes (300 seconds) of time.
With those numbers, the users spend 27 seconds per message or 54 seconds per day.
Per year, that is 5.475 hours. If the average cost of a user (pay + benefits) is $30/hour then the annual cost for spam per user is $164.25/year or $0.225/spam.
Now, we are running spam software in this situation. Figure that the spam software cost $10/user/year in licensing, and an additional $10/user/year in hardware or administrative costs. I'm also assuming that the spam load on our mail servers is minimal enough that the costs involved there are insignificant.
That puts the total now at $184.25/year. However, without antispam software, that total would sky rocket to $821.25/year since the user would have to deal with 5x the spam. Of course, this may be high since there will probably a larger percentage of those 5-seconds-to-delete messages.
About the only interesting thing about these BS numbers is that the lower one ($184) is close to Ferris Research's estimate of $168/year; while the higher number ($821) is close to Nucleus Research's $874/year.
ÕÕ
Next question?
-- Stamp out entropy. ->dryguy@bellsloth.net
Now your mom doesn't want to check her mailbox at all anymore. But many people would just tell mom to call instead, since they no longer want to search for her letter amidst the toxic waste. And they certainly wouldn't send their kids down to stick their hand in the mailbox anymore with all those wrapped and unwrapped filthy needles.
People will stop wasting their time with email (as currently implemented), and thus this new form of communication will be strangled soon after its birth.
Just as commercials on television pay for the programming you get to enjoy, advertisements in email are there to defray the cost of the email infrastructure. If you don't take the time to read these short, unintrusive messages, advertisers will be unwilling to pay to advertise on the internet. Who then will pay for the email system you take for granted?
The evasion of commercial email is a serious ethical, moral, and legal issue. Users caught implementing "filters" to evade their responsibilities could face an expensive lawsuit or even jail time.
We as a society must learn to respect the copyrights and first amendment rights of bulk emailers, many of whom struggle to put food on the table for their families. To summarize:
1. Commercial email deletion is a serious moral and legal issue.
2. "Everyone does it" or "I didn't know it was illegal to filter spam" are not valid excuses.
3. Filter users could face an expensive lawsuit or even jail time. To avoid this threat, just delete all spam filtering software you may have installed on your computer.
4. We will not rest until this insidious form of electronic shoplifting is eradicated for good.
What kind of BS is that? No they do not.
IU and other public institutions are NOT lawmakers, nor are they free public resources. Now if individual students are doing the spamming, there may be some complexities to deal with, especially if other students are the targets of the spam. But public schools are not a resource that anyone may just freely use.
If the school does make certain facilities open for public use, then they do have to do so fairly. That means, for example, if a facility like a stadium is used for a convention by members of the public (and usually these are done on a basis of school use has first priority, student use second priority, and public use last and usually paid), then spammers would probably have to be given equal access as members of the public. So you might see a spammer's convention meeting there.
The real issues are:
Does Kinkos have a right to post signs anywhere on school property to advertise their copying services to students? No! They must follow specific rules. There might be places designated for signs to be posted. The school newspaper might be advertising supported and Kinkos could buy ad space there. The school might even sell naming rights to the gymnasium to Kinkos (if they want to buy that). But there exists no free right for anyone, not even students or faculty, to come and commandeer any resource they wish for their own purposes.
Certainly this rules out students spamming the internet, and I would argue it also gives no one in the public any particular right to communicate with a student on the school's network, even if the student grants that permission by signing up for advertising. The school owns the property and it is generally well considered to not be public use property. The school is definitely not preventing people from using their own personal property/resources when that school restricts the ways the school's property/resources are used to be limited to what the mission of the school is.
It might be a whole different matter if a government entity were setting up a network, such as an open WiFi node, for anyone in the public to make use of. That is not what public institutions of higher learning do.
now we need to go OSS in diesel cars
Well, if the spammers are costing more money than they are generating then they too are hurting the economy, and rules need to be made to regulate them.
The whole 'frea speach' issue is a red herring, used by spammers to make stupid people take pause before doing something.
The first amendment guarantees the right to say whatever you want, but it does not guarantee the right to use other people's resources to say it.
There is NO first amendment issue regarding spam.
If people would set up their email servers correctly, I could eliminate 99% of the spam from my systems. Unfortunately, a bunch of administrators seem to feel that they do not actually have to configure their systems correctly. If I want to be able to receive mail from them, then I need to open my server up and allow misconfigured servers to talk to it. Guess who has the majority of (usually intentionally) misconfigured servers. You guessed it, spammers.
Getting rid of spam is simple. Stop bitching about it and fix your own damned mail server.
Do you:
Just my two cents.
-sirket
The lost productivity due to spam is inconsequential compared to the lost productivity due to Slashdot.
http://yetanotherpoliticalrant.blogspot.com
I can say that spam does cost. Many calls I get have me spending time walking clueless people through the steps necessary to enable the server-side spam filter and the client-side mail rules.
It doesn't end there, either. From what users are saying, it seems like spammers trade their mailing lists which cause users to recieve increasing amounts of spam. Some users complain that it takes too long to download the spam. I kindly remind them that not only does our mail server have to download the mail but also transmit the mail to them.
Figure you are on a bit of mailing lists, and you receive 500K of spam per day (some messages are html with images). The ISP has to use 1000k (say a megabyte) for that user. Multiply that by 4,000 users, and you have 4 GB of data transfer. Think of it as a T1 simultaneously using maximum up and down bandwidth for almost THREE HOURS.
That is not even mentioning the users who get on a billion mailing lists and never check their mail/delete their messages. Say (a conservative figure) 50 users got 500K of spam per day. That's almost 750 MB/month. 9 gigs of hard drive gone in the name of unread spam in a year. It all adds up folks.
Screw the Do-Not-Call list, I would rather have had a Do-Not-Email list _first_. When an occasional telemarketer calls my home or my workplace, there is a ~30 second distraction. End of story. Nothing like a day of 20 minute phone calls walking users through setting up spam filters and explaining to them why they get so much spam. Although my job is a part-time one, I figure around $150 in labor is paid by both parties per day (the ISP and customers) to set up a *workaround* (which sometimes isn't enough for high-volume victims of spam).
It's really about a bunch of senior executive yes-men overreacting. Usually what happens is something like this:
Exec: "Oh look, somebody is trying to extend my member. I hate spam."
Assistant: (takes mental note and walks into a neighbouring execs office, usually somebody in IT, and says) "--insert head hancho's name-- is getting deluged with spam, it's a real problem. Could we have somebody come up here and do something?"
IT Exec: "That's unfortunate, I'll see what I can do"
IT Exec: (calls personal friend in technical support (kiss-ass middle management), chats about golf, the latest corporate results, a couple real business related things, and adds: --insert head hancho's name-- is having a real problem with Spam, can we do anything?
Kiss-ass middle managment: (calls lower management of tech support) "--insert head hancho's name-- has a critical presentation to do and their computer won't work anymore! Send somebody up there quick! I don't care what they're doing, this takes priority, this is --insert head hancho's name--!"
Lower management to techie(this response can really vary): "--insert head hancho's name--'s computer is messed up, I need you to pop up and have a look. --kiss assed middle management-- is very concerned, so this is unfotunately high profile."
Techie, calls Assistant: "What's up?"
Assistant: "We're being killed with spam, --insert head hancho's name-- is furious, get up here now!"
Techie to Exec: "Hello, --assistant-- says you're being killed with spam, do you have any of it left?"
Exec: "No, I deleted it, don't worry about it"
Techie: "Next time you get one, hang on to it and we might be able to do something about it. --spout summarized corporate spam policy--. Do you need anything else?"
Exec: "No, that's all for now, thanks."
...and the end result is that everyone it the IT department thinks that the top exec doesn't know how to hit the delete key.
Not to say that there aren't technophobes in senior management, but in my experience, they're quick learners. Just tell them what to do and they'll remember. Often to your detriment.