Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Is The Real Cost of Spam?

Posted by timothy on from the human-depravity dept.

securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."

32 of 316 comments (clear)

  1. My own thoughts by Phroggy · · Score: 5, Interesting

    here

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  2. PHB Gets Spammed by Anonymous Coward · · Score: 5, Funny
    The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain."

    Well, yes, since the CEO needs to ask his assistant to ask a senior manager to ask the Spam Control Committee to ask a freshly-hired sysadmin to fucking hit his goddamn delete key. All that and more for just $50 million a year, plus golden parachute!

    1. Re:PHB Gets Spammed by mwolff · · Score: 5, Insightful

      Some older people do not understand spam. I found my boss replying with individual, very professional messages to the spammers. His assistant, who is not as old as my boss, caught on and then went to me for help about it. She knew what spam was, but did not know how to deal with it.

  3. A dollar a message by perimorph · · Score: 5, Funny

    ...which costs the company about $1 in lost productivity per message.

    Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!

    1. Re:A dollar a message by Threni · · Score: 5, Funny

      "Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!"

      Well, in my dreams that'd be the job description for a vacancy at the Patent Office but I don't see that particular dream coming true any time soon.

    2. Re:A dollar a message by Arker · · Score: 4, Insightful

      You can't just hit the delete button. You have to figure out that it's spam first. This involves viewing the message, reading at least part of it. If you're talking about someone that costs the company $60/hr (doesn't mean he takes that home, when you include overhead/ss/unemployment/insurance etc. a lot of people cost more than that to employ) that's $1 per minute, and a 'clever' spam that slips past your filters can take a minute to conclusively identify and delete.

      Not to mention all the problems that are created when the filters catch the wrong mail...

      --
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-
      Friends don't let friends enable ecmascript.
    3. Re:A dollar a message by wo1verin3 · · Score: 4, Funny

      >> It doesn't take me 60 seconds to determine
      >> that "v1agra no prescr1ption needed" is spam

      Maybe it doesn't take you, but it takes me about 120 to make sure that isn't MY viagra supplier.

    4. Re:A dollar a message by silentbozo · · Score: 4, Insightful

      The spam that slips past my filters is easy to identify, mark, report, and add to my bayesian corpus. It's the spam that DOESN'T make it past my filters that I have to pull up, display, and review, about 200 messages PER DAY (or 400-500 messages per sitting, since I review the trapped messages every other day.) This is the stuff that costs me time, since now I'm hunting for any good mail that might have been filtered in a sea of spam.

      I can't just purge all the trapped mail without reviewing it, because I do all my business online. I've whitelisted everyone I do business with on a normal basis, but new customers, customer support, and eBay notices go to the same address that gets heavily filtered (because they're public.) Public, in this case, means that the addresses have gotten spam (although they're not posted to the web, for obvious reasons.) This includes addresses that I don't use, but have been dictionary attacked.

      The solution is obvious - I need to add more rules to be more selective about which messages to trap, and which messages to pass. However, that takes time... :(

    5. Re:A dollar a message by Jade+E.+2 · · Score: 4, Funny
      Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!

      That would be the job of the person receiving your resumes.

  4. Is this real money? by eric434 · · Score: 4, Interesting

    Or has this been calculated in the same way that they calculate money lost from 'piracy' and 'hacking'?

    I can certainly see how spam costs real money in terms of bandwidth and all, but I'm wondering whether they actually did some research or just guessed.

    --
    This .sig temporary until a better .sig can be constructed.
  5. 84 seconds per spam?! by mrand · · Score: 5, Interesting

    Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?

    And the person quoted about the cost of setting up spam filters and following up on incorrect filtering seems to ignore the fact that the effort for this person to do this is spread across all the users... thousands of them (or tens or hundreds of thousands, in this case).

    Marc

    --
    -- PGP keyID: 0x4C95994D
  6. The real issue is not now, but tomorrow by gorbachev · · Score: 4, Interesting

    The real issue about costs of spam is not what it costs today, but what it costs a year, two or 5 years from now, if it's not killed today.

    The volume of spam is increasing exponentially. It will reach a point when it will start choking up Email entirely.

    At that point it's too late.

    Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death

    --
    In Soviet Russia, I ruled you
  7. This is an issue. by AntiOrganic · · Score: 5, Interesting
    This is a big issue for me. I work for a web hosting company, and we had two options when it came down to dealing with spam:

    Sift through hundreds, sometimes thousands of messages a day searching for legitimate technical support issues

    Only accept email from addresses belonging to customers on file.

    This has had a detrimental effect, and we often do get calls from customers saying their emails never got through and that they need to know which of their email addresses is on the account because they don't remember. This is inconvenient, and these measures may have led to the loss of a few customers for us. This isn't terrible, however, compared to spending hours a day sifting through spam, which would probably cost us more than the customers we lost.

    This is still unacceptable.

  8. It's cost me a lot by geekd · · Score: 5, Funny

    Spam has cost me over $10,000, and my dick STILL isn't any bigger.

  9. Is spam even effective? by YllabianBitPipe · · Score: 4, Interesting

    I wonder about the effectivity of Spam because I just chuck it all. I can't remember a single time I clicked on a spam email. Nobody I know gets any spam that's worthwhile in any regard.

    I just read James Cramer's bio and he talks about how TheStreet.com did a bulk mailing that they paid $500,000 for it. End result? 5 subscribers. $100,000 per subscriber. That's a terrible conversion rate for junk mail. Now I know that was junk mail, not spam email, but I simply can't imagine the rates being all that much better for Spam.

    I'd say one way to fight spam is have a "do not spam" registry ... like what's being done with telemarketers.

    1. Re:Is spam even effective? by AnotherBlackHat · · Score: 4, Insightful

      Every case is going to be different, but response rates for junk mail are typically claimed in the 2-4 per thousand range,
      and spam is estimated at 1-3 per ten thousand.
      (A response is not a sale, but the response to sale ratios are fairly high - usually double digits.)

      A full color piece of junk mail costs about $1.
      A single spam costs less than $0.00001.
      That $500,000 mail campain would have cost less than $5 if done through email.

      That, in a nutshell, is the real problem with spam.
      It doesn't have to work well because it's so cheap.

      -- this is not a .sig

  10. Senior management, ugh by SuperBanana · · Score: 5, Insightful
    "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain."

    That's not the fault of spam- that's the fault of whiny executives. Execs are always whining about efficiency, "making the sacrifice", cutting the fat...yet they're responsible for more productivity loss for most IT departments than other employees combined.

    When 2-3 execs moved into the office I was supporting, they were a massive drain, killing my productivity- because any time even the slightest thing was wrong, we had to drop what we were doing, and rush to make the Big Baby happy.

    Executives, hear this. One sure fire way to enhance the productivity of your IT staff is to learn how to use your #$!@ing email program, not complain when your desktop is the wrong color, learn how to back up your data, and don't make us run in circles on your bloody little pet projects. Don't even get me started about personal printers/fax machines.

    --
    Please help metamoderate.
    1. Re:Senior management, ugh by Tailhook · · Score: 4, Interesting

      This depends on just how "senior" your executive is. If you're dealing with the senior management of a struggling startup, you can have an indifferent attitude. On the other hand, if Rick Wagoner gets an add for "free porn" in his inbox, you can damn well bet all hell will break loose. If he gets spam it indicates a breakdown occurred in a chain of responsibilities shared by multiple highly paid people. I'd be mad too.

      We need to move beyond email. If executive management is using email to do actual business then it needs to grow up. Messages need electronic signatures than can be examined and verified before a message is accessed. Getting a worthy signature needs to cost a bit of money. That's all it would take to kill spam. If you want to get a message to me I require that you pony up and get yourself a signature, otherwise, forget it. Send messages to people who like dysfunctional communication mechanisms.

      --
      Maw! Fire up the karma burner!
  11. First Amendment rights my ass by mudshark · · Score: 5, Interesting

    Since most, if not virtually all spam is commercial in nature, it is not protected by the First Amendment. Kind of like the whiny telemarketers suing the FCC -- nobody has a "right" to try and sell me anything, thanks. And use of a recipient-pays delivery model removes them even more from the collective good graces of everyone trying to wade out from under the deluge. So screw the bogus legal pretext and lets get on with some gruesome public executions.

    --
    In other news, astrophysicists have announced that they now know what all that dark matter is: it's stupidity.
    1. Re:First Amendment rights my ass by dissy · · Score: 4, Insightful

      That one had me confused as well.
      The First Amendment says the government can not stop you from speaking out aginst the government.

      If the government isnt the ones stopping the spam from getting to you, it does not voilate the amendment.
      Anyone else can do so.

      Additionally, the government CAN stop spam from reaching their own staff (IE their own mail server can use spam filters) as long as that mail server ONLY serves the workers and noone else.

      The only way the first amendment is involved is if a non government related person attempts to say something to another non government related person, and a government related person steps in to prevent that from happening.

      This is the main reason its so hard to pass a federal law to stop spam.
      Spam can NOT be defined as a type of email for them to outlaw it.
      They have to define it in another way that relates to an already criminal act.

      This is why in some states (not nearly enough), it is already illegal to forge headers or use misleading subject lines.

      But this is the only thing the first amendment prevents, is a law aginst spam directly. Doesnt prevent anyone else from stopping it.

  12. Cost/Benefit by Killer+Eye · · Score: 4, Insightful

    It could be that cost is the wrong focus. Advertising the lack of benefits might deter spammers. By now most people have a knee-jerk reaction to delete the stuff before ever seeing what's in it; therefore, it stands to reason that the cost of paying someone to send ads anonymously may now outweigh the payback. Posting some hard stats on that might get organizations to send less spam, or pay spammers less money, or fire some spammers - all of which could result in less spam.

    --
    "Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
  13. Where the dollars are... by JohnGrahamCumming · · Score: 5, Insightful

    A number of people have responded "But I can delete spam really fast" etc.
    claiming that the costs quoted seem way to high. What they don't estimate is
    the full cost within an organization of dealing with a problem like spam which
    is greatly increased by a number of factors:

    1. Management get annoyed by spam and see it as a drain on their team's
    time and want to do something about it: that costs time there for them---
    because they are thinking about spam and not making widget X---and the IT
    department of the company who has to respond to the manager's questions re:
    what are we doing about this problem?

    2. Not all employees are as sophisticated as the Slashdot crowd (can't believe
    I said that) and so for them spam is a far greater time sink (== $$$). They
    start wondering why they got the spam (especially when it's pornographic) and
    wonder if they did something wrong or if someone is going to "find out". While
    they think about spam they are not working.

    3. Spam is a workplace nuisance for the HR department because offensive material
    that enters the workplace becomes the employer's problem when people go to HR
    to say that the employer should "do something" about the offensive material
    (after all an employer would "protect" its employees from a calendar of nude
    women or a harrassing coworker). More $$ spent in the time to complain and HR
    doing something about it.

    4. And finally there's the IT guy who bears the brunt trying to fight the battle
    against spam when he's got plenty of other stuff to do. And so he buys expensive
    software to deal with the problem. More $$ spent on his time and the software and
    maintaining the software.

    It's just a little more complicated than "can't people just delete the stuff". Even
    people who say "just get tool XYZ" overlook the cost of deploying (to 1000s of
    desktop machines), training employees (to use the thing) and maintaining it. That's
    a very expensive proposition.

    John.

  14. Real costs by WindBourne · · Score: 4, Insightful

    Funny thing is that Viruses actually cost more than spam, yet these folks are worrying about spam.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  15. First amendment righats? OXDUNG. by Pig+Hogger · · Score: 4, Insightful
    The first amendment DOES NOT COVER SPAMMING.

    Anybody who says otherwise is BULLSHITTING.

    The first amendment talks about Freedom of speech - freedom of the press. Nowhere does it permits anyone from using someone else's press, as spamming does by using someone else's computer/network ressources.

  16. First Amendment rights? by PaulK · · Score: 4, Insightful

    Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.

    First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".

    Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.

    If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.

    When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?

    The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.

    Because, I am a spammerhunter.

  17. What is the real cost of Spam? by dryguy · · Score: 4, Funny
    $2.50 a can.

    Next question?

    --
    -- Stamp out entropy. ->dryguy@bellsloth.net
  18. The true costs are social by firewood · · Score: 4, Insightful
    Getting a mailbox full of raw sewage and dirty needles every day would probably be fine if you were an organic farmer into collecting antique medical instruments. If you are an office worker only takes a few seconds to use a fire hose and wash the stink off your desk and inbox at work every morning; that's what storm drains are for. I'm sure the FBI would never arrest your household because of the contents of all those needles you have to throw in the garbage every day. You have to be careful opening packages in order not to get stuck with an infected needle.

    Now your mom doesn't want to check her mailbox at all anymore. But many people would just tell mom to call instead, since they no longer want to search for her letter amidst the toxic waste. And they certainly wouldn't send their kids down to stick their hand in the mailbox anymore with all those wrapped and unwrapped filthy needles.

    People will stop wasting their time with email (as currently implemented), and thus this new form of communication will be strangled soon after its birth.

  19. Do not delete "spam" email. by Anonymous Coward · · Score: 5, Funny

    Just as commercials on television pay for the programming you get to enjoy, advertisements in email are there to defray the cost of the email infrastructure. If you don't take the time to read these short, unintrusive messages, advertisers will be unwilling to pay to advertise on the internet. Who then will pay for the email system you take for granted?

    The evasion of commercial email is a serious ethical, moral, and legal issue. Users caught implementing "filters" to evade their responsibilities could face an expensive lawsuit or even jail time.

    We as a society must learn to respect the copyrights and first amendment rights of bulk emailers, many of whom struggle to put food on the table for their families. To summarize:

    1. Commercial email deletion is a serious moral and legal issue.

    2. "Everyone does it" or "I didn't know it was illegal to filter spam" are not valid excuses.

    3. Filter users could face an expensive lawsuit or even jail time. To avoid this threat, just delete all spam filtering software you may have installed on your computer.

    4. We will not rest until this insidious form of electronic shoplifting is eradicated for good.

  20. Snappy comebacks by vaxer · · Score: 4, Funny
    "I got three spams this morning, can you do anything about it?"

    1. Not if you keep zeroing out the machete budget.
    2. Sure, why don't we trade accounts? I got sixty.
    3. Okay, I'll post your address on Usenet. You'll never wake up to three spams again.
  21. Sensitive to First Amendment rights? BS! by Skapare · · Score: 4, Interesting
    Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.

    What kind of BS is that? No they do not.

    IU and other public institutions are NOT lawmakers, nor are they free public resources. Now if individual students are doing the spamming, there may be some complexities to deal with, especially if other students are the targets of the spam. But public schools are not a resource that anyone may just freely use.

    If the school does make certain facilities open for public use, then they do have to do so fairly. That means, for example, if a facility like a stadium is used for a convention by members of the public (and usually these are done on a basis of school use has first priority, student use second priority, and public use last and usually paid), then spammers would probably have to be given equal access as members of the public. So you might see a spammer's convention meeting there.

    The real issues are:

    • Students spamming students (and we might include faculty here, too) using school computing and/or network facilities.
    • Students spamming the internet from school facilities.
    • Spammers spamming students (ingress use of school facilities).

    Does Kinkos have a right to post signs anywhere on school property to advertise their copying services to students? No! They must follow specific rules. There might be places designated for signs to be posted. The school newspaper might be advertising supported and Kinkos could buy ad space there. The school might even sell naming rights to the gymnasium to Kinkos (if they want to buy that). But there exists no free right for anyone, not even students or faculty, to come and commandeer any resource they wish for their own purposes.

    Certainly this rules out students spamming the internet, and I would argue it also gives no one in the public any particular right to communicate with a student on the school's network, even if the student grants that permission by signing up for advertising. The school owns the property and it is generally well considered to not be public use property. The school is definitely not preventing people from using their own personal property/resources when that school restricts the ways the school's property/resources are used to be limited to what the mission of the school is.

    It might be a whole different matter if a government entity were setting up a network, such as an open WiFi node, for anyone in the public to make use of. That is not what public institutions of higher learning do.

    --
    now we need to go OSS in diesel cars
  22. Stupid System Administrators by sirket · · Score: 4, Informative
    I have said this before, and I will say it again:

    If people would set up their email servers correctly, I could eliminate 99% of the spam from my systems. Unfortunately, a bunch of administrators seem to feel that they do not actually have to configure their systems correctly. If I want to be able to receive mail from them, then I need to open my server up and allow misconfigured servers to talk to it. Guess who has the majority of (usually intentionally) misconfigured servers. You guessed it, spammers.

    Getting rid of spam is simple. Stop bitching about it and fix your own damned mail server.

    Do you:
    1. Have a postmaster account?
    2. Have an abuse account?
    3. Have reverse DNS?
    4. Have matching forward and reverse DNS?
    5. HELO with your server's Fully Qualified Domain Name (FQDN)?
    6. Use a FQDN at all points during the transaction?
    7. Have an A Record in DNS for those FQDN's?
    8. Have proper MX records?
    9. Use strict RFC821 envelopes?
    10. Reject unauthorized command pipelining?
    11. Reject non-existent sender domains? (joe@doesnotexist.com)
    12. Reject invalid HELO names (Either non-FQDN's, HELO names that do not resolve, HELO names that do not resolve to the IP address of the connection, or hosts that use a numeric HELO without brackets)
    13. Accept email for postmaster@a.b.c.d (Where a.b.c.d is the external address of your email server and e.f.g.h is the internal, non-NAT'd address). Many hosts fail this test (Though this is not something that you, as the receiver, would be checking.)

    Just my two cents.

    -sirket

  23. Lost Productivity by kramer2718 · · Score: 4, Funny

    The lost productivity due to spam is inconsequential compared to the lost productivity due to Slashdot.

    --
    http://yetanotherpoliticalrant.blogspot.com