Slashdot Mirror
In (Sort Of) Defense of Spammers
CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.
Drug dealers and people who commit fraud aren't going to go away becuase they can make money ding what they do. We still despise them and send them to jail when we find them.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Happy Trails!
Erick
http://www.busyweather.com/
As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'"
I don't follow. Responding to "market forces" (and God knows I'm an ESR-esque capitalist) doesn't give you the right to invade my privacy. Arguably, the mafia responds to market forces. Extortion is "rational behavior in the economic sense." Your point being?
I have discovered a truly marvelous
Plenty of crimes (Drug dealing, fraud, plain 'ol theft) make sense. That doesn't mean they're morally acceptable.
If your theory is different from practice, then your theory is wrong.
But what about mailing lists and whatnot operated by small organizations? Obviously they can't afford to pay 0.1 cents/email. I subscribe to the IETF mailing lists; those servers must send hundreds of thousands of emails a day. I doubt they would want to pay so much to provide a free discussion service, and then there's mailing lists operated by nonprofit orgs, charities, etc.
"So you want to send me advertising, and you're going to pay me $0.10 per message you email me? Send all you want, dude!"
But if that $0.10 per message just falls into the "Big AOL Pot O'Money(TM)", the whining would be louder than it is today.. "What, I'm paying for email and I STILL get spam? You said it'd be gone if I paid!!!"
John
I am sorry, anyone who responds to penile-enlargement ads, or nigerian scams, or any sort of other spam is a complete and utter moron.
I dont know why anyone out there would do this, especially given the poor quality of the advertisements sent out via email by the spammers....
Ahh..but as Monsieur Barnum said, "A Sucker is Born Every Minute"....it was true then and it is true now, there are people out there too stupid to live!
And in response to a previous post, at least drug dealers and embezzlers require a modicum of intelligence, the haphazard style of the spammers indicates they have none.
Post apocalyptic gaming goodness
If you charged .01 cents an email
Sure, 0.01 cents today.
Tommorrow, who knows how much. Once the infrastucture is in place, what is to prevent the price from going up?
Don't say competition, because just like gasoline, there will be a steadily increasing cost across all providers.
- - - - - - - - - - -
I am a programmer. I am paid to produce syntax not grammar. Deal with it.
Charging for email without securing the email infrastructure is a bad idea.
Spammers don't send mail from their computers, they send from your computer. Who gets the money from this micropayment? If its the recipient, guess what? All of the spam will be directed to the spammers from the hijacked computers. Instant Powerball jackpot winner. If the ISP gets it, guess what? All of the spammers will become ISPs.
Adding a new market force just changes the dynamics, it doesn't eliminate the crime.
Yup.
;) It's too evil to not happen.
Ok, now guess who the government would put in charge of implementing this postage system? The U.S. Postal Service has lots of experience with postage...I'm willing to bet they'd get the job.
So, watch as they slap on a small postage fee per email. And then, mark my words, watch them offer a bulk rate for large mailings, just as they do now with snail mail.
...
I can see SPAM killing itself in the not-to-distant future. SPAM is a numbers game, and it used to be that they could get very small response rate and still make money if they sent out a large volume of mail.
Now, everybody is assaulted with countless email messages, mostly peddling the same products. As people get more and more SPAM, the response rate will inevitably drop lower and lower, and I believe it will eventually bring in too little money to justify the costs that spammers incur to send it out.
My public email address will have 100% junk email on some days. I read 0% of those emails beyond the subject line. 3 years ago, when it was only 10-20%, I at least had a chance of actually viewing the message as I was sorting my mail.
As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.
I don't follow. Responding to "market forces" (and God knows I'm an ESR-esque capitalist) doesn't give you the right to invade my privacy. Arguably, the mafia responds to market forces. Extortion is "rational behavior in the economic sense." Your point being?
His point being "The problem is that our approach to the solution has also been short-term thinking. We have to think long-term. We have to make the spammers pay more than we do." I know, I know, reading the WHOLE article is very hard. Congratulations on your +4 Insightful.
I have a lot of opinions about Cyborgs and Architects
that you don't understand the premise.
"In the economic sense" means you look at the problem purely from the economic standpoint. Not the legal, not the ethical, not the moral - the economic. Just the economic.
Think of it as functioning in a world of just economics without outside forces like law and morality. Things that make sense - i.e. that will make money - are good, period. However, these ideas tend to lose their appeal when acted on by outside forces - i.e. the aforementioned law and morality. You rolled law and morals into your assessment of a model that does not address them.
I want to drag this out as long as possible. Bring me my protractor.
Spamming is an ethical issue at its heart. Using open relays, using individuals' computers to forward mail, and other uses of bandwith that the spammers aren't paying for is at the least dishonest, and moreso argueably theft.
There is also the consideration that freedom of speach by definition includes freedom from speach, so we shouldn't have to be subjected to the spam in the first place.
Responding to economic forces does not in any way exempt anyone from being subject to moral and ethical evaluations.
If I mug people for money and manage to get away with it, that doesn't constitute a defense of any substantive kind. Yes my behavior can be *explained* motivationally by economics, but for someone to therefor be emotionally conflicted as to whether or not I should be condemned for it would be - to put it kindly - absurd.
Now if the alternative for spammers was to starve to death, that would cast this in a different light. But that's not the case. Spammers are people who could have chosen to go to work doing something useful, and instead decided to pollute the commons.
- First they ignore you, then they laugh at you, then ???, then profit.
Working for a living, even with those annoying advanced degrees, costs a significant amount of time and effort. I've seen claims that acquiring a single job through direct application costs close to $100. And that's not considering the 40 hours a week one must spend at the job. Doing a job that pays poorly is inefficient, so workers limit the number of jobs they do to the highest paying they can find.
But suppose it costs you essentially nothing to make a buck through mugging. Then your best strategy to maximize profits is to mug as many people as you can find. After all, if you're mugging mortgage financiers, there might actually be some money in their pockets. You would miss those potential money sources if you trimmed your list. Perhaps some folks who have expressed interest in designer beer mugs are also walking in your area. If you did the "rational" thing you and didn't hit them over the head with a sand-filled sock, you would miss them, and it costs you nothing, right?
The sad point of all of this is that I'm going to (sort of) defend the muggers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as muggers can take in more money than it costs them, they will continue to beat people senseless and take their money. This is "rational" behavior in the economic sense.
I'm sorry, I just don't buy it. Screw economics.
The bottom line Allman is NOT addressing is SMTP IS A BROKEN PROTOCOL. Spamming happens because it is EASY TO DO and it takes more effort to stop it.
SMTP was designed in an era where internet hosts implicitly trusted each other (this same era gave us the horribly insecure TELNET and FTP as well). That era is LONG LONG GONE.
The reality is that SMTP headers are too easy to forge. We will NEVER be free of open relays--this is the fault of the protocol as much as the clueless admins. SMTP needs to be completely replaced.
Look--you can still get spam-free email. Just not over SMTP. Believe it or not, FIDONET still exists and guess what--I don't get any spam there. Why? Because the system would smash down anyone that tried rather quickly--the protocol works. I've been encouraging anyone who will listen to jump back on one of the many FIDONET or Citadel BBS systems available on the internet for decent, spam-free email.
It is quite easy to get rid of spam. This is what I do:
1. Receive Piece of spam regarding penis enlargement. Sent to junk mail, or doesn't go through my spam filter.
2. When I get a few minutes, and I'm rather pissed off at something, I pull up one of my default response templates. Ie, received E-Mail of Penis enlargement pill/patch/voodoo dance, and simply send an E-Mail back saying:
"Hi, I'm interested in your penis enlargement patch. Please send me some information on your product."
3. Wait for response to mail
4. Send another appropriate but stupid question to them, never actually purchasing.
5. Repeat step 3 if a further E-Mail has been sent to me.
Some interesting things I have noted:
1. My spam has decreased. The spammers are not all stupid and they blacklist my E-Mail address. (From 400 mails a day, down to about 50)
2. And this is the big one. It costs a small, tiny fraction of a cent to send out a generic spam advertisement. Therefore, easy or genuine responses are economically viable, as they only get a few a day.
Now just imagine, if we have the force of a fraction of a few dedicated /. readers. Perhaps about 100,000 of them sending on average 5 generic responses per day. That's 500,000 E-Mails to the evil inboxes of doom.
Let's say that 1 company gets 70,000 bogus E-Mails in a day. It still takes approximately 1-2 mins to read and respond adequately to a person if they want to make a potential sale.
Thats between 70,000 and 140,000 minutes a day. That's about 1,167 to 2,333 work hours a day to respond to the junk they get back to perhaps glean 100 real potentials from their campaign.
If you need to pay an employee just $10 an hour, that's still between $11,670 and $23,330 a day.
That's between $4,259,550 and $8,519,100 that the spammers have to pay in work hours.
Now, lets say that they make about $2,000 a day from the 100 e-mails they get that are legit. They are now running at a loss.
Reading only the subject lines and filtering out the 'non-genuine' responses will result in REAL reasponses being filtered out as well, making their profits drop.
As the article said, they are using basic market economic forces to make a profit. We can use basic market economic forces to reduce the spam.
Summary:
1. Responding to spam has reduced my Junk mail, probably due to blacklisting. (This is only me, and I am only stating what has happened in my case.)
2. If enough people respond with fake letters of interest, the spammers go broke, and it becomes non-profitable.
So a call to arms /. ers. You hate spam? Me too. Let's do something about it.
CRyACin
If life gives you shit, then sell fertiliser - Bayani Portier
Science advances one funeral at a time- Max Planck
urg, he couldn't have made this any more obvious. Imagine he was a company selling sendmail: what would they try and do? They'd try and make it look like they weren't the ones responsible for the spam, as they'd have money (in his case, ego) on the line.
The problem here is a fundamental flaw in smtp.
The solution here is to redesign smtp. Even something as simple as a 'trusted peer server' model would work and wouldn't need a complete redesign: each server is the trusted peer of several others (say 5, and all would have to be fqdn). After mail is sent, and before that mail is delivered, the server it is sent from is validified to be a peer (by doing a quick check on the 5 servers that it claims are its peers). If the server sent from doesn't have peers, then the mail isn't delivered.
While this wouldn't completely trap all spam, and some spam would certainly still get through from exploited networks, it would make the job of maintaining accurate RBLs much, much easier, and would functionally run spammers out of business, if (say) the next sendmail version were to impliment the feature, and people started using it.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
(Apologies to those who have seen this before.)
You advocate a
( ) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're stupid for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Nathan's blog
Sigh. This is the short-sighted, disconnected view of drug abuse that seems to typify the "legalize drugs now" crowd. Nothing happens in a vacuum.
Right.
When somebody busts out the window of a car to steal a stereo to sell so that they can buy drugs with which to overdose
Doesn't seem to happen for alcohol. Why? 'Cause it's cheaper and legal.
Look, legalization isn't going to make drug abuse go away, but 30 years of wars on drugs hasn't either. And at best, the drug laws simply push most potential abusers to alcohol. Are teetotallers going to suddenly start mainlining heroin if it were no longer outlawed? I don't think so.
But legalization does get rid of many of the side effects of drug laws. Seagrams' distributors rarely shoot it out with the Johnny Walker guys. We aren't spending billions on imprisoning beer sellers. Alcohol dealers have an incentive not to sell to the underage. And the guy who drives the Budweiser truck isn't flashing his dough around the projects, making beer-selling look like a glamorous role to those with poor prospects.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
From what I understand, a spammer selling, for instance, penis enlargement pills will sell three or four bottles from a spam run of 100 million spams. Let's say he makes $200 and assume it is pure profit (it is).
Let's further assume of the 100 million spams, 10 million made it to the Microsoft Outlook Inboxes of unique users. Let's say that each spam took 5 seconds to delete. If their time is worth $10/hour (assume half the victims are kids students etc, and half are professionals) the spammer cost them $100,000 of their time to make his lousy $200.
This does not take into account higher ISP fees, anti-spam program costs, credit card back charges, loss of business from lost legit emails, and the terabytes of wasted bandwidth for each and every spam run.
Spammers are conscious of this and their continuing to do it is an indication of sociopathic behavior.
i think a much overlooked fact is, that Spam is moving towards organised crime. Currently we have several trends working that way:
I think a lot of people look at Spam as a kind of nuisance. It is more. If the observed trends continue, we'll find Spam sent by those same friendly guys who offer the heroin to your kids. No joke or rethoric intended, i'm plain serious on that one. Take a look at Sobig, the backdoors it opened and what kind of Spam and how fast you got it.
Regards, Martin