Slashdot Mirror


In (Sort Of) Defense of Spammers

CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.

23 of 663 comments (clear)

  1. paying for email... by andy55 · · Score: 3, Interesting

    When it comes right down to it, heuristics and Bayesian filters and challenge/response systems do improve things from the point of view of the recipient, but not from the point of view of the IT group that has to support all this overhead. Ultimately, e-postage is probably the right way to go, but the costs (implementing the micropayment overhead, plus protocol changes, plus the human frustration) are prohibitive in the short run. Don't look for this in the next couple of years. Besides, people just hate the idea of paying for their e-mail.

    A questionable set of assumptions. If you charged .01 cents an email, I don't think anyone would mind paying a cent for a hundred emails we sent out (if it meant no spam). To a spammer, such a cost suddenly makes bulk emailing not an option and they'd be screwed. I wouldn't mind an electronic analog of "junk" email in the way we get junk snail mail. It's not something I love, but legitimate companies do have legitimate goods and services. This is to say, I'd have no problems if "junk" email was 2-5 emails a day from medium/large legit companies containing various sales info.

    1. Re:paying for email... by zeux · · Score: 4, Interesting

      I have a mailing list with 30000 people. Do I have to pay 0.01 cents an email ?

    2. Re:paying for email... by Anonymous Coward · · Score: 5, Interesting

      I still think that mailservers should use the PKI structure. Each new mailserver would require a public/private key pair. Each key could be signed by a prevoius key, leading up to one person (I'll vote Alan Cox, cause that guy knows his shit!).

      He signs a bunch of keys, then those keys sign a bunch, and so on and so forth. Lookups would just simply walk the tree. You set the depth at which you'll receive e-mail from, and can elevate keys to top-level if you want, to avoid the headache of having subdomains or backup mail servers faulting for domains on the fringe.

      Now spammers will have to get keys from trusted sources, which can be identified. Too many bad certs, and wham, lop the branch of the tree!

    3. Re:paying for email... by M.+Silver · · Score: 4, Interesting

      then there's mailing lists operated by nonprofit orgs, charities, etc.

      Speaking as one such (we're not an IRS-endorsed nonprofit, we just don't charge anything *or* serve ads), I have to say... at this point, charging for email isn't going to make a difference for us. We're already looking for alternative methods of serving our content... e-postage isn't going to ruin things any *more* than spam already has.

      The Phoenyx spends a great deal of "staff" time and server horsepower (successfully) trying to keep spam off the mailing lists, but it's reaching the point where it's a losing fight... we have no time to add features, etc. because we're constantly tweaking settings to achieve that balance between making administration and usage easy for our users, detecting spam, not getting caught in users' spamfilters, and staying off blacklists (we were on Spamcop's blacklist a few hours yesterday despite all that).

      So we're basically giving up. The Phoenyx has served email in one form or another since 1986, and we're not going to stop just yet... but we're going to offer all the alternatives we can (for the same content): a private NNTP server, a web forum (and despite being here, I despise web forums), and so on.

      I predict that within a year, we'll have no email subscribers left. Definitely none among nontechnical folks.

      Of course, that just means the fight will turn to trying to block web forum spammers, but it's easier to set up authentication on web forums, at least.

      --

      Slashdot's token middle-aged housewife
  2. Well, duh... by herrvinny · · Score: 5, Interesting

    We've known this all the time. Spammers spam because it makes them money. Didn't we have a /. article a while back showing how big of a house a big-time spammer had, and giving all sorts of stats, e.g. foreign servers in China, Russia, etc spewing spam, three T1 lines, a network of computers in his basement, etc?

    Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.

    1. Re:Well, duh... by DenOfEarth · · Score: 3, Interesting

      Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.

      To be philosophical about it, just because it's illegal doesn't make it wrong, it just means you can get punished for it.

      However, in a practical sense, spamming and spammers are not an easy thing to track down either. The open nature of the internet means we have to put up with this stuff until someone figures out a technical solution. I think it's pretty much impossible to legislate anything with any kind of impact onto this internet deal. Even if it were possible to legislate terms of internet usage in one country, the thing is so entrenched with global connections that we'd have a hard time stopping people from settuing up shop in some other place.

      Gimme an open internet over a heavily regulated one anyday...it's the information super-highway, not the information trolley.

  3. Making an argument in favor o Microsoft by rcastro0 · · Score: 3, Interesting

    The point of the whole article can be summed up, IMHO, in the paragraph below:

    Ultimately we have to reassign costs from the recipient back to the sender. Such costs can be artificial (e.g., e-postage) or fundamental (e.g., slowing down SMTP connections, perhaps by adding authentication overhead).

    So, he is actually making an argument for one of Microsoft's projects: The Penny Black Project.

    --
    Quem a paca cara compra, paca cara pagará.
  4. Re:crime by Dr.+Bent · · Score: 3, Interesting

    In an economic sense, yes.

    If the cost of the lawyers he has to pay for, the lost time spent in jail, and the other costs associated with the activity are less than the gain (resulting in a net profit of sufficent size), then from an economic standpoint it is a rational career path. Remember, the 'Willie Sutton Principle' is named after a bank robber.

    Whether or not it's a moral career path is an entirely different issue.

  5. That didn't say much... by NitroWolf · · Score: 5, Interesting

    Well... I RTFA and that article didn't go anywhere.

    He says there's a spam problem (no kidding?) and that the economics of it are viable (Well, no kidding? Is that why we continue to receive spam?) and there's no way to stop it without incuring an overhead in transmission (either through permission based, authentication or challenge and response) - well... we already knew that through 100's of /. postings and personal experiences.

    So what was the point of the article? To just rehash the same old situation?

    We need a solution, not a restatement of the problem. The solution is going to involve more overhead, because the fundamental problem with SMTP is the touted low overhead itself. There's no real authentication and anyone can send anything to anyone else. THAT is the problem, so of COURSE we are going to have to have more overhead in a "new" SMTP protocol of some sort if we want to affect a change. This is just a given.

    The focus needs to be on coming up with a system to track the responsible parties (for good or ill) - and that will cost overhead. We'll have to suck it up, but it's the way it's going to have to be, unless we want to continue on the road we are on now.

  6. A different solution by bobthemuse · · Score: 3, Interesting

    Spammers spam because it is profitable. Companies hire spammers because it brings them in money. 95% of the spam I receive is illegal (forged headers, no opt-out,etc). I wonder if we could petition Visa/MasterCard to have a process for cutting off the merchant accounts when there is evidence of illegal spam. Then it would no longer be profitable to hire spammers.

    I wonder if the PR coup would be enough to offset the money lost from spammers transactions.

  7. Uhh.. isn't that obvious? by arvindn · · Score: 3, Interesting
    IMHO, the rant doesn't say anything new. We all know SMTP is fundamentally broken; a permanent solution to spam would require discarding or significantly modifying it. And defending an economic model doesn't mean justifying the ethics of it. Eolas has a sound money making scheme, does that mean we like them?

    The email system (and bandwidth on the internet in general) is sort of like communism. Things are fine if everyone behaves themselves and respects others' rights etc. It can work well for small communities. But obviously humans are greedy. So when the internet grows big you get into all these problems. Laws make the problem worse, because if you outlaw an economically sound model you start seeing the totalitarian side of communism.

    Could we have designed a mail protocol which cannot be abused in this way? Sure: mails are kept on a server for which the sender pays until the receiver decides whether or not to view it (or a timeout elapses). Just the reverse of SMTP. I won't go into the details, it has been discussed at length on /. before. But is it practically feasible at this stage to switch to such a system? That's an entirely different question.

  8. spam email factories and MLM by Speare · · Score: 4, Interesting

    I have a strong suspicion that most of the little-guy spam email factories are really just suckered into an industry with the same structure as Mary Kay Cosmetics, Herbalife, Tupperware, Avon, and many other multilevel marketing systems (aka MLMs).

    It starts with shit-on-a-stick advertising. You know, the handbills and placards on street corners, or on your company breakroom bulletin board. Somebody reads this junk and thinks they can finally have a job which doesn't require much time and lets them raise their rugrats too. The advertising doesn't say what it IS, it says a lot about what it ISN'T. No selling. No parties (unless you want). No data entry. Use the computer you've got. Some will mention MLM pyramid buzzwords, like "grow your organization," and "get your friends involved with your new company."

    Now, in many fraudulent MLMs, you have to pay a fee for a starter kit from your advertising contact. The only difference between a legal MLM and an illegal Ponzi investment scheme is the "product." If you actually schlep skin-cream or candles, you *theoretically* can make back your starter investment without growing a downline organization of other suckers.

    You can buy other aids from your advertising contact if you find yourself floundering. Buy a CD-ROM with more email addresses. "Validated." Finally, if you don't think you can possibly sell that much product personally, the only way to escape without major losses is to put out some cheap advertising on your own, asking your friends to get into the act. That's right. Sucker other people to join the organization, so they can share in the same bad investment you originally made.

    Spam email "product" would just be the opportunity advertising space itself, which marketing majors will tell you is seen as inventory. The fun thing about email "advertising space" is that it isn't really accountable. You can just run spiders to comb more databases to create more advertising space. Those who get some technical savvy will figure out how to work around a spam filter, and then you can start to build your own library of "validated" addressing space, ready for delivery.

    The only way to break apart an illegal MLM is to find the organizing agents of each illegal MLM, and pound them into the dirt legally. Upper tiers are usually found to be defrauding their downline agents, through misleading buy-in advertising. Then prosecute every downline until the roots are too small to grow back on their own. Of course, if they legally have a "product" like "advertising space," and they're careful about how they phrase their recruiting pitches, it's going to be hard to prosecute effectively with today's laws.

    --
    [ .sig file not found ]
  9. Re:Spammers aren't the only ones by jmv · · Score: 4, Interesting

    The solution is to find a way to make e-mail cost money to use. It's only because e-mail is so cheep to abuse that spam is so prevalent.

    You really think that? Ever heard of spammers making worms/virus so their spam gets sent from other machines? If email costs money, the bill would get paid by these people not the spammers (and the spam would continue).

  10. Re:Spammers aren't the only ones by hyperstation · · Score: 3, Interesting

    mod parent back up, cuz he makes sense.

    and i'm a "liberal".

    tobacco companies are addressing a stated need (desire?) by the public for their product, only they receive the blessing of the goverment along with it. and as soon as we're told that nicotine delivery devices such as cigarettes are illegal, your friendly neighborhood smoke dealer will be peddling on your street.

    same goes for alcohol.

  11. Re:Spam and Marketing by dubious9 · · Score: 3, Interesting

    Funny, but grand parent makes a good point. Spam is legit. I wouldn't mind getting an e-mail from the pizza place down the street, or that a near-by mall store is having a sale. I wouldn't mind a grocery store sending me coupons, or anything like that.

    Just put "adv:" in the subject so I don't have to look at it if I don't want to. The problem isn't with spam, it is with the unaccountability of e-mail. Fix fradulent headers, have clear subject line, ensure accountability, sprinkle some legislation, and e-mail becomes a legit enterprise.

    Thing is you have to throw in some things for spammers too, or they'll always try to break the rules. Provide a mechanism to target geographic and demographic areas. Perhaps a WHOIS registry for e-mail, perhaps only stating 'mail service start in CITY,STATE,COUNTRY'. Make it so that only people with a physical presence in that region can spam users in that region. Restrict access to this database with a fee and ensure only that person is spamming with 'sender permitted from' (SPF) Then there is a way to _target_ and _control_ spam.

    Spam becomes a valuable tool for regular businesses and spammers cater to them and not porn and adult services and whatever other crap is being produced now. Users see real advantage in reading spam because it is about stuff in their region, and could possible save them money. People buy the sunday paper for the ads, people will read spam for the same purpose. Everybody wins, even spammers.

    Marketers sometimes fail to see that you can't force advertising down on people. Give the people a reason to listen to you, and they will come.

    --
    Why, o why must the sky fall when I've learned to fly?
  12. An email tax everyone will love by LightStruk · · Score: 3, Interesting
    Besides, people just hate the idea of paying for their e-mail.
    Indeed! As the author points out, we already pay for the privilege in connection fees, bandwidth fees, storage costs, and time. Why would we want to pay more money for something that doesn't actually cost anything?
    The answer: the sender pays an email tax to the recipient instead of the gov't or the ISP. This means that the cost of receiving the email is offset by being paid to receive it. If you don't want to charge Grandma or your favorite mailing list to send you e-mail, then add them to your Whitelist, and they don't pay anything.
    This way, if you get spam, at least you're getting paid for it!
    Implementation could be handled at the e-mail server level - the sending ISP pays the receiving ISP. The sending ISP adds the charge to the sender's bill, and the receiving ISP subtracts it from the receiver's bill, after taking the cut for their storage and bandwidth costs.
    Therefore, if spammers steal an account with which to spam, they are now also stealing money from the account holder, which is covered under strong, existing laws .
  13. Re:Spammers aren't the only ones by mindstrm · · Score: 5, Interesting

    It's more of a tragedy of the commons (similar to, not the same)

    If there were one spammer, sending one piece of spam to everyone on earth a day, and getting rich off it, it would NOT be a problem.... the effect on everyone else is negligible.

    If the gain to the spammer is X, the loss on his million victims is on millionth of X each.

    The problem is that there are many spammers.. so though each spammer sees his effect on individual recipients as tiny, the overall problem is quite large.

    Contrast to the sheep scenario in tragedy of the commons... one guy adding one extra sheep to common land being grazed at capacity already is a net benefit of one sheep to the farmer, but the corresponding negative effect to him is shared among ALL those who share the land... so he sees a net gain. The problem is that every participant would come to the same coclusion, and add mroe sheep... cancelling out the percieved gain, to the detrement of all.

  14. Re:Spammers aren't the only ones by Dun+Malg · · Score: 3, Interesting
    My comments were specific to crystal meth, which is marketed differently than other drugs. Nobody is going to give away weed or cocaine as there is no need. Crystal meth is a huge problem in rural areas precisely because of how it is marketed. A drug dealer can set up a production lab in a rural area and create a supply but have no market. They then initiate a demand through the free giveaways. Then there is sufficient demand to meet the supply. Crystal meth is supply side driven and not demand driven in the startup phase, which is unlike other drugs where the demand is pre-existing.

    This has mostly to do with the ease of production of meth. Drugs will sell anywhere you can supply them. I find it hard to believe that nobody in rural areas would touch meth if they had to pay for it, but as soon as they're offered a free taste they're all over it. Meth is so damn cheap that the difference between "free" and "full price" isn't enough to keep people away unless they're hooked. Fact is, rural areas are so goddamned boring that there's always a guaranteed market for any sort of chemical diversion. Crystal meth has been continuously available in any decent-sized town from minnesota to texas for 20+ years. I was an on and off meth user for 15 years in places like San Angelo, TX and Iowa City, IA (NOT big towns) and never have I ever even heard second-hand of anyone being offered free meth. I wish it were true (I'd be all over that shit!) but the "first taste free" urban legend has never panned out.

    --
    If a job's not worth doing, it's not worth doing right.
  15. How to stop spam, if Congress had any backbone by Animats · · Score: 3, Interesting
    Stopping spam is easy. Make banks who issue merchant accounts liable for spam by their customers.

    This would work. First, you can always find the bank handling the transaction. Just put in a credit card number and watch where the transaction comes from in the credit card system.

    Second, banks have strong merchant agreements with companies that accept credit cards, agreements that allow the bank to charge back transactions. So banks can enforce anti-spam terms of service on their customers. Once this gets into the regulations of Visa International and MasterCard, it's enforceable worldwide through the credit card infrastructure.

    Third, the seller/spammer always knows, when the transaction goes through, where the customer is. So they are liable in the customer's jurisdiction, not the spammer's. If spam laws differ in different jurisdictions, the seller can block transactions from areas with strong anti-spam laws. Of course, if they have to block most of the developed world, they won't make any money, which makes spamming go away.

  16. Just make mass-marketing a pay model by kollivier · · Score: 4, Interesting

    What if an ISP did the following:

    Email "light" - you can only send messages to up to 20 recipients - more than that will be met with an error message from the SMTP server

    Email "plus" - $4.95 a month, and you can send mail up to 100 recipients at a time - again, an error message if limit is exceeded

    Email "bulk" - you need to specifically call to enable this, and it allows you to send to as many recipients as you want, but every recipient over 100 people is $0.01 per person.

    Thus, a spammer could not use a person's machine as a spam conduit because the person would be unable to send the spam! Now, the spammer could put a mailing list on their own server and then make a worm to send to that, but they'd still have to get and maintain a server for the mailing list, so what's the point?

    Another nice note - it makes things a pain in the butt for people who want to send chain letters to everyone in their address book. People that do this are unlikely to either take the time to create groups of 20, and send the message several times, nor do I think they'll pay $4.95 for the ability to send junk messages.

    I think the grandparent poster is absolutely right. Make SPAM cost something for the sender and then only people who can afford to pay will send SPAM, and the overall amount should decrease, probably dramatically.

    Kevin

  17. Re:Spammers aren't the only ones by DougWhite · · Score: 3, Interesting

    What are you classifying as harrassment?

    I mean, one phone call? one credit card application in the mail? one car insurance quote in email?

    You may think these are each a form of harrassment but try getting a judge/jury to agree with you. And then try to get the Supreme Court to agree with you.

    The Supreme Court has more or less taken the stance that as long as it isn't obscene you can send unsolicited mail to anyone. Of course that costs some $.30/mailing address. The cost is prohibitive to most companies who want to carpet bomb the country, so you only get people with high profit margins doing this. Hence every person on this planet has 23 AOL floppy/CD/DVDs.

    Email is different. The cost/email is insanely low something like 1 penny/100 emails. This is where the real problem comes in b/c so many companies can afford this. 1 spam/day isn't harrassment, and for the government to deny that 1 spam is a first amendment violation.

    Here is the problem. 100 spams/day probably is harrassment (opinions will vary). But these could very well be from 100 different Spammers. So none of them individually harrassed you. So you are looking at enacting some collective harrassment law

    There are so many problems it isn't even funny
    How many unsolicited emails is harrassment?
    Who should get the rights to the non harrassment emails?
    How will the government even police this?

    It would be nice and easy to completely ban spam, but the first amendment won't let us.

  18. You are correct, as told in a previous /. story. by khasim · · Score: 4, Interesting

    I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.

    He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who .....).

    The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.

    Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.

    Since the big companies don't "know" that they're dealing with a spammer.......

  19. Spammers only sell crime, not advertising... by World_Leader · · Score: 3, Interesting



    Hello, I'm Barry Shein, I run a sizeable ISP, The World, www.TheWorld.com. You've probably heard me speak or write about spam before (see: http://www.TheWorld.com/~bzs).

    Spammers do not sell advertising.

    What they sell is crime.

    Let me give you an analogy:

    Say my name was Tony S. and I said I was in the waste disposal business.

    Now say that you have a small herbal viagra factory which produces a few drums of toxic waste daily which need to be properly removed.

    You're paying a service $100 per drum. I come to you and say I'll do it for $20 per drum, an 80% savings.

    Cagey person that you are, you realize that's a very good deal so take it and you're even smart enough not to ask too many questions.

    Every night a coupla oddly well-dressed guys come by and take your drums away in a different pick-up, in the morning the now-empty drums are by your back door, and you pay your bills. All is right with the world, your bottom line looks better than ever.

    Except for one thing, they're just dumping the barrels off the side of the highway late at night when no one is looking.

    Are they selling you waste removal services?

    Or are they selling you crime?

    I contend that without the break-ins, exploitation of bugs in web scripts, PC's purposely infected by viruses which let spammers use them to send spam by the tens of thousands, etc., spammers could not operate.

    Not any more than Tony S could remove drums for $20 each and dump them legally and stay in business when everyone else has to charge $100/drum.

    Sure, you could IMAGINE someone underselling the $100/drum price, or someone spamming without egregiously breaking any laws.

    But I say IT'S IMPOSSIBLE, you can't LEGALLY send (as someone gave as an example earlier) 200M mail msgs for a gross return of $200 legally, day after day and stay in business.

    You can't afford the bandwidth on that price.

    You can't afford the computer power.

    You can't afford the lawsuits and other legal problems if you were so easily identifiable using stable internet addresses you bought.

    You can't afford to be mobile as your victims block your IPs relentlessly.

    You can't do it. You cannot do it legally.

    And if you had to do it legally it'd look completely different. More like those commercial messages you get which you think are ok or tolerable anyhow from Microsoft or Sun or that magazine you subscribe to, rather than the immense deluge of filth and crime and questionable come-ons spam usually represents. Honest people can't operate like that, or not for long anyhow.

    THEREFORE: Spammers sell crime, not advertising (or whatever they appear to be selling.) Just like the factory owner could dump his own toxic waste off the side of the highway for even less than Tony, the person hiring the spammer is hiring a criminal because for the relatively low price why take the chance or learn the tricks of the trade?

    As Tony might say: Ya think dese spam guys are boy scouts or what? Wake up!