In (Sort Of) Defense of Spammers
CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.
When it comes right down to it, heuristics and Bayesian filters and challenge/response systems do improve things from the point of view of the recipient, but not from the point of view of the IT group that has to support all this overhead. Ultimately, e-postage is probably the right way to go, but the costs (implementing the micropayment overhead, plus protocol changes, plus the human frustration) are prohibitive in the short run. Don't look for this in the next couple of years. Besides, people just hate the idea of paying for their e-mail.
.01 cents an email, I don't think anyone would mind paying a cent for a hundred emails we sent out (if it meant no spam). To a spammer, such a cost suddenly makes bulk emailing not an option and they'd be screwed. I wouldn't mind an electronic analog of "junk" email in the way we get junk snail mail. It's not something I love, but legitimate companies do have legitimate goods and services. This is to say, I'd have no problems if "junk" email was 2-5 emails a day from medium/large legit companies containing various sales info.
A questionable set of assumptions. If you charged
G-Force music visualization
We've known this all the time. Spammers spam because it makes them money. Didn't we have a /. article a while back showing how big of a house a big-time spammer had, and giving all sorts of stats, e.g. foreign servers in China, Russia, etc spewing spam, three T1 lines, a network of computers in his basement, etc?
Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.
The point of the whole article can be summed up, IMHO, in the paragraph below:
Ultimately we have to reassign costs from the recipient back to the sender. Such costs can be artificial (e.g., e-postage) or fundamental (e.g., slowing down SMTP connections, perhaps by adding authentication overhead).
So, he is actually making an argument for one of Microsoft's projects: The Penny Black Project.
Quem a paca cara compra, paca cara pagará.
In an economic sense, yes.
If the cost of the lawyers he has to pay for, the lost time spent in jail, and the other costs associated with the activity are less than the gain (resulting in a net profit of sufficent size), then from an economic standpoint it is a rational career path. Remember, the 'Willie Sutton Principle' is named after a bank robber.
Whether or not it's a moral career path is an entirely different issue.
Well... I RTFA and that article didn't go anywhere.
/. postings and personal experiences.
He says there's a spam problem (no kidding?) and that the economics of it are viable (Well, no kidding? Is that why we continue to receive spam?) and there's no way to stop it without incuring an overhead in transmission (either through permission based, authentication or challenge and response) - well... we already knew that through 100's of
So what was the point of the article? To just rehash the same old situation?
We need a solution, not a restatement of the problem. The solution is going to involve more overhead, because the fundamental problem with SMTP is the touted low overhead itself. There's no real authentication and anyone can send anything to anyone else. THAT is the problem, so of COURSE we are going to have to have more overhead in a "new" SMTP protocol of some sort if we want to affect a change. This is just a given.
The focus needs to be on coming up with a system to track the responsible parties (for good or ill) - and that will cost overhead. We'll have to suck it up, but it's the way it's going to have to be, unless we want to continue on the road we are on now.
Spammers spam because it is profitable. Companies hire spammers because it brings them in money. 95% of the spam I receive is illegal (forged headers, no opt-out,etc). I wonder if we could petition Visa/MasterCard to have a process for cutting off the merchant accounts when there is evidence of illegal spam. Then it would no longer be profitable to hire spammers.
I wonder if the PR coup would be enough to offset the money lost from spammers transactions.
The email system (and bandwidth on the internet in general) is sort of like communism. Things are fine if everyone behaves themselves and respects others' rights etc. It can work well for small communities. But obviously humans are greedy. So when the internet grows big you get into all these problems. Laws make the problem worse, because if you outlaw an economically sound model you start seeing the totalitarian side of communism.
Could we have designed a mail protocol which cannot be abused in this way? Sure: mails are kept on a server for which the sender pays until the receiver decides whether or not to view it (or a timeout elapses). Just the reverse of SMTP. I won't go into the details, it has been discussed at length on /. before. But is it practically feasible at this stage to switch to such a system? That's an entirely different question.
I have a strong suspicion that most of the little-guy spam email factories are really just suckered into an industry with the same structure as Mary Kay Cosmetics, Herbalife, Tupperware, Avon, and many other multilevel marketing systems (aka MLMs).
It starts with shit-on-a-stick advertising. You know, the handbills and placards on street corners, or on your company breakroom bulletin board. Somebody reads this junk and thinks they can finally have a job which doesn't require much time and lets them raise their rugrats too. The advertising doesn't say what it IS, it says a lot about what it ISN'T. No selling. No parties (unless you want). No data entry. Use the computer you've got. Some will mention MLM pyramid buzzwords, like "grow your organization," and "get your friends involved with your new company."
Now, in many fraudulent MLMs, you have to pay a fee for a starter kit from your advertising contact. The only difference between a legal MLM and an illegal Ponzi investment scheme is the "product." If you actually schlep skin-cream or candles, you *theoretically* can make back your starter investment without growing a downline organization of other suckers.
You can buy other aids from your advertising contact if you find yourself floundering. Buy a CD-ROM with more email addresses. "Validated." Finally, if you don't think you can possibly sell that much product personally, the only way to escape without major losses is to put out some cheap advertising on your own, asking your friends to get into the act. That's right. Sucker other people to join the organization, so they can share in the same bad investment you originally made.
Spam email "product" would just be the opportunity advertising space itself, which marketing majors will tell you is seen as inventory. The fun thing about email "advertising space" is that it isn't really accountable. You can just run spiders to comb more databases to create more advertising space. Those who get some technical savvy will figure out how to work around a spam filter, and then you can start to build your own library of "validated" addressing space, ready for delivery.
The only way to break apart an illegal MLM is to find the organizing agents of each illegal MLM, and pound them into the dirt legally. Upper tiers are usually found to be defrauding their downline agents, through misleading buy-in advertising. Then prosecute every downline until the roots are too small to grow back on their own. Of course, if they legally have a "product" like "advertising space," and they're careful about how they phrase their recruiting pitches, it's going to be hard to prosecute effectively with today's laws.
[
The solution is to find a way to make e-mail cost money to use. It's only because e-mail is so cheep to abuse that spam is so prevalent.
You really think that? Ever heard of spammers making worms/virus so their spam gets sent from other machines? If email costs money, the bill would get paid by these people not the spammers (and the spam would continue).
Opus: the Swiss army knife of audio codec
mod parent back up, cuz he makes sense.
and i'm a "liberal".
tobacco companies are addressing a stated need (desire?) by the public for their product, only they receive the blessing of the goverment along with it. and as soon as we're told that nicotine delivery devices such as cigarettes are illegal, your friendly neighborhood smoke dealer will be peddling on your street.
same goes for alcohol.
Funny, but grand parent makes a good point. Spam is legit. I wouldn't mind getting an e-mail from the pizza place down the street, or that a near-by mall store is having a sale. I wouldn't mind a grocery store sending me coupons, or anything like that.
Just put "adv:" in the subject so I don't have to look at it if I don't want to. The problem isn't with spam, it is with the unaccountability of e-mail. Fix fradulent headers, have clear subject line, ensure accountability, sprinkle some legislation, and e-mail becomes a legit enterprise.
Thing is you have to throw in some things for spammers too, or they'll always try to break the rules. Provide a mechanism to target geographic and demographic areas. Perhaps a WHOIS registry for e-mail, perhaps only stating 'mail service start in CITY,STATE,COUNTRY'. Make it so that only people with a physical presence in that region can spam users in that region. Restrict access to this database with a fee and ensure only that person is spamming with 'sender permitted from' (SPF) Then there is a way to _target_ and _control_ spam.
Spam becomes a valuable tool for regular businesses and spammers cater to them and not porn and adult services and whatever other crap is being produced now. Users see real advantage in reading spam because it is about stuff in their region, and could possible save them money. People buy the sunday paper for the ads, people will read spam for the same purpose. Everybody wins, even spammers.
Marketers sometimes fail to see that you can't force advertising down on people. Give the people a reason to listen to you, and they will come.
Why, o why must the sky fall when I've learned to fly?
The answer: the sender pays an email tax to the recipient instead of the gov't or the ISP. This means that the cost of receiving the email is offset by being paid to receive it. If you don't want to charge Grandma or your favorite mailing list to send you e-mail, then add them to your Whitelist, and they don't pay anything.
This way, if you get spam, at least you're getting paid for it!
Implementation could be handled at the e-mail server level - the sending ISP pays the receiving ISP. The sending ISP adds the charge to the sender's bill, and the receiving ISP subtracts it from the receiver's bill, after taking the cut for their storage and bandwidth costs.
Therefore, if spammers steal an account with which to spam, they are now also stealing money from the account holder, which is covered under strong, existing laws .
It's more of a tragedy of the commons (similar to, not the same)
If there were one spammer, sending one piece of spam to everyone on earth a day, and getting rich off it, it would NOT be a problem.... the effect on everyone else is negligible.
If the gain to the spammer is X, the loss on his million victims is on millionth of X each.
The problem is that there are many spammers.. so though each spammer sees his effect on individual recipients as tiny, the overall problem is quite large.
Contrast to the sheep scenario in tragedy of the commons... one guy adding one extra sheep to common land being grazed at capacity already is a net benefit of one sheep to the farmer, but the corresponding negative effect to him is shared among ALL those who share the land... so he sees a net gain. The problem is that every participant would come to the same coclusion, and add mroe sheep... cancelling out the percieved gain, to the detrement of all.
This has mostly to do with the ease of production of meth. Drugs will sell anywhere you can supply them. I find it hard to believe that nobody in rural areas would touch meth if they had to pay for it, but as soon as they're offered a free taste they're all over it. Meth is so damn cheap that the difference between "free" and "full price" isn't enough to keep people away unless they're hooked. Fact is, rural areas are so goddamned boring that there's always a guaranteed market for any sort of chemical diversion. Crystal meth has been continuously available in any decent-sized town from minnesota to texas for 20+ years. I was an on and off meth user for 15 years in places like San Angelo, TX and Iowa City, IA (NOT big towns) and never have I ever even heard second-hand of anyone being offered free meth. I wish it were true (I'd be all over that shit!) but the "first taste free" urban legend has never panned out.
If a job's not worth doing, it's not worth doing right.
This would work. First, you can always find the bank handling the transaction. Just put in a credit card number and watch where the transaction comes from in the credit card system.
Second, banks have strong merchant agreements with companies that accept credit cards, agreements that allow the bank to charge back transactions. So banks can enforce anti-spam terms of service on their customers. Once this gets into the regulations of Visa International and MasterCard, it's enforceable worldwide through the credit card infrastructure.
Third, the seller/spammer always knows, when the transaction goes through, where the customer is. So they are liable in the customer's jurisdiction, not the spammer's. If spam laws differ in different jurisdictions, the seller can block transactions from areas with strong anti-spam laws. Of course, if they have to block most of the developed world, they won't make any money, which makes spamming go away.
What if an ISP did the following:
Email "light" - you can only send messages to up to 20 recipients - more than that will be met with an error message from the SMTP server
Email "plus" - $4.95 a month, and you can send mail up to 100 recipients at a time - again, an error message if limit is exceeded
Email "bulk" - you need to specifically call to enable this, and it allows you to send to as many recipients as you want, but every recipient over 100 people is $0.01 per person.
Thus, a spammer could not use a person's machine as a spam conduit because the person would be unable to send the spam! Now, the spammer could put a mailing list on their own server and then make a worm to send to that, but they'd still have to get and maintain a server for the mailing list, so what's the point?
Another nice note - it makes things a pain in the butt for people who want to send chain letters to everyone in their address book. People that do this are unlikely to either take the time to create groups of 20, and send the message several times, nor do I think they'll pay $4.95 for the ability to send junk messages.
I think the grandparent poster is absolutely right. Make SPAM cost something for the sender and then only people who can afford to pay will send SPAM, and the overall amount should decrease, probably dramatically.
Kevin
What are you classifying as harrassment?
I mean, one phone call? one credit card application in the mail? one car insurance quote in email?
You may think these are each a form of harrassment but try getting a judge/jury to agree with you. And then try to get the Supreme Court to agree with you.
The Supreme Court has more or less taken the stance that as long as it isn't obscene you can send unsolicited mail to anyone. Of course that costs some $.30/mailing address. The cost is prohibitive to most companies who want to carpet bomb the country, so you only get people with high profit margins doing this. Hence every person on this planet has 23 AOL floppy/CD/DVDs.
Email is different. The cost/email is insanely low something like 1 penny/100 emails. This is where the real problem comes in b/c so many companies can afford this. 1 spam/day isn't harrassment, and for the government to deny that 1 spam is a first amendment violation.
Here is the problem. 100 spams/day probably is harrassment (opinions will vary). But these could very well be from 100 different Spammers. So none of them individually harrassed you. So you are looking at enacting some collective harrassment law
There are so many problems it isn't even funny
How many unsolicited emails is harrassment?
Who should get the rights to the non harrassment emails?
How will the government even police this?
It would be nice and easy to completely ban spam, but the first amendment won't let us.
I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.
.....).
He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who
The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.
Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.
Since the big companies don't "know" that they're dealing with a spammer.......
Hello, I'm Barry Shein, I run a sizeable ISP, The World, www.TheWorld.com. You've probably heard me speak or write about spam before (see: http://www.TheWorld.com/~bzs).
Spammers do not sell advertising.
What they sell is crime.
Let me give you an analogy:
Say my name was Tony S. and I said I was in the waste disposal business.
Now say that you have a small herbal viagra factory which produces a few drums of toxic waste daily which need to be properly removed.
You're paying a service $100 per drum. I come to you and say I'll do it for $20 per drum, an 80% savings.
Cagey person that you are, you realize that's a very good deal so take it and you're even smart enough not to ask too many questions.
Every night a coupla oddly well-dressed guys come by and take your drums away in a different pick-up, in the morning the now-empty drums are by your back door, and you pay your bills. All is right with the world, your bottom line looks better than ever.
Except for one thing, they're just dumping the barrels off the side of the highway late at night when no one is looking.
Are they selling you waste removal services?
Or are they selling you crime?
I contend that without the break-ins, exploitation of bugs in web scripts, PC's purposely infected by viruses which let spammers use them to send spam by the tens of thousands, etc., spammers could not operate.
Not any more than Tony S could remove drums for $20 each and dump them legally and stay in business when everyone else has to charge $100/drum.
Sure, you could IMAGINE someone underselling the $100/drum price, or someone spamming without egregiously breaking any laws.
But I say IT'S IMPOSSIBLE, you can't LEGALLY send (as someone gave as an example earlier) 200M mail msgs for a gross return of $200 legally, day after day and stay in business.
You can't afford the bandwidth on that price.
You can't afford the computer power.
You can't afford the lawsuits and other legal problems if you were so easily identifiable using stable internet addresses you bought.
You can't afford to be mobile as your victims block your IPs relentlessly.
You can't do it. You cannot do it legally.
And if you had to do it legally it'd look completely different. More like those commercial messages you get which you think are ok or tolerable anyhow from Microsoft or Sun or that magazine you subscribe to, rather than the immense deluge of filth and crime and questionable come-ons spam usually represents. Honest people can't operate like that, or not for long anyhow.
THEREFORE: Spammers sell crime, not advertising (or whatever they appear to be selling.) Just like the factory owner could dump his own toxic waste off the side of the highway for even less than Tony, the person hiring the spammer is hiring a criminal because for the relatively low price why take the chance or learn the tricks of the trade?
As Tony might say: Ya think dese spam guys are boy scouts or what? Wake up!