In (Sort Of) Defense of Spammers
CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.
We've known this all the time. Spammers spam because it makes them money. Didn't we have a /. article a while back showing how big of a house a big-time spammer had, and giving all sorts of stats, e.g. foreign servers in China, Russia, etc spewing spam, three T1 lines, a network of computers in his basement, etc?
Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.
I have a mailing list with 30000 people. Do I have to pay 0.01 cents an email ?
Iraq: war to save the U
Well... I RTFA and that article didn't go anywhere.
/. postings and personal experiences.
He says there's a spam problem (no kidding?) and that the economics of it are viable (Well, no kidding? Is that why we continue to receive spam?) and there's no way to stop it without incuring an overhead in transmission (either through permission based, authentication or challenge and response) - well... we already knew that through 100's of
So what was the point of the article? To just rehash the same old situation?
We need a solution, not a restatement of the problem. The solution is going to involve more overhead, because the fundamental problem with SMTP is the touted low overhead itself. There's no real authentication and anyone can send anything to anyone else. THAT is the problem, so of COURSE we are going to have to have more overhead in a "new" SMTP protocol of some sort if we want to affect a change. This is just a given.
The focus needs to be on coming up with a system to track the responsible parties (for good or ill) - and that will cost overhead. We'll have to suck it up, but it's the way it's going to have to be, unless we want to continue on the road we are on now.
I still think that mailservers should use the PKI structure. Each new mailserver would require a public/private key pair. Each key could be signed by a prevoius key, leading up to one person (I'll vote Alan Cox, cause that guy knows his shit!).
He signs a bunch of keys, then those keys sign a bunch, and so on and so forth. Lookups would just simply walk the tree. You set the depth at which you'll receive e-mail from, and can elevate keys to top-level if you want, to avoid the headache of having subdomains or backup mail servers faulting for domains on the fringe.
Now spammers will have to get keys from trusted sources, which can be identified. Too many bad certs, and wham, lop the branch of the tree!
I have a strong suspicion that most of the little-guy spam email factories are really just suckered into an industry with the same structure as Mary Kay Cosmetics, Herbalife, Tupperware, Avon, and many other multilevel marketing systems (aka MLMs).
It starts with shit-on-a-stick advertising. You know, the handbills and placards on street corners, or on your company breakroom bulletin board. Somebody reads this junk and thinks they can finally have a job which doesn't require much time and lets them raise their rugrats too. The advertising doesn't say what it IS, it says a lot about what it ISN'T. No selling. No parties (unless you want). No data entry. Use the computer you've got. Some will mention MLM pyramid buzzwords, like "grow your organization," and "get your friends involved with your new company."
Now, in many fraudulent MLMs, you have to pay a fee for a starter kit from your advertising contact. The only difference between a legal MLM and an illegal Ponzi investment scheme is the "product." If you actually schlep skin-cream or candles, you *theoretically* can make back your starter investment without growing a downline organization of other suckers.
You can buy other aids from your advertising contact if you find yourself floundering. Buy a CD-ROM with more email addresses. "Validated." Finally, if you don't think you can possibly sell that much product personally, the only way to escape without major losses is to put out some cheap advertising on your own, asking your friends to get into the act. That's right. Sucker other people to join the organization, so they can share in the same bad investment you originally made.
Spam email "product" would just be the opportunity advertising space itself, which marketing majors will tell you is seen as inventory. The fun thing about email "advertising space" is that it isn't really accountable. You can just run spiders to comb more databases to create more advertising space. Those who get some technical savvy will figure out how to work around a spam filter, and then you can start to build your own library of "validated" addressing space, ready for delivery.
The only way to break apart an illegal MLM is to find the organizing agents of each illegal MLM, and pound them into the dirt legally. Upper tiers are usually found to be defrauding their downline agents, through misleading buy-in advertising. Then prosecute every downline until the roots are too small to grow back on their own. Of course, if they legally have a "product" like "advertising space," and they're careful about how they phrase their recruiting pitches, it's going to be hard to prosecute effectively with today's laws.
[
then there's mailing lists operated by nonprofit orgs, charities, etc.
Speaking as one such (we're not an IRS-endorsed nonprofit, we just don't charge anything *or* serve ads), I have to say... at this point, charging for email isn't going to make a difference for us. We're already looking for alternative methods of serving our content... e-postage isn't going to ruin things any *more* than spam already has.
The Phoenyx spends a great deal of "staff" time and server horsepower (successfully) trying to keep spam off the mailing lists, but it's reaching the point where it's a losing fight... we have no time to add features, etc. because we're constantly tweaking settings to achieve that balance between making administration and usage easy for our users, detecting spam, not getting caught in users' spamfilters, and staying off blacklists (we were on Spamcop's blacklist a few hours yesterday despite all that).
So we're basically giving up. The Phoenyx has served email in one form or another since 1986, and we're not going to stop just yet... but we're going to offer all the alternatives we can (for the same content): a private NNTP server, a web forum (and despite being here, I despise web forums), and so on.
I predict that within a year, we'll have no email subscribers left. Definitely none among nontechnical folks.
Of course, that just means the fight will turn to trying to block web forum spammers, but it's easier to set up authentication on web forums, at least.
Slashdot's token middle-aged housewife
The solution is to find a way to make e-mail cost money to use. It's only because e-mail is so cheep to abuse that spam is so prevalent.
You really think that? Ever heard of spammers making worms/virus so their spam gets sent from other machines? If email costs money, the bill would get paid by these people not the spammers (and the spam would continue).
Opus: the Swiss army knife of audio codec
It's more of a tragedy of the commons (similar to, not the same)
If there were one spammer, sending one piece of spam to everyone on earth a day, and getting rich off it, it would NOT be a problem.... the effect on everyone else is negligible.
If the gain to the spammer is X, the loss on his million victims is on millionth of X each.
The problem is that there are many spammers.. so though each spammer sees his effect on individual recipients as tiny, the overall problem is quite large.
Contrast to the sheep scenario in tragedy of the commons... one guy adding one extra sheep to common land being grazed at capacity already is a net benefit of one sheep to the farmer, but the corresponding negative effect to him is shared among ALL those who share the land... so he sees a net gain. The problem is that every participant would come to the same coclusion, and add mroe sheep... cancelling out the percieved gain, to the detrement of all.
What if an ISP did the following:
Email "light" - you can only send messages to up to 20 recipients - more than that will be met with an error message from the SMTP server
Email "plus" - $4.95 a month, and you can send mail up to 100 recipients at a time - again, an error message if limit is exceeded
Email "bulk" - you need to specifically call to enable this, and it allows you to send to as many recipients as you want, but every recipient over 100 people is $0.01 per person.
Thus, a spammer could not use a person's machine as a spam conduit because the person would be unable to send the spam! Now, the spammer could put a mailing list on their own server and then make a worm to send to that, but they'd still have to get and maintain a server for the mailing list, so what's the point?
Another nice note - it makes things a pain in the butt for people who want to send chain letters to everyone in their address book. People that do this are unlikely to either take the time to create groups of 20, and send the message several times, nor do I think they'll pay $4.95 for the ability to send junk messages.
I think the grandparent poster is absolutely right. Make SPAM cost something for the sender and then only people who can afford to pay will send SPAM, and the overall amount should decrease, probably dramatically.
Kevin
I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.
.....).
He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who
The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.
Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.
Since the big companies don't "know" that they're dealing with a spammer.......