Slashdot Mirror
In (Sort Of) Defense of Spammers
CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.
Drug dealers and people who commit fraud aren't going to go away becuase they can make money ding what they do. We still despise them and send them to jail when we find them.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Kill all the Marketing Majors.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
I prefer the Willie Maykit principle for spamming, ie. Willie Maykit from his house to the grocery store once everyone knows what he does for a living and the government suspends any and all criminal offenses for 'dealing' with this type of scum.
When it comes right down to it, heuristics and Bayesian filters and challenge/response systems do improve things from the point of view of the recipient, but not from the point of view of the IT group that has to support all this overhead. Ultimately, e-postage is probably the right way to go, but the costs (implementing the micropayment overhead, plus protocol changes, plus the human frustration) are prohibitive in the short run. Don't look for this in the next couple of years. Besides, people just hate the idea of paying for their e-mail.
.01 cents an email, I don't think anyone would mind paying a cent for a hundred emails we sent out (if it meant no spam). To a spammer, such a cost suddenly makes bulk emailing not an option and they'd be screwed. I wouldn't mind an electronic analog of "junk" email in the way we get junk snail mail. It's not something I love, but legitimate companies do have legitimate goods and services. This is to say, I'd have no problems if "junk" email was 2-5 emails a day from medium/large legit companies containing various sales info.
A questionable set of assumptions. If you charged
G-Force music visualization
Happy Trails!
Erick
http://www.busyweather.com/
We've known this all the time. Spammers spam because it makes them money. Didn't we have a /. article a while back showing how big of a house a big-time spammer had, and giving all sorts of stats, e.g. foreign servers in China, Russia, etc spewing spam, three T1 lines, a network of computers in his basement, etc?
Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.
As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'"
I don't follow. Responding to "market forces" (and God knows I'm an ESR-esque capitalist) doesn't give you the right to invade my privacy. Arguably, the mafia responds to market forces. Extortion is "rational behavior in the economic sense." Your point being?
I have discovered a truly marvelous
Yes, and I could kidnap bums and sell their organs on the black market for profit, but you don't see me doing that.
And corporations could cut corners and ship potentially dangerous products, saving them a lot of money and putting their customers at risk.
And lawyers could do half-ass jobs and let their clients get on death row.
And loggers could cut down every single tree they find and make money off it.
The point is, even if it's profitable, it's not responsible, and it's ultimately detrimental to society.
Plenty of crimes (Drug dealing, fraud, plain 'ol theft) make sense. That doesn't mean they're morally acceptable.
If your theory is different from practice, then your theory is wrong.
Robbery and murder may be economically rational too, but I'm not looking in to a career change.
"... the economic forces that have led to the spam problem ..."
That is an easy one:
Greed+Stupidity=Spammer
Only to idiots, are orders laws.
-- Henning von Tresckow
thieves with no money who mug old ladies are responding to "economic forces" too.
it makes good business sense to not bother protecting workers' health or the environment beyond the minimum you can get away with.
just because you can do something, doesn't mean you should.
so what's the point? flamebait story?
I never understood what was wrong with making spam okay (to a point) as long as they have an Adv: in the subject line. This still allows other people to get it, along with an easy way to filter.
"The problem is that our approach to the solution has also been short-term thinking. We have to think long-term. We have to make the spammers pay more than we do."
:P
My dear sir, the problem has been more than adequately defined a MEEEELYUN times at least. I was hoping for a solution, not another whiny 'spammers do it 'cause it's so cheap' rant. Like that's news.
---
SCO is weenies
Gator is Spyware
Microsoft is thugs
While spam benefits spammers, it steals man-hours and network resources from companies who would rather put their personnel and equipment to more productive (and profitable uses). Spam is the collect call that you're forced to accept.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
If you charged .01 cents an email, I don't think anyone would mind paying a cent for a hundred emails we sent out (if it meant no spam). To a spammer, such a cost suddenly makes bulk emailing not an option and they'd be screwed.
Not really. If a spammer wants to send out 1,000,000 emails, the total cost would be:
$0.0001 * 1000000 = $100
That's not really deterring. It's a small investment that the spammers would make back within the first few sales of their product, I assume.
There are many things which are clearly "wrong" and which, therefore are not "right" regardless of the cause. I really don't think that "market forces" are a justification for filling your mailbox with as many penis-enlargment or "generic male enhancing formula" ads as possible.
Seriously, sometimes there are forces which drive me to run nearby vehicles off the road whilst on the freeway, but I find the human capacity to control myself for the greater good. Why can't we ask the same for spammers? Because they face absolutely no punishment or cost for their actions.
The point of the whole article can be summed up, IMHO, in the paragraph below:
Ultimately we have to reassign costs from the recipient back to the sender. Such costs can be artificial (e.g., e-postage) or fundamental (e.g., slowing down SMTP connections, perhaps by adding authentication overhead).
So, he is actually making an argument for one of Microsoft's projects: The Penny Black Project.
Quem a paca cara compra, paca cara pagará.
In an economic sense, yes.
If the cost of the lawyers he has to pay for, the lost time spent in jail, and the other costs associated with the activity are less than the gain (resulting in a net profit of sufficent size), then from an economic standpoint it is a rational career path. Remember, the 'Willie Sutton Principle' is named after a bank robber.
Whether or not it's a moral career path is an entirely different issue.
I am sorry, anyone who responds to penile-enlargement ads, or nigerian scams, or any sort of other spam is a complete and utter moron.
I dont know why anyone out there would do this, especially given the poor quality of the advertisements sent out via email by the spammers....
Ahh..but as Monsieur Barnum said, "A Sucker is Born Every Minute"....it was true then and it is true now, there are people out there too stupid to live!
And in response to a previous post, at least drug dealers and embezzlers require a modicum of intelligence, the haphazard style of the spammers indicates they have none.
Post apocalyptic gaming goodness
Willie "The Actor" Sutton was a bank robber. His claim to fame is that someone asked him "Why do you rob banks?" and his answer was "Because that's where the money is."
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Well... I RTFA and that article didn't go anywhere.
/. postings and personal experiences.
He says there's a spam problem (no kidding?) and that the economics of it are viable (Well, no kidding? Is that why we continue to receive spam?) and there's no way to stop it without incuring an overhead in transmission (either through permission based, authentication or challenge and response) - well... we already knew that through 100's of
So what was the point of the article? To just rehash the same old situation?
We need a solution, not a restatement of the problem. The solution is going to involve more overhead, because the fundamental problem with SMTP is the touted low overhead itself. There's no real authentication and anyone can send anything to anyone else. THAT is the problem, so of COURSE we are going to have to have more overhead in a "new" SMTP protocol of some sort if we want to affect a change. This is just a given.
The focus needs to be on coming up with a system to track the responsible parties (for good or ill) - and that will cost overhead. We'll have to suck it up, but it's the way it's going to have to be, unless we want to continue on the road we are on now.
Charging for email without securing the email infrastructure is a bad idea.
Spammers don't send mail from their computers, they send from your computer. Who gets the money from this micropayment? If its the recipient, guess what? All of the spam will be directed to the spammers from the hijacked computers. Instant Powerball jackpot winner. If the ISP gets it, guess what? All of the spammers will become ISPs.
Adding a new market force just changes the dynamics, it doesn't eliminate the crime.
Spammers don't make money by selling their products, they make money by selling addresses to each other.
Support the First Amendment. Read at -1
Yes, but you forgot an important factor. If the person is truly rational, they will use the following formula:
Expected Gain = (Gain from burglary) - [(Probability of being caught) * (Estimated monetary cost of penalty)] - (Opportunity Cost)
Opportunity cost is important - my opportunity cost is high, for example, since the next best option for me is my current job, which pays well, has health beenfits, etc. For someone with only a GED, though, it is significantly lower.
the estimated monetary cost being caught is a value assigned to the penalty (i.e., how much is it worth to me to stay out of jail).
Given that formula, a truly rational person will burgle whenever the Expected Gain is greter than 0.
This article is a bit obvious don't you think? Who didn't not know that whole mass mailing business is based on how easy and cheap is sending e-mails?
Well, the main health insurance company here has a helpful service that will send a text message to your mobile phone to remind you to take your contraceptive pill. My only regret was that 6am was the earliest time you could select for that reminder...
If I hadn't made money from it I wouldn't have done it.
It made "economic sense" to kill DiLivio as if he had gone to the cops I'd have gone to prison.
It makes "economic sense" to cook the books like Enron as you get rich, all you are doing is using the market and obeying basic forces.
It makes "economic sense" to use slave and child labour, its cheaper, all you are doing is obeying basic market forces.
Oh and Guns don't kill people... number of deaths as a result of "drive by Sarcasm hits" still at zero however.
An Eye for an Eye will make the whole world blind - Gandhi
Everyone is drawing comparisons between spammers and thieves/drug dealers/other money making illegal activities.
This is not an accurate analogy. Thieves do not come to you asking you over and over if you would like your wallet stolen, they just take it. And if you were stupid, then maybe you would just hand it over with a smile. The fact of the matter is most forms spamming are not yet illegal (as far as I know) and a closer comparison can be drawn to pushy, insistent door to door salesmen - annoying, bullshitting and trying to get your money in exchange for a piece of crap.
Eventually there will be laws passed against them (like no soliciting laws in real life) but the law has always lagged in progress behind technology. For now, this article only defends the REASONS for spamming - not the activity itself.
Spammers spam because it is profitable. Companies hire spammers because it brings them in money. 95% of the spam I receive is illegal (forged headers, no opt-out,etc). I wonder if we could petition Visa/MasterCard to have a process for cutting off the merchant accounts when there is evidence of illegal spam. Then it would no longer be profitable to hire spammers.
I wonder if the PR coup would be enough to offset the money lost from spammers transactions.
Pay who, exactly?
Forget thrust, drag, lift and weight. Airplanes fly because of money.
Not to defend spam, but this issue of economic rationality applies to the recipients of spam too. For too many people, the cost of searching for a product exceeds the cost of clicking through a spam email. HTML email and the internet have made it too easy for the recipients of marketing material to satisfy their curiosity (and buy) from spam. In contrast, taking the initative, opening up a web page to Google, searching for a product, and reserach company reputations is too much bother for too many people.
I suspect that many people see spam-promoted products as no more disreputable than companies found by a search, so why not buy from the most convenitent channel? There may even be a perverse psychological drive that favors spam. If you get screwed by a company that you actively searched for and selected, then you feel like a complete idiot. If you get screwed by a spam compnay, then you can (at least psychologically) partially blame the company that sought you out.
As long as it is easier to click through a spam to reward a spammer (and people are lazy), spammers will be rewarded.
Two wrongs don't make a right, but three lefts do.
The email system (and bandwidth on the internet in general) is sort of like communism. Things are fine if everyone behaves themselves and respects others' rights etc. It can work well for small communities. But obviously humans are greedy. So when the internet grows big you get into all these problems. Laws make the problem worse, because if you outlaw an economically sound model you start seeing the totalitarian side of communism.
Could we have designed a mail protocol which cannot be abused in this way? Sure: mails are kept on a server for which the sender pays until the receiver decides whether or not to view it (or a timeout elapses). Just the reverse of SMTP. I won't go into the details, it has been discussed at length on /. before. But is it practically feasible at this stage to switch to such a system? That's an entirely different question.
I can see SPAM killing itself in the not-to-distant future. SPAM is a numbers game, and it used to be that they could get very small response rate and still make money if they sent out a large volume of mail.
Now, everybody is assaulted with countless email messages, mostly peddling the same products. As people get more and more SPAM, the response rate will inevitably drop lower and lower, and I believe it will eventually bring in too little money to justify the costs that spammers incur to send it out.
My public email address will have 100% junk email on some days. I read 0% of those emails beyond the subject line. 3 years ago, when it was only 10-20%, I at least had a chance of actually viewing the message as I was sorting my mail.
And wrong because it is not THAT dificult to stop spam. No, really. But you have to be practical.
1. Make good legislation. Thou shall not spam. IF you spam, you'll be seriously fined. Allow the $@#$%#@ lawyers to sue. Every time I get spammed, I forward the message to the anti-spam organization. Then, the lawyer sues, gets the money, keeps a fee and gives me the rest.
3. Don't tell me it's hard to track the spammer. It's EASY. Follow the money. Here comes step 1. If spam money are sent to Korea or China, block the transfer.
The last point I want to make: there was/is another advertising system where the recipient would pay more than the sender. But, guess what? They don't send ads through fax. Why? Huge fines.
My .02
Bite my shiny metal... oops... Nevermind!
All it takes is to bust a few of them under existing laws, and make sure the other inmates find out "he's in here for showing dirty pictures to little girls".
/. If the government wants us to respect the law, it should set a better example.
Here is Rational Economic Sense to you:
(cut to the 'GodFather' set -- small smoky room in the middle of nowhere)
Godfather (in a very breathy voice): Guido, I know you like that little spam business of yours, but I am gonna make youse an offer you can't refuse...
Spammer (badly bruised up and tied to a chair between two very tall and muscular men): Yes, Don Corleone?
Godfather: You stop that little racket of yours -- the one that sends me insulting emails about my manhood size -- or you are going to find yourself in a trashcan in the toilets of Grand Central Station. All 600 little pieces of you. Is that economically rational to ya or what?
Spammer: Su... Sure, Don Corleone...
Godfather: Good boy. See? I just knew ya were going to like my deal! (pats spammer on the cheek)
(Godfather stands up and exits the small smoky room . A group of even bigger tough guys are waiting outside.)
Godfather (talking to no-one in particular): As soon as he has erased his hard disk, chop him up in a thousand pieces and drop the remains in the toilets of Grand Central Station. Then, kill all his family and business associates, chop *them* up and throw the pieces in the Hudson.
(Godfather enters his long black limo)
Godfather: Increase my penis size! Sheesh, you don't get no respect these days...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Dealing heroin, they take in more money than they lose. Does that mean we sigh and say 'Ah, such are the wonders of market forces'?
People who beat up little old ladies and take their purses also take in more money than they lose. Do we blame it all on market forces or do we send them to jail? We send them to jail.(*)
Just because something makes a profit doesn't mean it's not bad. The fact that this needs pointing out to anyone is pretty fucking sad.
(*) Except in the UK, but that's an anomaly.
Whence? Hence. Whither? Thither.
I predict that if it comes to the point where we pay for email that personal email will be charged at something like $0.50 (fifty cents) per email (or more) and that organizations like AOL and MSN and Yahoo will be selling bulk email to companies at $0.01(one cent) per pop and we will hear endlessly about how they have to have the bulk email in order to support our personal email.
If I were to set up a filter that said the first time you send me an email put Foobar in the subject line and then you will be added to my allowed list. This does get rid of soome of the overhead of the send-reply-send auth email schemes. I could then put my email address (not obsfuscated) on my website with the subject filled in Foobar and then if a long lost friend was looking for me it would be simple for them to get past the filter and be in address book of allowed people in the future.
If everyone who ever gets a 1-800 number in a spam were to actually call it and waste the person on the other end of the line's time that would cost them a fortune..
unfortunately it is rare to have a 1-800 in the spam.. but please use this strategy.. nothing wrong with pissing off spammers with innane questions..
r.
that you don't understand the premise.
"In the economic sense" means you look at the problem purely from the economic standpoint. Not the legal, not the ethical, not the moral - the economic. Just the economic.
Think of it as functioning in a world of just economics without outside forces like law and morality. Things that make sense - i.e. that will make money - are good, period. However, these ideas tend to lose their appeal when acted on by outside forces - i.e. the aforementioned law and morality. You rolled law and morals into your assessment of a model that does not address them.
I want to drag this out as long as possible. Bring me my protractor.
Seriously, why is everyone so up in arms about spam, when our brains are saturated in advertising everywhere we look?
Spam is what happens when you take mass-communication away from the multi-national mega-corps and give it to the common man...
I've started an online business or two in my time, and carefully-target unsolicited email (aka spam) was an essential part of our business plan, and it brought real benefit to most recipients.
I see a lot of ideas floating out of various government agencies around the world based on making spam more expensive. Personally I don't think this is a good approach. We shouldn't be removing the ability to mass-communicate from the common man, we need to be reining in advertising and other forms of brainwashing in a much more general sense.
What that should mean would make for a much more interesting and productive discussion than just talking about the "spam problem".
-1 Uncomfortable Truth
everyone notice by now how your Baysian (sp?) filter becomes ineffective when the spammer puts random words at the bottom of the message?
I need someone to help me update spamprobe to it only looks at the first 25% of the message now..
seems like it should be easy enough..
I have a strong suspicion that most of the little-guy spam email factories are really just suckered into an industry with the same structure as Mary Kay Cosmetics, Herbalife, Tupperware, Avon, and many other multilevel marketing systems (aka MLMs).
It starts with shit-on-a-stick advertising. You know, the handbills and placards on street corners, or on your company breakroom bulletin board. Somebody reads this junk and thinks they can finally have a job which doesn't require much time and lets them raise their rugrats too. The advertising doesn't say what it IS, it says a lot about what it ISN'T. No selling. No parties (unless you want). No data entry. Use the computer you've got. Some will mention MLM pyramid buzzwords, like "grow your organization," and "get your friends involved with your new company."
Now, in many fraudulent MLMs, you have to pay a fee for a starter kit from your advertising contact. The only difference between a legal MLM and an illegal Ponzi investment scheme is the "product." If you actually schlep skin-cream or candles, you *theoretically* can make back your starter investment without growing a downline organization of other suckers.
You can buy other aids from your advertising contact if you find yourself floundering. Buy a CD-ROM with more email addresses. "Validated." Finally, if you don't think you can possibly sell that much product personally, the only way to escape without major losses is to put out some cheap advertising on your own, asking your friends to get into the act. That's right. Sucker other people to join the organization, so they can share in the same bad investment you originally made.
Spam email "product" would just be the opportunity advertising space itself, which marketing majors will tell you is seen as inventory. The fun thing about email "advertising space" is that it isn't really accountable. You can just run spiders to comb more databases to create more advertising space. Those who get some technical savvy will figure out how to work around a spam filter, and then you can start to build your own library of "validated" addressing space, ready for delivery.
The only way to break apart an illegal MLM is to find the organizing agents of each illegal MLM, and pound them into the dirt legally. Upper tiers are usually found to be defrauding their downline agents, through misleading buy-in advertising. Then prosecute every downline until the roots are too small to grow back on their own. Of course, if they legally have a "product" like "advertising space," and they're careful about how they phrase their recruiting pitches, it's going to be hard to prosecute effectively with today's laws.
[
Set up a private fund that would give money to individuals who seek out and bring spammers to justice. These individuals could somehow *cough* convince spammers to not spam anymore. (Some money would also be used to bribe public officials to "look the other way.")
Once spamming becomes the most dangerous job less people will decide to make that career path.
Seriously, we must expose who is doing the spamming. Once people are out in the open, they may be less willing to send spam.
But really isn't feasable.
What I would like, supposing this could be done, is actually a higher charge, say $.10 per e-mail. Thing would be, if the recipient decided your e-mail was worth their time, they'd have the option to cancel the fee. So if you e-mail me for a good reason, I just cancel the charge, if not you pay. Add to that the ability to create white lists, so I can set senders that are always allowed to send me e-mail with no charge.
Something like that would work great at not only eliminating SPAM but cutting down on drive-by flamers and the like for large websites.
However, any pay-per-email scheme I can think of is just totally unworkable. E-mail is just never going to be a centrally controlled entity, it wasn't designed as such and I can't see any workable way to make it.
Now you could potentially create a new service that people would subscribe to that worked like this for sending messages BUT it would never fly. People wouldn't bother to sign up.
A locked room, the spammer, fifteen minutes, and a 20-lb lump hammer?
I call shotgun!
D
Spamming is an ethical issue at its heart. Using open relays, using individuals' computers to forward mail, and other uses of bandwith that the spammers aren't paying for is at the least dishonest, and moreso argueably theft.
There is also the consideration that freedom of speach by definition includes freedom from speach, so we shouldn't have to be subjected to the spam in the first place.
For spam to be profitable, *recipients* must be responding to the offers and paying money.
How about instead of coming up some contorted "standard", Microsoft and the other biggies put out an anti-spam PSA campaign... I'm sure the Gates Foundation can find a few mil for this...
Convince all those newbies not to respond to the spam offers and the senders will dry up.
Why do the above? It forces the spammer to house the mail instead of the recipient. If it is a spam, there's a good chance the sending site will be blacklisted before many of the recipients ever receive it.
Not perfect, but it changes the economic balance in the right direction without payment schemes.
Responding to economic forces does not in any way exempt anyone from being subject to moral and ethical evaluations.
If I mug people for money and manage to get away with it, that doesn't constitute a defense of any substantive kind. Yes my behavior can be *explained* motivationally by economics, but for someone to therefor be emotionally conflicted as to whether or not I should be condemned for it would be - to put it kindly - absurd.
Now if the alternative for spammers was to starve to death, that would cast this in a different light. But that's not the case. Spammers are people who could have chosen to go to work doing something useful, and instead decided to pollute the commons.
- First they ignore you, then they laugh at you, then ???, then profit.
Okay, accepting that everyone has a right to try to make a living, but the thing that irritates me most about spam is that I'll get the same email 6 times in one day to the same address!
So unlike snail-mail based junk mail where the costs ensure the sender will only bother to "spam" me once a month, email spammers abuse the system.
If they'd just behave a little more sensably then I'd have more simpathy/empathy.
The other thing that annoys me is the content of some of the emails. It really isn't right sending out explicit email when you don't know anything about who's receiving the email.... seriously, some of the spammers should be hung, drawn and quarters for the sh*t they send out.
Getting back to the "volume" problem, this will eventually force the spammers out of business, as it will continue to increase and force changes to the email system. It would therefore make sense for spammers to draw up some kind of unofficial code of conduct, e.g. clean their email lists of dupes and "webmaster" and "abuse" addresses, etc, and only send any given "advert" to a single address once every... month preferably, but if they restricted themselves to once a week it would still be a vast improvement.
I can't see that this would be at all difficult for a spammer and I can't see that it would make any difference to the volume of business generated... I mean, there ain't no way I'm going to order viagra 6 times a day anyway!!
This is something that's bothered me for a long time. If spam largely is fraudulent (direct ripoff) or advertising fraudulent products (real product, doesn't work), or even criminal (selling drugs illegally), why don't we ever hear about prosecutions for this?
Presumably the money trail is the easist thing to follow in a spam message, particularly with the scary new laws associated with money movement these days. It also seems that RICO statutes could be used to ensnare pretty much everyone involved as part of a corrupt enterprise. And then you go away for hard time, 10-20 and forfeit most of your assets to $100k+ fines.
Given that these laws are powerful and their penalties severe, it would seem that a couple of major RICO busts would put a serious dent in the overall spam business. It would not eliminate it completely, but serious jail time for some of the larger members as well as continuing prosecutions might make it much more scarce.
My own theory is that the government is loathe to prosecute fraud, simply because "aggressive marketing" is so entrenched in otherwise "legitimate" business. My tinfoil hat extension to this theory is that otherwise legitimate businesses are profiting immensely from spam (albeit at an arm's length), and have told FTC/FBI to go easy on it (naturally through their paid-up contributions to their favorite officials).
Although to this day, I'm still wondering why nobody seems to go to jail for selling bogus penis pills and Valium without a perscription.
It is simple to make the spammers pay. Use challenge response - not for identity verification, just to make them burn some CPU time. CPU time is usually not considered a cost, but it could be significant to a spammer. Some time is also burned by the recipient, but we can change the balance in our favor as well. "Here, factor this number and I'll accept your mail." Simple. It does cost something from the recipient, but it's imbalanced in our favor. There is one more big big problem to solve before this can really work: Most people get their mail from an ISP mail server. This means the ISP is going to pay the cost on the receiving end no mater how small. Worse yet, those who insist on fondling your outbound mail will pay both prices. Naturally we need to reach the point where we handle our own personal mail before these costs truely don't affect people, and that requires everyone to have an IP address, and that requires IPV6... And there you have it, IPV6 is an enabler to stop the spam problem.
"No one finds a briefcase full of crack on the street and asks, 'Hmm...how am I going to get rid of all this crack?'."
"It is seldom that liberty of any kind is lost all at once." -David Hume
All a spammer has to do is send spam on the behalf of companies that are not their customers and there would be no way to know which merchants should be prosecuted. Spammers muddy the water as much as possible - that is their entire means of survival.
Dan East
Better known as 318230.
I'm sure I'm not the first person to mention this, but I was surprised that the article didn't make mention of it...
Imagine an email delivery protocol that allows the user determines whether or not a sender is charged for sending email. Sending an email requires a fraction of a cent deposit. I as a recipient only get to chose whether the sender is charged, and if I so chose the sender's fraction of a cent goes to pay for the overhead of maintaining the system (and not to me as a recipient... this is important). If I don't chose to charge the user within some arbitrary time period... say one week, the sender's deposit is returned.
Why isn't this being mentioned? Has it already been deemed unviable.. or just dumb?
Just because spamming is not illegal (and it is, under an increasing number of laws) under some conditions does not make it morally or ethically "right." It is still theft by conversion and trespass to chattel. The court system decided that a lonnnng time back in the original case of Cyber Promotions vs. AOL.
Muggers, shoplifters, and other thieves are not going to go away as long as they think they have even the ghost of a chance of making a quick $$.
Spamming is not going to go away as long as spammers think they can make an equally quick $$.
Spamming would stop practically overnight if the entire Internet-using population simply failed to respond to ANY of the offers contained in spam, no matter if they came from a supposedly "legitimate" company (and, in my eyes, no company that sends any form of spam can be considered "legitimate") or some huckster in a double-wide in a trailer park.
The answer, to my eyes, is two-fold, and is simple enough.
(1) Extend the existing anti-junk FAX laws to cover E-mail. In other words, ban spamming outright. Period.
(2) Teach people early and well, especially the earlier generation: NEVER RESPOND to spam, other than to block or filter it.
Bruce Lane, KC7GR,
Blue Feather Technologies
Working for a living, even with those annoying advanced degrees, costs a significant amount of time and effort. I've seen claims that acquiring a single job through direct application costs close to $100. And that's not considering the 40 hours a week one must spend at the job. Doing a job that pays poorly is inefficient, so workers limit the number of jobs they do to the highest paying they can find.
But suppose it costs you essentially nothing to make a buck through mugging. Then your best strategy to maximize profits is to mug as many people as you can find. After all, if you're mugging mortgage financiers, there might actually be some money in their pockets. You would miss those potential money sources if you trimmed your list. Perhaps some folks who have expressed interest in designer beer mugs are also walking in your area. If you did the "rational" thing you and didn't hit them over the head with a sand-filled sock, you would miss them, and it costs you nothing, right?
The sad point of all of this is that I'm going to (sort of) defend the muggers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as muggers can take in more money than it costs them, they will continue to beat people senseless and take their money. This is "rational" behavior in the economic sense.
For the billionth time, Spam != advertising. When a company advertises, THEY cover the costs of the advertising. They buy the billboard and pay the guys to put their ad up on it. Spammers, on the other hand, use MY money, MY network and MY time to deliver advertisements to me. The reason spammers are able to break even is because they're using other people's resources to get their advert out. Besides, if the "common man" wanted your "mass-communication" everyone would be checking out www.viagra-adipex-free-teens-larger-wang.com instead of slashdot.
But there is another kind of evil that we must fear most... and that is the indifference of good men.
Spamming is not justifiable behavior period. It's nor morally or ethically correct to force someone to do something in order to live in the world. Time_life used to send me books for a free 30 day trial. If I didn't want them I had to send them back... well no, I don't have to send them back. Time_life is not the boss of me and cannot force me to return something they sent to me that I never requested. Sure they can try like hell but they have no right to. I got them to stop, by keeping the books and finally one day answering the phone when they called. They wanted to know if I still lived at (my address) so they could send me a book to try out. I said "why yes i do still live there and I'd be happy to receive their book, however I'm not going to return it nor am I going to pay for it."
Spammers shouldn't be the boss of me either but they are. They force me to delete their email, dick with procmail and pay for the bandwidth that their advertising costs me. Currently my only choice is to not play the email game. But given my occupation that would be virtually impossible.
I used to think the only way to combat spam was to raise the public's awareness of it's evils and get the public to protest by boycotting the companies who's products are being marketed by spam. Of course given the mindless do'h mentality that most American's (at least) enjoy that will never happen. If it ever were to happen, we'd see rival companies sending out spam, advertising their competitor's products. So I guess that's not going to work either.
People like Eric Allman who try to justify a spammer's behavior make me sick. Gullt is the only weapon we currently have and he's even minimising it with Timothy's help. Now 1000's of slashdot readers who were just considering becoming spammers are going to go on over to the dark side because it makes economic sense. Thanks guys.
G
Mafia Don Announces New Anti-Spam Venture
As the NSA and FBI fear, traditional crime organizations have been incorporating high-tech communication into their organizations. Although Janet Reno was quoted stating "This is law enforcement's worst nightmare.", techies around the world are sure to be pleased with one New York Syndicate's new venture.
It all started when Don Dominiqi signed onto his AOL account last Monday morning. His inbox was filled with "Make Money Fast", "Viagra On-Line", and "Teenybopper Web Sex" ads. Lost amidst the drivel was an important note detailing a non-taxed shipment of Marlboros, which were later confiscated by the BATF. Little did he know, as he shouted "Bring me the left hand of this f*cking gutterslime!" what would become of it all.
Later that same day, Billy "Run!" Brutekowski and Larry "My Eyes!" Plucker cornered the pasty-faced offender of the Family in a small cyber cafe in Grenich Village. "This was by far the creepiest place the Boss has ever sent us." stated Billy, who only spoke on condition of anonymity. "Everyone in this place looked pale and sickly, like they had already been 'spoken to'. We asked for this punk, and several people quickly pointed him out. Most of the scum we find in gin joints aren't so quick to finger one of their own," Billy continued.
"He must not watch much TV, because this sh*t didn't even flinch when we came to the corner he was hiding in," Larry proceeded to relate. "We dropped this sheet of paper the Boss had given us on his table and he says 'So you guys want to make money fast, eh?' He puts out his and says to give him $20. This scrawny little dirtball tells me to give him $20!" Larry was quite agitated at this part in his story, and his description of how Sammy Spammer's hand fell off was quite garbled.
Billy continued, "Up till now, this was a routine visit. We was just being playful. The weird sh*t began when we tried to leave." "This pimply faced kid blocks the door as we try to leave, and I'm thinking to myself 'Great, a f*cking Karate Kid hero. He just stand there, and then he hands me a $5 bill." Billy pulls out the $5, and holds it like it is his first quarter from his favorite grandmother. "They lined up after that, and we had $175 in 'tips' when we left the joint."
Later that day the Don himself visited the cafe, unwilling to believe the story. Although the details are unclear, sources at the cafe indicate that the Don has hired them to build and host a new Anti-Spam site. Through a SSL transaction system, the site will accept spam complaints and credit card donations towards 'solutions to problems'. Multiple complaints against the same spammer are added to the total until an acceptable solution has been found.
Larry tells us that a typical $250 solution is a broken hand, and for $2000 all anyone ever sees again of 'the problem' are his shoes.
The URL is to be announced next week, and the cyber cafe's phones have been jammed with requests for more information.
I've posted this before, but it is still funny.
"It is a greater offense to steal men's labor, than their clothes"
All this talk of paying for email is silly. It won't work. We're already nickled and dimed for bandwith, connection fees, cell phone services, etc. It's an interesting theory, but it just won't work. I have a better solution to deal with the spammer solution.
First, you hunt down the spammers. Torture them until you get a hold of the people they were hired by. Torture them. Continue until you get to the CEO of nike, or viagra, or whoever started the chain.
Take this long line of people and dismember them publicly (perhaps take some of George Carlin's ideas about letting people bet on the event to make some money) in a most graphic fashion. Make sure that everyone knows that this is because they were spammers, or directly contributing to spamming.
Repeat as needed. Eventually this none too subtle approach will encourage people to find other lines of business. Sure, you might get some collateral damage, housewives, people wrongly identified, that sort of thing, but if you do your best (ie: not just looking at mail headers), this can be minimized. You have to break eggs to make an omlette I say! I think it'd work.
Seriously though, saying "it takes in more money than it puts out" is a bogus argument. I can pimp out my 12 year old sister on the street corner and take in more money than I put out, but that doesn't make it right. Saying "but she's a blonde, and all I have to do is buy a pair of high heals every 6 months" doesn't make me not the scum of the earth. I can make money by dumping radioactive waste in a playground for big business and make money as well, but does that mean I should?
On second thought, maybe my first idea isn't so far fetched after all.
Everyone always says that as long as there are people willing to buy this product, spamming will continue. Well, looking at the products advertised by spam, I have trouble believing anyone buys these products.
I don't believe the problem is that spamming successfully brings in new customers. I believe the problem is that spammers sell their service to unsuspecting "businesses" that believe whatever phony lines they are handing them about how it will be good for their business. As long as there are small businesses who believe this, spammers will find a market for their services and spam will continue, even if the premise that spam has a nonzero response rate is untrue. Eventually as it becomes commonly accepted knowledge that businesses are not successful with this type of advertising, spam should drop off.
Secession is the right of all sentient beings.
I'm sorry, I just don't buy it. Screw economics.
The bottom line Allman is NOT addressing is SMTP IS A BROKEN PROTOCOL. Spamming happens because it is EASY TO DO and it takes more effort to stop it.
SMTP was designed in an era where internet hosts implicitly trusted each other (this same era gave us the horribly insecure TELNET and FTP as well). That era is LONG LONG GONE.
The reality is that SMTP headers are too easy to forge. We will NEVER be free of open relays--this is the fault of the protocol as much as the clueless admins. SMTP needs to be completely replaced.
Look--you can still get spam-free email. Just not over SMTP. Believe it or not, FIDONET still exists and guess what--I don't get any spam there. Why? Because the system would smash down anyone that tried rather quickly--the protocol works. I've been encouraging anyone who will listen to jump back on one of the many FIDONET or Citadel BBS systems available on the internet for decent, spam-free email.
The problem started when text based email was upped to be able to have HTML inside.
It is the HTML that makes email a marketing tool, without it there is hardly any money to make from sending emails around.
Knowing the corporates it will never happen, they rather close down free email altogether and put on a fee based equivalent.
So they will do all they can to ruiening the current system, and what's better than combining marketing and destroying email at the same go...
the links. Except for the rare text only spam most spams either have a picture or a link that goes to a domain.
Those domains are used by tons of spammers. So by filtering out a single domain blocks dozens (or more) of spammers. And there's zero risk of blocking a legitimate e-mail since no legitimate e-mails are going to link to those spam domains.
The other bonus is that IPs are free from the ISP but domains cost real money. I've harvested hundreds of domains from spams that have hit my mail server and at $7 a pop or more, I've just "cost" spammers thousands of dollars. They have to pay a chunk of change any time they want to spam me about something. Every few days enough spams get through to care to update my Mercury Mail server filter with the new URLs.
And thanks to the HTML protocol you can't obfuscate an URL. The best they can do is base-64 the entire message but those are easy to filter out as well. It does't matter if they plain text the URL either. It's not looking for an href. It's just looking for "topofferz.biz" or whatever. As long as you keep the ".com" or whatever you don't have to worry about random letter domains that have letter combinations that can show up in legitimate attachments. Attachments are encoded without the use of a "."
The filtering happens server side so I save 50% of the bandwidth cost for every message caught. Plus cost spammers real money they paid for their domains. It's a win-lose situation just like it should be.
Ben
Work Safe Porn
How can anything I do now help my ancestors? They're more-or-less all dead.
It is quite easy to get rid of spam. This is what I do:
1. Receive Piece of spam regarding penis enlargement. Sent to junk mail, or doesn't go through my spam filter.
2. When I get a few minutes, and I'm rather pissed off at something, I pull up one of my default response templates. Ie, received E-Mail of Penis enlargement pill/patch/voodoo dance, and simply send an E-Mail back saying:
"Hi, I'm interested in your penis enlargement patch. Please send me some information on your product."
3. Wait for response to mail
4. Send another appropriate but stupid question to them, never actually purchasing.
5. Repeat step 3 if a further E-Mail has been sent to me.
Some interesting things I have noted:
1. My spam has decreased. The spammers are not all stupid and they blacklist my E-Mail address. (From 400 mails a day, down to about 50)
2. And this is the big one. It costs a small, tiny fraction of a cent to send out a generic spam advertisement. Therefore, easy or genuine responses are economically viable, as they only get a few a day.
Now just imagine, if we have the force of a fraction of a few dedicated /. readers. Perhaps about 100,000 of them sending on average 5 generic responses per day. That's 500,000 E-Mails to the evil inboxes of doom.
Let's say that 1 company gets 70,000 bogus E-Mails in a day. It still takes approximately 1-2 mins to read and respond adequately to a person if they want to make a potential sale.
Thats between 70,000 and 140,000 minutes a day. That's about 1,167 to 2,333 work hours a day to respond to the junk they get back to perhaps glean 100 real potentials from their campaign.
If you need to pay an employee just $10 an hour, that's still between $11,670 and $23,330 a day.
That's between $4,259,550 and $8,519,100 that the spammers have to pay in work hours.
Now, lets say that they make about $2,000 a day from the 100 e-mails they get that are legit. They are now running at a loss.
Reading only the subject lines and filtering out the 'non-genuine' responses will result in REAL reasponses being filtered out as well, making their profits drop.
As the article said, they are using basic market economic forces to make a profit. We can use basic market economic forces to reduce the spam.
Summary:
1. Responding to spam has reduced my Junk mail, probably due to blacklisting. (This is only me, and I am only stating what has happened in my case.)
2. If enough people respond with fake letters of interest, the spammers go broke, and it becomes non-profitable.
So a call to arms /. ers. You hate spam? Me too. Let's do something about it.
CRyACin
If life gives you shit, then sell fertiliser - Bayani Portier
Science advances one funeral at a time- Max Planck
As the article says, spammers send spam because they make money at it. The solution presented is one we've heard many times... charge for email and make it less profitable.
Why not go after the source? Go after the companies that are advertising via spam? Track them down, follow the links they send, follow the trail, and jail them. Fine them. Make them pay.
If the spammers are making money off of spam, that money has to lead somewhere. Follow it to the source, and deal with the source.
The infrastructure for micropayments on email would be insane considering that (most?) every country in the world would have to back it, there would be a huge amount of tracking and auditing to be done, and a fairly seamless cutover for millions of companies would have to happen... Yeah, right.
urg, he couldn't have made this any more obvious. Imagine he was a company selling sendmail: what would they try and do? They'd try and make it look like they weren't the ones responsible for the spam, as they'd have money (in his case, ego) on the line.
The problem here is a fundamental flaw in smtp.
The solution here is to redesign smtp. Even something as simple as a 'trusted peer server' model would work and wouldn't need a complete redesign: each server is the trusted peer of several others (say 5, and all would have to be fqdn). After mail is sent, and before that mail is delivered, the server it is sent from is validified to be a peer (by doing a quick check on the 5 servers that it claims are its peers). If the server sent from doesn't have peers, then the mail isn't delivered.
While this wouldn't completely trap all spam, and some spam would certainly still get through from exploited networks, it would make the job of maintaining accurate RBLs much, much easier, and would functionally run spammers out of business, if (say) the next sendmail version were to impliment the feature, and people started using it.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Kill all the Marketing Majors.
Amusing, but seriously, marketing majors and *professional* marketing people are rarely responsible for problem spam. The kind of spammers we hate are usually people who never went to college, and became bottom-feeders instead. I don't think you'll find too many MBAs in the porn industry, the illegal drug/supplement industry, or the pyramid scheme industry.
His buildup is fine, but his conclusion is off by a mile and a half.
Firstly, he claims that our bandwidth and disk space aren't free... welp, he's right, but only barely. The marginal cost of the additional disk space, CPU cycles, bandwidth, etc is virtually zero, but certainly positive. Yet then he claims that a spammer's costs are zero. What about their computers? Email addresses? Bandwidth? Hard drive space? Those certainly aren't less costly than the same types of resources for each individual recipient.
But, more to the point -- why filters will make reduce spam by effecting the marketplace:
1. The filters have forced the spammers to degrade their own salespitch. By being forced to include extra characters, poor spelling, lousy grammar, etc in an effort to circumvent filters, they are serving to reduce their own credibility. By doing so, they are making their advertising less likely to attract any particular customer. Therefore, their response rate of the folks who might respond to spam is reduced, making spam less profitable.
2. By making spam filters more and more effective and easy to administer, they will find their way to more and more people's mail clients. For many of the new adoptees of filters, it won't be because the new users sought out the filter; it will be simply because the filter was part of the email program they happen to be using. Some of these folks are in the set of "spam-responders", that is, folks that might respond to spam. So, as filters proliferate, they will end up filtering spam away from potential customers -- again, reducing response rates and hence profitibility of spammers.
So, there's two ways where spam filters will reduce overall levels of spam by using the powers of economics against the spammer. Reduce the liklihood that somebody will respond to a spammed message by reducing it's quality, and reduce the liklihood that a potential customer will even see the email in the first place. Sure, the recipient will bear some costs in the short term, but the long term results will be less and less spam overall.
Support a few technologists in Washington.
The answer: the sender pays an email tax to the recipient instead of the gov't or the ISP. This means that the cost of receiving the email is offset by being paid to receive it. If you don't want to charge Grandma or your favorite mailing list to send you e-mail, then add them to your Whitelist, and they don't pay anything.
This way, if you get spam, at least you're getting paid for it!
Implementation could be handled at the e-mail server level - the sending ISP pays the receiving ISP. The sending ISP adds the charge to the sender's bill, and the receiving ISP subtracts it from the receiver's bill, after taking the cut for their storage and bandwidth costs.
Therefore, if spammers steal an account with which to spam, they are now also stealing money from the account holder, which is covered under strong, existing laws .
Here's an interesting article on spam filtering: Boykin and Roychowdhury: Personal Email Networks: An Effective Anti-Spam Tool. They describe an automatic system that can look at your emails and find out who your friends are. Its classification accuracy is supposed to be perfect (i.e., no false positives or negatives), but it will leave some email unclassified (i.e., "don't know"s), so it does need to be combined with another filter.
This would work. First, you can always find the bank handling the transaction. Just put in a credit card number and watch where the transaction comes from in the credit card system.
Second, banks have strong merchant agreements with companies that accept credit cards, agreements that allow the bank to charge back transactions. So banks can enforce anti-spam terms of service on their customers. Once this gets into the regulations of Visa International and MasterCard, it's enforceable worldwide through the credit card infrastructure.
Third, the seller/spammer always knows, when the transaction goes through, where the customer is. So they are liable in the customer's jurisdiction, not the spammer's. If spam laws differ in different jurisdictions, the seller can block transactions from areas with strong anti-spam laws. Of course, if they have to block most of the developed world, they won't make any money, which makes spamming go away.
Sigh. This is the short-sighted, disconnected view of drug abuse that seems to typify the "legalize drugs now" crowd. Nothing happens in a vacuum. The parent comment isn't insightful or even interesting - it's tragic, if the poster actually believes it. When somebody busts out the window of a car to steal a stereo to sell so that they can buy drugs with which to overdose, then go to the hospital, have the bill paid for by the county, to whom we pay taxes, then off to detox, again supported by our taxes...then start the whole process over again. So either taxes have to increase or other programs get short shrift. Insurance premiums rise. Everybody who can afford it moves away. Worst of all, those "volunteers" lose opportunities...for themselves and for everyone else.
I've seen it in Los Angeles, San Diego, Boston and New York. I've even seen it in places that you've never heard of, like Nampa, Idaho and Portsmouth, Rhode Island.
If you really believe that the only resources that drug dealers consume are those of their customers, then you're just fantasizing.
-h-
What if an ISP did the following:
Email "light" - you can only send messages to up to 20 recipients - more than that will be met with an error message from the SMTP server
Email "plus" - $4.95 a month, and you can send mail up to 100 recipients at a time - again, an error message if limit is exceeded
Email "bulk" - you need to specifically call to enable this, and it allows you to send to as many recipients as you want, but every recipient over 100 people is $0.01 per person.
Thus, a spammer could not use a person's machine as a spam conduit because the person would be unable to send the spam! Now, the spammer could put a mailing list on their own server and then make a worm to send to that, but they'd still have to get and maintain a server for the mailing list, so what's the point?
Another nice note - it makes things a pain in the butt for people who want to send chain letters to everyone in their address book. People that do this are unlikely to either take the time to create groups of 20, and send the message several times, nor do I think they'll pay $4.95 for the ability to send junk messages.
I think the grandparent poster is absolutely right. Make SPAM cost something for the sender and then only people who can afford to pay will send SPAM, and the overall amount should decrease, probably dramatically.
Kevin
Conventional wisdom says that we have so much spam because:
(1) E-mail is so cheap that it's essentially free
(2) The low cost of e-mail makes Spam very profitable, which is why there's so much spam.
I think this may be wrong.
With the all out war being waged against spam, I seriously doubt it's all that profitable. I believe that spam is the result of greedy wishful thinking.
Think about state lotteries. A lottery ticket only costs a dollar and promises a chance to win lots of money. So, every week, millions of people spend a few dollars (or more) on lottery tickets. And even though they never win anything (or nowhere near the amount they spend), they keep buying lottery tickets, week after week, month after month, year after year.
Why? Greedy wishful thinking: a few dollars a week is a small price to pay if it will make me rich someday.
And I think that same basic mentality is driving spam. Sending out millions of spam e-mails costs very little and takes very little effort, so why not try it.
These are the same people who buy into all the various MLM and get-rich-quick schemes. They are convinced that they just need to keep sending out as much spam as possible and someday it will pay off.
If you know who they are, you can filter their mail or report their criminal activity.
A big time spammer forced to identify himself would not stay in business for long. The anonyminity is the most important aspect of their business model.
Conformity is the jailer of freedom and enemy of growth. -JFK
I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.
.....).
He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who
The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.
Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.
Since the big companies don't "know" that they're dealing with a spammer.......
(Apologies to those who have seen this before.)
You advocate a
( ) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're stupid for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Nathan's blog
Bandwidth, disk space etc are *not* the primary cost here - these costs are falling anyway.
What is not falling is the value of my time - the right to put a message in front of me. As people find themselves buried under 'information overload' the value of eyeballs is increasing.
This cost, the cost of my time, is the the most important externality that traditional email is underselling to spammers.
So I now have two types of email address:
1) A private address that I only tell my friends - it blocks mail from non-whitelisted addresses.
2) A public address that is pay-to-send using the sudonames.com system. This is the address on this comment, for example.
Mail to either address ends up in the same inbox, so it is really convenient. No mail is ever lost, and I never get *any* spam at all.
Problem solved!
No, we'll just put and end to government funded healthcare, welfare and such. Then people will be free to turn into ignorant turds with out the resultant drain on our pocketbooks from drug laws or from handouts.
I metamoderate, therefore I am
From what I understand, a spammer selling, for instance, penis enlargement pills will sell three or four bottles from a spam run of 100 million spams. Let's say he makes $200 and assume it is pure profit (it is).
Let's further assume of the 100 million spams, 10 million made it to the Microsoft Outlook Inboxes of unique users. Let's say that each spam took 5 seconds to delete. If their time is worth $10/hour (assume half the victims are kids students etc, and half are professionals) the spammer cost them $100,000 of their time to make his lousy $200.
This does not take into account higher ISP fees, anti-spam program costs, credit card back charges, loss of business from lost legit emails, and the terabytes of wasted bandwidth for each and every spam run.
Spammers are conscious of this and their continuing to do it is an indication of sociopathic behavior.
i think a much overlooked fact is, that Spam is moving towards organised crime. Currently we have several trends working that way:
I think a lot of people look at Spam as a kind of nuisance. It is more. If the observed trends continue, we'll find Spam sent by those same friendly guys who offer the heroin to your kids. No joke or rethoric intended, i'm plain serious on that one. Take a look at Sobig, the backdoors it opened and what kind of Spam and how fast you got it.
Regards, Martin
In return, the commercial helps pay for the programming you're seeing. That's the trade; your resources in trade for entertainment / information and their message.
Billboards exist on private property - whether you're looking at them or not is your issue. None of your resources are taken up by their existence. Of course, some areas and communities do place restrictions (or outright ban) billboards and other signs.
A fair enough point. I have to agree - the majority of my "mail" these days ends up in a bin. Although the cost of mailing items does keep this somewhat in control. Email demonstrates how insane dealing with physical mail could be if it weren't for the associated cost.
You've missed on, by the way. "Junk" FAXes. Illegal. Why? Because the recipient is paying for the message in the form of toner and paper. And the incoming message ties up their resource - that is, the phone line.
You see - its not about who makes money. Its about choice, cost, and depletion of resources.
I think a lot of the actual practitioners of spam are simply id10ts who've been duped into believing that the economics of it are in their favor. ("Look at how many people are doing it!" "They said on TV that it doesn't cost hardly nothing"). So they buy mailing lists, spamware, etc. from folks dealing in such stuff... as Make Money Fast! scams. Spammers don't necessarily last very long individually; they seem so persistent only because of the ongoing supply of suckers.
If so, it isn't the cost/benefit of spamming that keeps the crap flowing, but the cost/benefit of selling spamming. It's not the open relays out there that are the problem, but the open (slack-jawed) mouths.
http://alternatives.rzero.com/
Hello, I'm Barry Shein, I run a sizeable ISP, The World, www.TheWorld.com. You've probably heard me speak or write about spam before (see: http://www.TheWorld.com/~bzs).
Spammers do not sell advertising.
What they sell is crime.
Let me give you an analogy:
Say my name was Tony S. and I said I was in the waste disposal business.
Now say that you have a small herbal viagra factory which produces a few drums of toxic waste daily which need to be properly removed.
You're paying a service $100 per drum. I come to you and say I'll do it for $20 per drum, an 80% savings.
Cagey person that you are, you realize that's a very good deal so take it and you're even smart enough not to ask too many questions.
Every night a coupla oddly well-dressed guys come by and take your drums away in a different pick-up, in the morning the now-empty drums are by your back door, and you pay your bills. All is right with the world, your bottom line looks better than ever.
Except for one thing, they're just dumping the barrels off the side of the highway late at night when no one is looking.
Are they selling you waste removal services?
Or are they selling you crime?
I contend that without the break-ins, exploitation of bugs in web scripts, PC's purposely infected by viruses which let spammers use them to send spam by the tens of thousands, etc., spammers could not operate.
Not any more than Tony S could remove drums for $20 each and dump them legally and stay in business when everyone else has to charge $100/drum.
Sure, you could IMAGINE someone underselling the $100/drum price, or someone spamming without egregiously breaking any laws.
But I say IT'S IMPOSSIBLE, you can't LEGALLY send (as someone gave as an example earlier) 200M mail msgs for a gross return of $200 legally, day after day and stay in business.
You can't afford the bandwidth on that price.
You can't afford the computer power.
You can't afford the lawsuits and other legal problems if you were so easily identifiable using stable internet addresses you bought.
You can't afford to be mobile as your victims block your IPs relentlessly.
You can't do it. You cannot do it legally.
And if you had to do it legally it'd look completely different. More like those commercial messages you get which you think are ok or tolerable anyhow from Microsoft or Sun or that magazine you subscribe to, rather than the immense deluge of filth and crime and questionable come-ons spam usually represents. Honest people can't operate like that, or not for long anyhow.
THEREFORE: Spammers sell crime, not advertising (or whatever they appear to be selling.) Just like the factory owner could dump his own toxic waste off the side of the highway for even less than Tony, the person hiring the spammer is hiring a criminal because for the relatively low price why take the chance or learn the tricks of the trade?
As Tony might say: Ya think dese spam guys are boy scouts or what? Wake up!
The sad point of all of this is that I'm going to (sort of) defend the cocaine dealers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as coke dealers can take in more money than it costs them, they will continue to sell cocaine. This is "rational" behavior in the economic sense.
The sad point of all of this is that I'm going to (sort of) defend the child pornographers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as child pornographers can take in more money than it costs them, they will continue to rape children. This is "rational" behavior in the economic sense.
The fact is, engaging in kiddie porn, drug dealing, and spamming requires more than a profit incentive; It also requires a complete lack of any moral compass whatsoever, which we all agree that the three groups above do.
I am quite frankly amazed that no one has shot Richter or Ralsky in the head with a large-caliber shotgun yet. Once THAT happens, the tide of spam will turn.
At any rate, I could argue that they are NOT responding to basic market forces; Before spam inundated our inboxes, did any one want to be carpet bombed with offers to "3n14rge yur ===) and (.)?" NO. At a point in the not so distant past, the ratio of gullible morons on the internet reached a high enough value that it became profitable to defraud them en masse. When everyone but the aforementioned candidates for "You Are A Fucking Moron 9" (google for it) took offense, the spammers did the same thing America did in Vietnam: Step up the carpet bombing; You've got to hit one eventually, regardless of the number of innocents you hit in the process.
As was pointed out in the article, the situation with spammers sucks right now. The only way it's going to change is if we can change the economics of the situation--this calls for novel ideas, such as Unsolicited Commando, which uses the idea of false positives to make it economically less profitable for spammers.
The idea is based around the fact that there are to places to attack the economics of spam: one, the sending (spammer) side, and, two, the response processing (employer of spammer) side. It's already been argued that making email cost money to send isn't really feasible, at least not in the future.
But you can increase the cost of the response processing: every time companies get a positive response to their spam, the company must put at least some amount of effort into validating the information and then processing it (such as a subscription, product placement, etc.) So, what if the company received lots of potentially valid fake responses (false positives) to spam, so many that the processing costs would actually outweight the benefits of advertising with spam? If companies could never figure out who their real customers were, it wouldn't be worth it.
That's the idea behind Unsolicited Commando, a small program that runs in the background on your PC and that receives "orders" from a central server essentially giving enough information for the program to go to a website and fill out a form with real-sounding but bogus info. If enough computers were doing it, bogus info would be coming from such a variety of internet addresses that there'd be no way for spam companies to filter it.
So far as I can see, this type of approach is our best bet.