Slashdot Mirror
In (Sort Of) Defense of Spammers
CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.
Drug dealers and people who commit fraud aren't going to go away becuase they can make money ding what they do. We still despise them and send them to jail when we find them.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Kill all the Marketing Majors.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
When it comes right down to it, heuristics and Bayesian filters and challenge/response systems do improve things from the point of view of the recipient, but not from the point of view of the IT group that has to support all this overhead. Ultimately, e-postage is probably the right way to go, but the costs (implementing the micropayment overhead, plus protocol changes, plus the human frustration) are prohibitive in the short run. Don't look for this in the next couple of years. Besides, people just hate the idea of paying for their e-mail.
.01 cents an email, I don't think anyone would mind paying a cent for a hundred emails we sent out (if it meant no spam). To a spammer, such a cost suddenly makes bulk emailing not an option and they'd be screwed. I wouldn't mind an electronic analog of "junk" email in the way we get junk snail mail. It's not something I love, but legitimate companies do have legitimate goods and services. This is to say, I'd have no problems if "junk" email was 2-5 emails a day from medium/large legit companies containing various sales info.
A questionable set of assumptions. If you charged
G-Force music visualization
Happy Trails!
Erick
http://www.busyweather.com/
We've known this all the time. Spammers spam because it makes them money. Didn't we have a /. article a while back showing how big of a house a big-time spammer had, and giving all sorts of stats, e.g. foreign servers in China, Russia, etc spewing spam, three T1 lines, a network of computers in his basement, etc?
Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.
As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'"
I don't follow. Responding to "market forces" (and God knows I'm an ESR-esque capitalist) doesn't give you the right to invade my privacy. Arguably, the mafia responds to market forces. Extortion is "rational behavior in the economic sense." Your point being?
I have discovered a truly marvelous
Plenty of crimes (Drug dealing, fraud, plain 'ol theft) make sense. That doesn't mean they're morally acceptable.
If your theory is different from practice, then your theory is wrong.
"... the economic forces that have led to the spam problem ..."
That is an easy one:
Greed+Stupidity=Spammer
Only to idiots, are orders laws.
-- Henning von Tresckow
I never understood what was wrong with making spam okay (to a point) as long as they have an Adv: in the subject line. This still allows other people to get it, along with an easy way to filter.
"The problem is that our approach to the solution has also been short-term thinking. We have to think long-term. We have to make the spammers pay more than we do."
:P
My dear sir, the problem has been more than adequately defined a MEEEELYUN times at least. I was hoping for a solution, not another whiny 'spammers do it 'cause it's so cheap' rant. Like that's news.
---
SCO is weenies
Gator is Spyware
Microsoft is thugs
While spam benefits spammers, it steals man-hours and network resources from companies who would rather put their personnel and equipment to more productive (and profitable uses). Spam is the collect call that you're forced to accept.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
There are many things which are clearly "wrong" and which, therefore are not "right" regardless of the cause. I really don't think that "market forces" are a justification for filling your mailbox with as many penis-enlargment or "generic male enhancing formula" ads as possible.
Seriously, sometimes there are forces which drive me to run nearby vehicles off the road whilst on the freeway, but I find the human capacity to control myself for the greater good. Why can't we ask the same for spammers? Because they face absolutely no punishment or cost for their actions.
The point of the whole article can be summed up, IMHO, in the paragraph below:
Ultimately we have to reassign costs from the recipient back to the sender. Such costs can be artificial (e.g., e-postage) or fundamental (e.g., slowing down SMTP connections, perhaps by adding authentication overhead).
So, he is actually making an argument for one of Microsoft's projects: The Penny Black Project.
Quem a paca cara compra, paca cara pagará.
In an economic sense, yes.
If the cost of the lawyers he has to pay for, the lost time spent in jail, and the other costs associated with the activity are less than the gain (resulting in a net profit of sufficent size), then from an economic standpoint it is a rational career path. Remember, the 'Willie Sutton Principle' is named after a bank robber.
Whether or not it's a moral career path is an entirely different issue.
I am sorry, anyone who responds to penile-enlargement ads, or nigerian scams, or any sort of other spam is a complete and utter moron.
I dont know why anyone out there would do this, especially given the poor quality of the advertisements sent out via email by the spammers....
Ahh..but as Monsieur Barnum said, "A Sucker is Born Every Minute"....it was true then and it is true now, there are people out there too stupid to live!
And in response to a previous post, at least drug dealers and embezzlers require a modicum of intelligence, the haphazard style of the spammers indicates they have none.
Post apocalyptic gaming goodness
Willie "The Actor" Sutton was a bank robber. His claim to fame is that someone asked him "Why do you rob banks?" and his answer was "Because that's where the money is."
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Well... I RTFA and that article didn't go anywhere.
/. postings and personal experiences.
He says there's a spam problem (no kidding?) and that the economics of it are viable (Well, no kidding? Is that why we continue to receive spam?) and there's no way to stop it without incuring an overhead in transmission (either through permission based, authentication or challenge and response) - well... we already knew that through 100's of
So what was the point of the article? To just rehash the same old situation?
We need a solution, not a restatement of the problem. The solution is going to involve more overhead, because the fundamental problem with SMTP is the touted low overhead itself. There's no real authentication and anyone can send anything to anyone else. THAT is the problem, so of COURSE we are going to have to have more overhead in a "new" SMTP protocol of some sort if we want to affect a change. This is just a given.
The focus needs to be on coming up with a system to track the responsible parties (for good or ill) - and that will cost overhead. We'll have to suck it up, but it's the way it's going to have to be, unless we want to continue on the road we are on now.
Charging for email without securing the email infrastructure is a bad idea.
Spammers don't send mail from their computers, they send from your computer. Who gets the money from this micropayment? If its the recipient, guess what? All of the spam will be directed to the spammers from the hijacked computers. Instant Powerball jackpot winner. If the ISP gets it, guess what? All of the spammers will become ISPs.
Adding a new market force just changes the dynamics, it doesn't eliminate the crime.
Yes, but you forgot an important factor. If the person is truly rational, they will use the following formula:
Expected Gain = (Gain from burglary) - [(Probability of being caught) * (Estimated monetary cost of penalty)] - (Opportunity Cost)
Opportunity cost is important - my opportunity cost is high, for example, since the next best option for me is my current job, which pays well, has health beenfits, etc. For someone with only a GED, though, it is significantly lower.
the estimated monetary cost being caught is a value assigned to the penalty (i.e., how much is it worth to me to stay out of jail).
Given that formula, a truly rational person will burgle whenever the Expected Gain is greter than 0.
Well, the main health insurance company here has a helpful service that will send a text message to your mobile phone to remind you to take your contraceptive pill. My only regret was that 6am was the earliest time you could select for that reminder...
Spammers spam because it is profitable. Companies hire spammers because it brings them in money. 95% of the spam I receive is illegal (forged headers, no opt-out,etc). I wonder if we could petition Visa/MasterCard to have a process for cutting off the merchant accounts when there is evidence of illegal spam. Then it would no longer be profitable to hire spammers.
I wonder if the PR coup would be enough to offset the money lost from spammers transactions.
The email system (and bandwidth on the internet in general) is sort of like communism. Things are fine if everyone behaves themselves and respects others' rights etc. It can work well for small communities. But obviously humans are greedy. So when the internet grows big you get into all these problems. Laws make the problem worse, because if you outlaw an economically sound model you start seeing the totalitarian side of communism.
Could we have designed a mail protocol which cannot be abused in this way? Sure: mails are kept on a server for which the sender pays until the receiver decides whether or not to view it (or a timeout elapses). Just the reverse of SMTP. I won't go into the details, it has been discussed at length on /. before. But is it practically feasible at this stage to switch to such a system? That's an entirely different question.
I can see SPAM killing itself in the not-to-distant future. SPAM is a numbers game, and it used to be that they could get very small response rate and still make money if they sent out a large volume of mail.
Now, everybody is assaulted with countless email messages, mostly peddling the same products. As people get more and more SPAM, the response rate will inevitably drop lower and lower, and I believe it will eventually bring in too little money to justify the costs that spammers incur to send it out.
My public email address will have 100% junk email on some days. I read 0% of those emails beyond the subject line. 3 years ago, when it was only 10-20%, I at least had a chance of actually viewing the message as I was sorting my mail.
As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.
I don't follow. Responding to "market forces" (and God knows I'm an ESR-esque capitalist) doesn't give you the right to invade my privacy. Arguably, the mafia responds to market forces. Extortion is "rational behavior in the economic sense." Your point being?
His point being "The problem is that our approach to the solution has also been short-term thinking. We have to think long-term. We have to make the spammers pay more than we do." I know, I know, reading the WHOLE article is very hard. Congratulations on your +4 Insightful.
I have a lot of opinions about Cyborgs and Architects
that you don't understand the premise.
"In the economic sense" means you look at the problem purely from the economic standpoint. Not the legal, not the ethical, not the moral - the economic. Just the economic.
Think of it as functioning in a world of just economics without outside forces like law and morality. Things that make sense - i.e. that will make money - are good, period. However, these ideas tend to lose their appeal when acted on by outside forces - i.e. the aforementioned law and morality. You rolled law and morals into your assessment of a model that does not address them.
I want to drag this out as long as possible. Bring me my protractor.
I have a strong suspicion that most of the little-guy spam email factories are really just suckered into an industry with the same structure as Mary Kay Cosmetics, Herbalife, Tupperware, Avon, and many other multilevel marketing systems (aka MLMs).
It starts with shit-on-a-stick advertising. You know, the handbills and placards on street corners, or on your company breakroom bulletin board. Somebody reads this junk and thinks they can finally have a job which doesn't require much time and lets them raise their rugrats too. The advertising doesn't say what it IS, it says a lot about what it ISN'T. No selling. No parties (unless you want). No data entry. Use the computer you've got. Some will mention MLM pyramid buzzwords, like "grow your organization," and "get your friends involved with your new company."
Now, in many fraudulent MLMs, you have to pay a fee for a starter kit from your advertising contact. The only difference between a legal MLM and an illegal Ponzi investment scheme is the "product." If you actually schlep skin-cream or candles, you *theoretically* can make back your starter investment without growing a downline organization of other suckers.
You can buy other aids from your advertising contact if you find yourself floundering. Buy a CD-ROM with more email addresses. "Validated." Finally, if you don't think you can possibly sell that much product personally, the only way to escape without major losses is to put out some cheap advertising on your own, asking your friends to get into the act. That's right. Sucker other people to join the organization, so they can share in the same bad investment you originally made.
Spam email "product" would just be the opportunity advertising space itself, which marketing majors will tell you is seen as inventory. The fun thing about email "advertising space" is that it isn't really accountable. You can just run spiders to comb more databases to create more advertising space. Those who get some technical savvy will figure out how to work around a spam filter, and then you can start to build your own library of "validated" addressing space, ready for delivery.
The only way to break apart an illegal MLM is to find the organizing agents of each illegal MLM, and pound them into the dirt legally. Upper tiers are usually found to be defrauding their downline agents, through misleading buy-in advertising. Then prosecute every downline until the roots are too small to grow back on their own. Of course, if they legally have a "product" like "advertising space," and they're careful about how they phrase their recruiting pitches, it's going to be hard to prosecute effectively with today's laws.
[
carefully-target unsolicited email (aka spam) was an essential part of our business plan
..
He's a spammer! I'll grab the tar, someone get feathers and pitchforks..
Spamming is an ethical issue at its heart. Using open relays, using individuals' computers to forward mail, and other uses of bandwith that the spammers aren't paying for is at the least dishonest, and moreso argueably theft.
There is also the consideration that freedom of speach by definition includes freedom from speach, so we shouldn't have to be subjected to the spam in the first place.
Why do the above? It forces the spammer to house the mail instead of the recipient. If it is a spam, there's a good chance the sending site will be blacklisted before many of the recipients ever receive it.
Not perfect, but it changes the economic balance in the right direction without payment schemes.
Responding to economic forces does not in any way exempt anyone from being subject to moral and ethical evaluations.
If I mug people for money and manage to get away with it, that doesn't constitute a defense of any substantive kind. Yes my behavior can be *explained* motivationally by economics, but for someone to therefor be emotionally conflicted as to whether or not I should be condemned for it would be - to put it kindly - absurd.
Now if the alternative for spammers was to starve to death, that would cast this in a different light. But that's not the case. Spammers are people who could have chosen to go to work doing something useful, and instead decided to pollute the commons.
- First they ignore you, then they laugh at you, then ???, then profit.
Okay, accepting that everyone has a right to try to make a living, but the thing that irritates me most about spam is that I'll get the same email 6 times in one day to the same address!
So unlike snail-mail based junk mail where the costs ensure the sender will only bother to "spam" me once a month, email spammers abuse the system.
If they'd just behave a little more sensably then I'd have more simpathy/empathy.
The other thing that annoys me is the content of some of the emails. It really isn't right sending out explicit email when you don't know anything about who's receiving the email.... seriously, some of the spammers should be hung, drawn and quarters for the sh*t they send out.
Getting back to the "volume" problem, this will eventually force the spammers out of business, as it will continue to increase and force changes to the email system. It would therefore make sense for spammers to draw up some kind of unofficial code of conduct, e.g. clean their email lists of dupes and "webmaster" and "abuse" addresses, etc, and only send any given "advert" to a single address once every... month preferably, but if they restricted themselves to once a week it would still be a vast improvement.
I can't see that this would be at all difficult for a spammer and I can't see that it would make any difference to the volume of business generated... I mean, there ain't no way I'm going to order viagra 6 times a day anyway!!
This is something that's bothered me for a long time. If spam largely is fraudulent (direct ripoff) or advertising fraudulent products (real product, doesn't work), or even criminal (selling drugs illegally), why don't we ever hear about prosecutions for this?
Presumably the money trail is the easist thing to follow in a spam message, particularly with the scary new laws associated with money movement these days. It also seems that RICO statutes could be used to ensnare pretty much everyone involved as part of a corrupt enterprise. And then you go away for hard time, 10-20 and forfeit most of your assets to $100k+ fines.
Given that these laws are powerful and their penalties severe, it would seem that a couple of major RICO busts would put a serious dent in the overall spam business. It would not eliminate it completely, but serious jail time for some of the larger members as well as continuing prosecutions might make it much more scarce.
My own theory is that the government is loathe to prosecute fraud, simply because "aggressive marketing" is so entrenched in otherwise "legitimate" business. My tinfoil hat extension to this theory is that otherwise legitimate businesses are profiting immensely from spam (albeit at an arm's length), and have told FTC/FBI to go easy on it (naturally through their paid-up contributions to their favorite officials).
Although to this day, I'm still wondering why nobody seems to go to jail for selling bogus penis pills and Valium without a perscription.
"No one finds a briefcase full of crack on the street and asks, 'Hmm...how am I going to get rid of all this crack?'."
"It is seldom that liberty of any kind is lost all at once." -David Hume
Just because spamming is not illegal (and it is, under an increasing number of laws) under some conditions does not make it morally or ethically "right." It is still theft by conversion and trespass to chattel. The court system decided that a lonnnng time back in the original case of Cyber Promotions vs. AOL.
Muggers, shoplifters, and other thieves are not going to go away as long as they think they have even the ghost of a chance of making a quick $$.
Spamming is not going to go away as long as spammers think they can make an equally quick $$.
Spamming would stop practically overnight if the entire Internet-using population simply failed to respond to ANY of the offers contained in spam, no matter if they came from a supposedly "legitimate" company (and, in my eyes, no company that sends any form of spam can be considered "legitimate") or some huckster in a double-wide in a trailer park.
The answer, to my eyes, is two-fold, and is simple enough.
(1) Extend the existing anti-junk FAX laws to cover E-mail. In other words, ban spamming outright. Period.
(2) Teach people early and well, especially the earlier generation: NEVER RESPOND to spam, other than to block or filter it.
Bruce Lane, KC7GR,
Blue Feather Technologies
Working for a living, even with those annoying advanced degrees, costs a significant amount of time and effort. I've seen claims that acquiring a single job through direct application costs close to $100. And that's not considering the 40 hours a week one must spend at the job. Doing a job that pays poorly is inefficient, so workers limit the number of jobs they do to the highest paying they can find.
But suppose it costs you essentially nothing to make a buck through mugging. Then your best strategy to maximize profits is to mug as many people as you can find. After all, if you're mugging mortgage financiers, there might actually be some money in their pockets. You would miss those potential money sources if you trimmed your list. Perhaps some folks who have expressed interest in designer beer mugs are also walking in your area. If you did the "rational" thing you and didn't hit them over the head with a sand-filled sock, you would miss them, and it costs you nothing, right?
The sad point of all of this is that I'm going to (sort of) defend the muggers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as muggers can take in more money than it costs them, they will continue to beat people senseless and take their money. This is "rational" behavior in the economic sense.
For the billionth time, Spam != advertising. When a company advertises, THEY cover the costs of the advertising. They buy the billboard and pay the guys to put their ad up on it. Spammers, on the other hand, use MY money, MY network and MY time to deliver advertisements to me. The reason spammers are able to break even is because they're using other people's resources to get their advert out. Besides, if the "common man" wanted your "mass-communication" everyone would be checking out www.viagra-adipex-free-teens-larger-wang.com instead of slashdot.
But there is another kind of evil that we must fear most... and that is the indifference of good men.
Mafia Don Announces New Anti-Spam Venture
As the NSA and FBI fear, traditional crime organizations have been incorporating high-tech communication into their organizations. Although Janet Reno was quoted stating "This is law enforcement's worst nightmare.", techies around the world are sure to be pleased with one New York Syndicate's new venture.
It all started when Don Dominiqi signed onto his AOL account last Monday morning. His inbox was filled with "Make Money Fast", "Viagra On-Line", and "Teenybopper Web Sex" ads. Lost amidst the drivel was an important note detailing a non-taxed shipment of Marlboros, which were later confiscated by the BATF. Little did he know, as he shouted "Bring me the left hand of this f*cking gutterslime!" what would become of it all.
Later that same day, Billy "Run!" Brutekowski and Larry "My Eyes!" Plucker cornered the pasty-faced offender of the Family in a small cyber cafe in Grenich Village. "This was by far the creepiest place the Boss has ever sent us." stated Billy, who only spoke on condition of anonymity. "Everyone in this place looked pale and sickly, like they had already been 'spoken to'. We asked for this punk, and several people quickly pointed him out. Most of the scum we find in gin joints aren't so quick to finger one of their own," Billy continued.
"He must not watch much TV, because this sh*t didn't even flinch when we came to the corner he was hiding in," Larry proceeded to relate. "We dropped this sheet of paper the Boss had given us on his table and he says 'So you guys want to make money fast, eh?' He puts out his and says to give him $20. This scrawny little dirtball tells me to give him $20!" Larry was quite agitated at this part in his story, and his description of how Sammy Spammer's hand fell off was quite garbled.
Billy continued, "Up till now, this was a routine visit. We was just being playful. The weird sh*t began when we tried to leave." "This pimply faced kid blocks the door as we try to leave, and I'm thinking to myself 'Great, a f*cking Karate Kid hero. He just stand there, and then he hands me a $5 bill." Billy pulls out the $5, and holds it like it is his first quarter from his favorite grandmother. "They lined up after that, and we had $175 in 'tips' when we left the joint."
Later that day the Don himself visited the cafe, unwilling to believe the story. Although the details are unclear, sources at the cafe indicate that the Don has hired them to build and host a new Anti-Spam site. Through a SSL transaction system, the site will accept spam complaints and credit card donations towards 'solutions to problems'. Multiple complaints against the same spammer are added to the total until an acceptable solution has been found.
Larry tells us that a typical $250 solution is a broken hand, and for $2000 all anyone ever sees again of 'the problem' are his shoes.
The URL is to be announced next week, and the cyber cafe's phones have been jammed with requests for more information.
I've posted this before, but it is still funny.
"It is a greater offense to steal men's labor, than their clothes"
Everyone always says that as long as there are people willing to buy this product, spamming will continue. Well, looking at the products advertised by spam, I have trouble believing anyone buys these products.
I don't believe the problem is that spamming successfully brings in new customers. I believe the problem is that spammers sell their service to unsuspecting "businesses" that believe whatever phony lines they are handing them about how it will be good for their business. As long as there are small businesses who believe this, spammers will find a market for their services and spam will continue, even if the premise that spam has a nonzero response rate is untrue. Eventually as it becomes commonly accepted knowledge that businesses are not successful with this type of advertising, spam should drop off.
Secession is the right of all sentient beings.
I'm sorry, I just don't buy it. Screw economics.
The bottom line Allman is NOT addressing is SMTP IS A BROKEN PROTOCOL. Spamming happens because it is EASY TO DO and it takes more effort to stop it.
SMTP was designed in an era where internet hosts implicitly trusted each other (this same era gave us the horribly insecure TELNET and FTP as well). That era is LONG LONG GONE.
The reality is that SMTP headers are too easy to forge. We will NEVER be free of open relays--this is the fault of the protocol as much as the clueless admins. SMTP needs to be completely replaced.
Look--you can still get spam-free email. Just not over SMTP. Believe it or not, FIDONET still exists and guess what--I don't get any spam there. Why? Because the system would smash down anyone that tried rather quickly--the protocol works. I've been encouraging anyone who will listen to jump back on one of the many FIDONET or Citadel BBS systems available on the internet for decent, spam-free email.
It is quite easy to get rid of spam. This is what I do:
1. Receive Piece of spam regarding penis enlargement. Sent to junk mail, or doesn't go through my spam filter.
2. When I get a few minutes, and I'm rather pissed off at something, I pull up one of my default response templates. Ie, received E-Mail of Penis enlargement pill/patch/voodoo dance, and simply send an E-Mail back saying:
"Hi, I'm interested in your penis enlargement patch. Please send me some information on your product."
3. Wait for response to mail
4. Send another appropriate but stupid question to them, never actually purchasing.
5. Repeat step 3 if a further E-Mail has been sent to me.
Some interesting things I have noted:
1. My spam has decreased. The spammers are not all stupid and they blacklist my E-Mail address. (From 400 mails a day, down to about 50)
2. And this is the big one. It costs a small, tiny fraction of a cent to send out a generic spam advertisement. Therefore, easy or genuine responses are economically viable, as they only get a few a day.
Now just imagine, if we have the force of a fraction of a few dedicated /. readers. Perhaps about 100,000 of them sending on average 5 generic responses per day. That's 500,000 E-Mails to the evil inboxes of doom.
Let's say that 1 company gets 70,000 bogus E-Mails in a day. It still takes approximately 1-2 mins to read and respond adequately to a person if they want to make a potential sale.
Thats between 70,000 and 140,000 minutes a day. That's about 1,167 to 2,333 work hours a day to respond to the junk they get back to perhaps glean 100 real potentials from their campaign.
If you need to pay an employee just $10 an hour, that's still between $11,670 and $23,330 a day.
That's between $4,259,550 and $8,519,100 that the spammers have to pay in work hours.
Now, lets say that they make about $2,000 a day from the 100 e-mails they get that are legit. They are now running at a loss.
Reading only the subject lines and filtering out the 'non-genuine' responses will result in REAL reasponses being filtered out as well, making their profits drop.
As the article said, they are using basic market economic forces to make a profit. We can use basic market economic forces to reduce the spam.
Summary:
1. Responding to spam has reduced my Junk mail, probably due to blacklisting. (This is only me, and I am only stating what has happened in my case.)
2. If enough people respond with fake letters of interest, the spammers go broke, and it becomes non-profitable.
So a call to arms /. ers. You hate spam? Me too. Let's do something about it.
CRyACin
If life gives you shit, then sell fertiliser - Bayani Portier
Science advances one funeral at a time- Max Planck
As the article says, spammers send spam because they make money at it. The solution presented is one we've heard many times... charge for email and make it less profitable.
Why not go after the source? Go after the companies that are advertising via spam? Track them down, follow the links they send, follow the trail, and jail them. Fine them. Make them pay.
If the spammers are making money off of spam, that money has to lead somewhere. Follow it to the source, and deal with the source.
The infrastructure for micropayments on email would be insane considering that (most?) every country in the world would have to back it, there would be a huge amount of tracking and auditing to be done, and a fairly seamless cutover for millions of companies would have to happen... Yeah, right.
Funny, but grand parent makes a good point. Spam is legit. I wouldn't mind getting an e-mail from the pizza place down the street, or that a near-by mall store is having a sale. I wouldn't mind a grocery store sending me coupons, or anything like that.
Just put "adv:" in the subject so I don't have to look at it if I don't want to. The problem isn't with spam, it is with the unaccountability of e-mail. Fix fradulent headers, have clear subject line, ensure accountability, sprinkle some legislation, and e-mail becomes a legit enterprise.
Thing is you have to throw in some things for spammers too, or they'll always try to break the rules. Provide a mechanism to target geographic and demographic areas. Perhaps a WHOIS registry for e-mail, perhaps only stating 'mail service start in CITY,STATE,COUNTRY'. Make it so that only people with a physical presence in that region can spam users in that region. Restrict access to this database with a fee and ensure only that person is spamming with 'sender permitted from' (SPF) Then there is a way to _target_ and _control_ spam.
Spam becomes a valuable tool for regular businesses and spammers cater to them and not porn and adult services and whatever other crap is being produced now. Users see real advantage in reading spam because it is about stuff in their region, and could possible save them money. People buy the sunday paper for the ads, people will read spam for the same purpose. Everybody wins, even spammers.
Marketers sometimes fail to see that you can't force advertising down on people. Give the people a reason to listen to you, and they will come.
Why, o why must the sky fall when I've learned to fly?
urg, he couldn't have made this any more obvious. Imagine he was a company selling sendmail: what would they try and do? They'd try and make it look like they weren't the ones responsible for the spam, as they'd have money (in his case, ego) on the line.
The problem here is a fundamental flaw in smtp.
The solution here is to redesign smtp. Even something as simple as a 'trusted peer server' model would work and wouldn't need a complete redesign: each server is the trusted peer of several others (say 5, and all would have to be fqdn). After mail is sent, and before that mail is delivered, the server it is sent from is validified to be a peer (by doing a quick check on the 5 servers that it claims are its peers). If the server sent from doesn't have peers, then the mail isn't delivered.
While this wouldn't completely trap all spam, and some spam would certainly still get through from exploited networks, it would make the job of maintaining accurate RBLs much, much easier, and would functionally run spammers out of business, if (say) the next sendmail version were to impliment the feature, and people started using it.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
His buildup is fine, but his conclusion is off by a mile and a half.
Firstly, he claims that our bandwidth and disk space aren't free... welp, he's right, but only barely. The marginal cost of the additional disk space, CPU cycles, bandwidth, etc is virtually zero, but certainly positive. Yet then he claims that a spammer's costs are zero. What about their computers? Email addresses? Bandwidth? Hard drive space? Those certainly aren't less costly than the same types of resources for each individual recipient.
But, more to the point -- why filters will make reduce spam by effecting the marketplace:
1. The filters have forced the spammers to degrade their own salespitch. By being forced to include extra characters, poor spelling, lousy grammar, etc in an effort to circumvent filters, they are serving to reduce their own credibility. By doing so, they are making their advertising less likely to attract any particular customer. Therefore, their response rate of the folks who might respond to spam is reduced, making spam less profitable.
2. By making spam filters more and more effective and easy to administer, they will find their way to more and more people's mail clients. For many of the new adoptees of filters, it won't be because the new users sought out the filter; it will be simply because the filter was part of the email program they happen to be using. Some of these folks are in the set of "spam-responders", that is, folks that might respond to spam. So, as filters proliferate, they will end up filtering spam away from potential customers -- again, reducing response rates and hence profitibility of spammers.
So, there's two ways where spam filters will reduce overall levels of spam by using the powers of economics against the spammer. Reduce the liklihood that somebody will respond to a spammed message by reducing it's quality, and reduce the liklihood that a potential customer will even see the email in the first place. Sure, the recipient will bear some costs in the short term, but the long term results will be less and less spam overall.
Support a few technologists in Washington.
The answer: the sender pays an email tax to the recipient instead of the gov't or the ISP. This means that the cost of receiving the email is offset by being paid to receive it. If you don't want to charge Grandma or your favorite mailing list to send you e-mail, then add them to your Whitelist, and they don't pay anything.
This way, if you get spam, at least you're getting paid for it!
Implementation could be handled at the e-mail server level - the sending ISP pays the receiving ISP. The sending ISP adds the charge to the sender's bill, and the receiving ISP subtracts it from the receiver's bill, after taking the cut for their storage and bandwidth costs.
Therefore, if spammers steal an account with which to spam, they are now also stealing money from the account holder, which is covered under strong, existing laws .
This would work. First, you can always find the bank handling the transaction. Just put in a credit card number and watch where the transaction comes from in the credit card system.
Second, banks have strong merchant agreements with companies that accept credit cards, agreements that allow the bank to charge back transactions. So banks can enforce anti-spam terms of service on their customers. Once this gets into the regulations of Visa International and MasterCard, it's enforceable worldwide through the credit card infrastructure.
Third, the seller/spammer always knows, when the transaction goes through, where the customer is. So they are liable in the customer's jurisdiction, not the spammer's. If spam laws differ in different jurisdictions, the seller can block transactions from areas with strong anti-spam laws. Of course, if they have to block most of the developed world, they won't make any money, which makes spamming go away.
What if an ISP did the following:
Email "light" - you can only send messages to up to 20 recipients - more than that will be met with an error message from the SMTP server
Email "plus" - $4.95 a month, and you can send mail up to 100 recipients at a time - again, an error message if limit is exceeded
Email "bulk" - you need to specifically call to enable this, and it allows you to send to as many recipients as you want, but every recipient over 100 people is $0.01 per person.
Thus, a spammer could not use a person's machine as a spam conduit because the person would be unable to send the spam! Now, the spammer could put a mailing list on their own server and then make a worm to send to that, but they'd still have to get and maintain a server for the mailing list, so what's the point?
Another nice note - it makes things a pain in the butt for people who want to send chain letters to everyone in their address book. People that do this are unlikely to either take the time to create groups of 20, and send the message several times, nor do I think they'll pay $4.95 for the ability to send junk messages.
I think the grandparent poster is absolutely right. Make SPAM cost something for the sender and then only people who can afford to pay will send SPAM, and the overall amount should decrease, probably dramatically.
Kevin
I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.
.....).
He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who
The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.
Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.
Since the big companies don't "know" that they're dealing with a spammer.......
(Apologies to those who have seen this before.)
You advocate a
( ) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're stupid for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Nathan's blog
Sigh. This is the short-sighted, disconnected view of drug abuse that seems to typify the "legalize drugs now" crowd. Nothing happens in a vacuum.
Right.
When somebody busts out the window of a car to steal a stereo to sell so that they can buy drugs with which to overdose
Doesn't seem to happen for alcohol. Why? 'Cause it's cheaper and legal.
Look, legalization isn't going to make drug abuse go away, but 30 years of wars on drugs hasn't either. And at best, the drug laws simply push most potential abusers to alcohol. Are teetotallers going to suddenly start mainlining heroin if it were no longer outlawed? I don't think so.
But legalization does get rid of many of the side effects of drug laws. Seagrams' distributors rarely shoot it out with the Johnny Walker guys. We aren't spending billions on imprisoning beer sellers. Alcohol dealers have an incentive not to sell to the underage. And the guy who drives the Budweiser truck isn't flashing his dough around the projects, making beer-selling look like a glamorous role to those with poor prospects.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
- If drugs were legalized, people would be paying low, reasonable prices, not obscene black market prices. Hence a dramatically lessened need for people to steal shit to support their habit.
- If drugs were regulated, we wouldn't be seeing low-quality, dangerous goods of varying potentness. Hence a dramatically lessened occurrence of overdosing.
Now, the grandparent was wrong. The use of alcohol, tobacco, and other drugs carries a significant negative externality: the costs society incurrs in dealing with drug problems...Bandwidth, disk space etc are *not* the primary cost here - these costs are falling anyway.
What is not falling is the value of my time - the right to put a message in front of me. As people find themselves buried under 'information overload' the value of eyeballs is increasing.
This cost, the cost of my time, is the the most important externality that traditional email is underselling to spammers.
So I now have two types of email address:
1) A private address that I only tell my friends - it blocks mail from non-whitelisted addresses.
2) A public address that is pay-to-send using the sudonames.com system. This is the address on this comment, for example.
Mail to either address ends up in the same inbox, so it is really convenient. No mail is ever lost, and I never get *any* spam at all.
Problem solved!
From what I understand, a spammer selling, for instance, penis enlargement pills will sell three or four bottles from a spam run of 100 million spams. Let's say he makes $200 and assume it is pure profit (it is).
Let's further assume of the 100 million spams, 10 million made it to the Microsoft Outlook Inboxes of unique users. Let's say that each spam took 5 seconds to delete. If their time is worth $10/hour (assume half the victims are kids students etc, and half are professionals) the spammer cost them $100,000 of their time to make his lousy $200.
This does not take into account higher ISP fees, anti-spam program costs, credit card back charges, loss of business from lost legit emails, and the terabytes of wasted bandwidth for each and every spam run.
Spammers are conscious of this and their continuing to do it is an indication of sociopathic behavior.
i think a much overlooked fact is, that Spam is moving towards organised crime. Currently we have several trends working that way:
I think a lot of people look at Spam as a kind of nuisance. It is more. If the observed trends continue, we'll find Spam sent by those same friendly guys who offer the heroin to your kids. No joke or rethoric intended, i'm plain serious on that one. Take a look at Sobig, the backdoors it opened and what kind of Spam and how fast you got it.
Regards, Martin
I think a lot of the actual practitioners of spam are simply id10ts who've been duped into believing that the economics of it are in their favor. ("Look at how many people are doing it!" "They said on TV that it doesn't cost hardly nothing"). So they buy mailing lists, spamware, etc. from folks dealing in such stuff... as Make Money Fast! scams. Spammers don't necessarily last very long individually; they seem so persistent only because of the ongoing supply of suckers.
If so, it isn't the cost/benefit of spamming that keeps the crap flowing, but the cost/benefit of selling spamming. It's not the open relays out there that are the problem, but the open (slack-jawed) mouths.
http://alternatives.rzero.com/
Hello, I'm Barry Shein, I run a sizeable ISP, The World, www.TheWorld.com. You've probably heard me speak or write about spam before (see: http://www.TheWorld.com/~bzs).
Spammers do not sell advertising.
What they sell is crime.
Let me give you an analogy:
Say my name was Tony S. and I said I was in the waste disposal business.
Now say that you have a small herbal viagra factory which produces a few drums of toxic waste daily which need to be properly removed.
You're paying a service $100 per drum. I come to you and say I'll do it for $20 per drum, an 80% savings.
Cagey person that you are, you realize that's a very good deal so take it and you're even smart enough not to ask too many questions.
Every night a coupla oddly well-dressed guys come by and take your drums away in a different pick-up, in the morning the now-empty drums are by your back door, and you pay your bills. All is right with the world, your bottom line looks better than ever.
Except for one thing, they're just dumping the barrels off the side of the highway late at night when no one is looking.
Are they selling you waste removal services?
Or are they selling you crime?
I contend that without the break-ins, exploitation of bugs in web scripts, PC's purposely infected by viruses which let spammers use them to send spam by the tens of thousands, etc., spammers could not operate.
Not any more than Tony S could remove drums for $20 each and dump them legally and stay in business when everyone else has to charge $100/drum.
Sure, you could IMAGINE someone underselling the $100/drum price, or someone spamming without egregiously breaking any laws.
But I say IT'S IMPOSSIBLE, you can't LEGALLY send (as someone gave as an example earlier) 200M mail msgs for a gross return of $200 legally, day after day and stay in business.
You can't afford the bandwidth on that price.
You can't afford the computer power.
You can't afford the lawsuits and other legal problems if you were so easily identifiable using stable internet addresses you bought.
You can't afford to be mobile as your victims block your IPs relentlessly.
You can't do it. You cannot do it legally.
And if you had to do it legally it'd look completely different. More like those commercial messages you get which you think are ok or tolerable anyhow from Microsoft or Sun or that magazine you subscribe to, rather than the immense deluge of filth and crime and questionable come-ons spam usually represents. Honest people can't operate like that, or not for long anyhow.
THEREFORE: Spammers sell crime, not advertising (or whatever they appear to be selling.) Just like the factory owner could dump his own toxic waste off the side of the highway for even less than Tony, the person hiring the spammer is hiring a criminal because for the relatively low price why take the chance or learn the tricks of the trade?
As Tony might say: Ya think dese spam guys are boy scouts or what? Wake up!
The sad point of all of this is that I'm going to (sort of) defend the cocaine dealers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as coke dealers can take in more money than it costs them, they will continue to sell cocaine. This is "rational" behavior in the economic sense.
The sad point of all of this is that I'm going to (sort of) defend the child pornographers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as child pornographers can take in more money than it costs them, they will continue to rape children. This is "rational" behavior in the economic sense.
The fact is, engaging in kiddie porn, drug dealing, and spamming requires more than a profit incentive; It also requires a complete lack of any moral compass whatsoever, which we all agree that the three groups above do.
I am quite frankly amazed that no one has shot Richter or Ralsky in the head with a large-caliber shotgun yet. Once THAT happens, the tide of spam will turn.
At any rate, I could argue that they are NOT responding to basic market forces; Before spam inundated our inboxes, did any one want to be carpet bombed with offers to "3n14rge yur ===) and (.)?" NO. At a point in the not so distant past, the ratio of gullible morons on the internet reached a high enough value that it became profitable to defraud them en masse. When everyone but the aforementioned candidates for "You Are A Fucking Moron 9" (google for it) took offense, the spammers did the same thing America did in Vietnam: Step up the carpet bombing; You've got to hit one eventually, regardless of the number of innocents you hit in the process.