Slashdot Mirror
In (Sort Of) Defense of Spammers
CowboyRobot writes "Eric Allman of Sendmail has a rant in which he looks at the economic forces that have led to the spam problem: 'The sad point of all of this is that I'm going to (sort of) defend the spammers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'" Otherwise known as the Willie Sutton principle.
Drug dealers and people who commit fraud aren't going to go away becuase they can make money ding what they do. We still despise them and send them to jail when we find them.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Kill all the Marketing Majors.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
We've known this all the time. Spammers spam because it makes them money. Didn't we have a /. article a while back showing how big of a house a big-time spammer had, and giving all sorts of stats, e.g. foreign servers in China, Russia, etc spewing spam, three T1 lines, a network of computers in his basement, etc?
Yes, spammers spam to make money. But that doesn't make it legal. Robbers rob to make money, but stealing is illegal.
As long as spammers can take in more money than it costs them, they will continue to spam. This is "rational" behavior in the economic sense.'"
I don't follow. Responding to "market forces" (and God knows I'm an ESR-esque capitalist) doesn't give you the right to invade my privacy. Arguably, the mafia responds to market forces. Extortion is "rational behavior in the economic sense." Your point being?
I have discovered a truly marvelous
But what about mailing lists and whatnot operated by small organizations? Obviously they can't afford to pay 0.1 cents/email. I subscribe to the IETF mailing lists; those servers must send hundreds of thousands of emails a day. I doubt they would want to pay so much to provide a free discussion service, and then there's mailing lists operated by nonprofit orgs, charities, etc.
Willie "The Actor" Sutton was a bank robber. His claim to fame is that someone asked him "Why do you rob banks?" and his answer was "Because that's where the money is."
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Well... I RTFA and that article didn't go anywhere.
/. postings and personal experiences.
He says there's a spam problem (no kidding?) and that the economics of it are viable (Well, no kidding? Is that why we continue to receive spam?) and there's no way to stop it without incuring an overhead in transmission (either through permission based, authentication or challenge and response) - well... we already knew that through 100's of
So what was the point of the article? To just rehash the same old situation?
We need a solution, not a restatement of the problem. The solution is going to involve more overhead, because the fundamental problem with SMTP is the touted low overhead itself. There's no real authentication and anyone can send anything to anyone else. THAT is the problem, so of COURSE we are going to have to have more overhead in a "new" SMTP protocol of some sort if we want to affect a change. This is just a given.
The focus needs to be on coming up with a system to track the responsible parties (for good or ill) - and that will cost overhead. We'll have to suck it up, but it's the way it's going to have to be, unless we want to continue on the road we are on now.
Charging for email without securing the email infrastructure is a bad idea.
Spammers don't send mail from their computers, they send from your computer. Who gets the money from this micropayment? If its the recipient, guess what? All of the spam will be directed to the spammers from the hijacked computers. Instant Powerball jackpot winner. If the ISP gets it, guess what? All of the spammers will become ISPs.
Adding a new market force just changes the dynamics, it doesn't eliminate the crime.
Yes, but you forgot an important factor. If the person is truly rational, they will use the following formula:
Expected Gain = (Gain from burglary) - [(Probability of being caught) * (Estimated monetary cost of penalty)] - (Opportunity Cost)
Opportunity cost is important - my opportunity cost is high, for example, since the next best option for me is my current job, which pays well, has health beenfits, etc. For someone with only a GED, though, it is significantly lower.
the estimated monetary cost being caught is a value assigned to the penalty (i.e., how much is it worth to me to stay out of jail).
Given that formula, a truly rational person will burgle whenever the Expected Gain is greter than 0.
I can see SPAM killing itself in the not-to-distant future. SPAM is a numbers game, and it used to be that they could get very small response rate and still make money if they sent out a large volume of mail.
Now, everybody is assaulted with countless email messages, mostly peddling the same products. As people get more and more SPAM, the response rate will inevitably drop lower and lower, and I believe it will eventually bring in too little money to justify the costs that spammers incur to send it out.
My public email address will have 100% junk email on some days. I read 0% of those emails beyond the subject line. 3 years ago, when it was only 10-20%, I at least had a chance of actually viewing the message as I was sorting my mail.
I still think that mailservers should use the PKI structure. Each new mailserver would require a public/private key pair. Each key could be signed by a prevoius key, leading up to one person (I'll vote Alan Cox, cause that guy knows his shit!).
He signs a bunch of keys, then those keys sign a bunch, and so on and so forth. Lookups would just simply walk the tree. You set the depth at which you'll receive e-mail from, and can elevate keys to top-level if you want, to avoid the headache of having subdomains or backup mail servers faulting for domains on the fringe.
Now spammers will have to get keys from trusted sources, which can be identified. Too many bad certs, and wham, lop the branch of the tree!
carefully-target unsolicited email (aka spam) was an essential part of our business plan
..
He's a spammer! I'll grab the tar, someone get feathers and pitchforks..
Responding to economic forces does not in any way exempt anyone from being subject to moral and ethical evaluations.
If I mug people for money and manage to get away with it, that doesn't constitute a defense of any substantive kind. Yes my behavior can be *explained* motivationally by economics, but for someone to therefor be emotionally conflicted as to whether or not I should be condemned for it would be - to put it kindly - absurd.
Now if the alternative for spammers was to starve to death, that would cast this in a different light. But that's not the case. Spammers are people who could have chosen to go to work doing something useful, and instead decided to pollute the commons.
- First they ignore you, then they laugh at you, then ???, then profit.
Working for a living, even with those annoying advanced degrees, costs a significant amount of time and effort. I've seen claims that acquiring a single job through direct application costs close to $100. And that's not considering the 40 hours a week one must spend at the job. Doing a job that pays poorly is inefficient, so workers limit the number of jobs they do to the highest paying they can find.
But suppose it costs you essentially nothing to make a buck through mugging. Then your best strategy to maximize profits is to mug as many people as you can find. After all, if you're mugging mortgage financiers, there might actually be some money in their pockets. You would miss those potential money sources if you trimmed your list. Perhaps some folks who have expressed interest in designer beer mugs are also walking in your area. If you did the "rational" thing you and didn't hit them over the head with a sand-filled sock, you would miss them, and it costs you nothing, right?
The sad point of all of this is that I'm going to (sort of) defend the muggers and point out that they are responding to basic economic forces that we all respond to at one level or another. As long as muggers can take in more money than it costs them, they will continue to beat people senseless and take their money. This is "rational" behavior in the economic sense.
I'm sorry, I just don't buy it. Screw economics.
The bottom line Allman is NOT addressing is SMTP IS A BROKEN PROTOCOL. Spamming happens because it is EASY TO DO and it takes more effort to stop it.
SMTP was designed in an era where internet hosts implicitly trusted each other (this same era gave us the horribly insecure TELNET and FTP as well). That era is LONG LONG GONE.
The reality is that SMTP headers are too easy to forge. We will NEVER be free of open relays--this is the fault of the protocol as much as the clueless admins. SMTP needs to be completely replaced.
Look--you can still get spam-free email. Just not over SMTP. Believe it or not, FIDONET still exists and guess what--I don't get any spam there. Why? Because the system would smash down anyone that tried rather quickly--the protocol works. I've been encouraging anyone who will listen to jump back on one of the many FIDONET or Citadel BBS systems available on the internet for decent, spam-free email.
(Apologies to those who have seen this before.)
You advocate a
( ) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're stupid for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Nathan's blog
Sigh. This is the short-sighted, disconnected view of drug abuse that seems to typify the "legalize drugs now" crowd. Nothing happens in a vacuum.
Right.
When somebody busts out the window of a car to steal a stereo to sell so that they can buy drugs with which to overdose
Doesn't seem to happen for alcohol. Why? 'Cause it's cheaper and legal.
Look, legalization isn't going to make drug abuse go away, but 30 years of wars on drugs hasn't either. And at best, the drug laws simply push most potential abusers to alcohol. Are teetotallers going to suddenly start mainlining heroin if it were no longer outlawed? I don't think so.
But legalization does get rid of many of the side effects of drug laws. Seagrams' distributors rarely shoot it out with the Johnny Walker guys. We aren't spending billions on imprisoning beer sellers. Alcohol dealers have an incentive not to sell to the underage. And the guy who drives the Budweiser truck isn't flashing his dough around the projects, making beer-selling look like a glamorous role to those with poor prospects.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
From what I understand, a spammer selling, for instance, penis enlargement pills will sell three or four bottles from a spam run of 100 million spams. Let's say he makes $200 and assume it is pure profit (it is).
Let's further assume of the 100 million spams, 10 million made it to the Microsoft Outlook Inboxes of unique users. Let's say that each spam took 5 seconds to delete. If their time is worth $10/hour (assume half the victims are kids students etc, and half are professionals) the spammer cost them $100,000 of their time to make his lousy $200.
This does not take into account higher ISP fees, anti-spam program costs, credit card back charges, loss of business from lost legit emails, and the terabytes of wasted bandwidth for each and every spam run.
Spammers are conscious of this and their continuing to do it is an indication of sociopathic behavior.