« Markets in everything | Main | Father Time »
The economics of spam
"After 26 days, and almost 350 million email messages, only 28 sales resulted," says the research paper. Yet even with this apparently abysmal response rate of less than 0.00001 per cent, the researchers still estimate that the controllers of a network the size of Storm are still bringing in about $7,000 (£4,430) a day or $3.5m (£2.21m) over a year.
Here is more.
Posted by Tyler Cowen on November 15, 2008 at 01:28 PM in Economics | Permalink
Comments
$7,000 per day x 365 = $2.5 million per annum, not $3.5 million. Fascinating statistic nonetheless.
Posted by: Rob Millard at Nov 15, 2008 2:29:55 PM
Related,
http://voices.washingtonpost.com/securityfix/2008/11/spam_volumes_drop_by_23_after.html
The volume of junk e-mail sent worldwide plummeted on Tuesday after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline. ... Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day.
Posted by: John B. Chilton at Nov 15, 2008 2:32:29 PM
"Anecdotal reports place the retail price of spam delivery at a bit under $80 per million [22]. This cost is an order of magnitude less than what legitimate commercial mailers charge, but is still a significant overhead; sending 350M e-mails would cost more than $25,000. Indeed, given the net revenues we estimate, retail spam delivery would only make sense if it were 20 times cheaper still."
-- from the "study" of spamalytics in question
Posted by: at Nov 15, 2008 3:07:28 PM
I don't know why we couldn't charge a penny an e-mail, including all incoming into the US. It would totally undue the economics of spam, and cost legitimate users far less than what the spam ends up costing us in convenience, and probably even cost savings.
Posted by: Rob at Nov 15, 2008 5:35:33 PM
Our collective attention span is suffering a tragedy of the commons.
Posted by: not D.H. at Nov 15, 2008 6:05:55 PM
I also wonder about the idea of a tiny charge per email, it could be much less than a cent. But then I wonder whether an email system sufficiently organised to collect this charge couldn't simply forbid spam. And the use of hacked computers to send spam would probably not be solved this, although I guess the bills might provide an incentive to the owners to keep their machines secure.
Posted by: improbable at Nov 15, 2008 6:11:17 PM
"So, you are sayin' there's a chance!?!"
Was that Dumb or Dumber?
Posted by: Andrew at Nov 15, 2008 7:39:25 PM
We can't charge per e-mail because of several reasons:
1. It's not clear who will collect the charge.
2. It's not clear who should receive the money.
3. It's not clear how it could be enforced across national boundaries.
Posted by: Andy at Nov 16, 2008 1:02:28 AM
Andy hit the nail on the head... Charging 1 cent per email is a bit like charging 1 cent every time someone farts.
More realistically, you could 'charge' labor and/or computing time per email.
For example, if every time someone sent you email, their mail client had to decode a sequence that would take about a second of processor time, that might work - If you are sending email to 10 people, 10 seconds of processing is not a problem. If you are sending to 50 million people, a year and a half of processing time is quite a bit.
Posted by: Rex Rhino at Nov 16, 2008 1:48:44 AM
Andy misses it. It's not clear who is sending the email -- this is the fundamental problem.
If we could effectively tax email at $1USD per million, the problem would vanish. Service providers have performed *much* work to reduce volumes to present levels. If I infect your machine with my agent and cause it to send email, it becomes difficult to target me. Many machines are on the Internet.
Thank your ISP for collecting as much 'tax' as they do already at the gateway.
Posted by: rluser at Nov 16, 2008 3:01:43 AM
Andy:
Actually, there is a conceptually very simple way to "charge" for email: a computer asked to accept an email for delivery could require the sending computer to factorize a large number before accepting. This might cost ~1s of CPU time, a trivial price for anyone who wants to send just the occasional email, but a crippling price for anyone who wants to send 100M/day.
There are a number of complications to implementing a scheme like this (e.g. what about legitimate mailing lists?) but most of them can be reasonably addressed (e.g. people who want to recieve a bulk mail could white-list the sender so it would not be "charged").
The biggest impediment to such reformed email systems is coordinated adoption.
Posted by: David Wright at Nov 16, 2008 3:08:23 AM
Rex Rhino and David Wright: schemes such as hashcash have become useless in the current age of botnets. Hashcash posits that a spammer won't have enough CPU available to generate the "postage" for millions of emails. As we now know, however, the people who have specialized in sending out spam have at their disposal what is essentially the worlds' largest distributed supercomputer; CPU is cheap for them, and hashcash would be no impediment to their spam operations whatsoever.
If an actual monetary charge were levied per message sent, then this would still not stop spam because as rluser points out, the charge for spam would be billed not to the spammers but to the hapless millions of users who have had their computers suborned by the botnet operators. Improbable has an interesting point about this providing an incentive to keep one's machine secure... but I doubt very much the practicality of this, because while it's true that "keeping your machine secure" is actually very simple, it is beyond the capabilities of the overwhelming majority of the population, for whom "keep your computer secure" is functionally equivalent to "stop using the Internet because you have no idea what you're doing and will continue to do things that infect your computer with botnet agents despite the best efforts of all the rest of us to protect your ignorant and unsuspecting self".
But that problem aside, Andy is quite correct. If you did want to charge everyone per email (even if it hit the innocent users and not the spammers), there is still nobody to collect the charge, nobody to pay the charge to, and nobody to enforce the collection and payment.
Posted by: eddie at Nov 16, 2008 6:30:50 PM
"350 million email messages". Funny, this number is certainly greater than the U.S. population. It's almost the U.S. population plus the UK's. It's a wonderful job for 26 days of work.
Posted by: Igor at Nov 16, 2008 9:35:41 PM
There is a company called Goodmail (I used to work for them, so I apologize if this sounds like a sales pitch) that charges its clients a fraction of a penny per email to send using Goodmail's certified email system. In return, these senders (typically companies with large outbound email traffic like Target or Travelocity) get guaranteed deliver to the recipients' inboxes, full email functionality include display of images, and a special icon next to the email in the inbox identifying it as a certified email. Goodmail works with multiple large email providers including Yahoo and AOL.
The concept is not to block bad email, but to highlight the good email (hence the company's name). The charge-per-email fee deters spammers from trying to join the certified email program. In addition, before a company may send certified emails, it must pass a background check and prove that it follows good email practices. Goodmail also monitors their senders' complaint rates on an ongoing basis to make sure they are behaving.
Posted by: Justin Rietz at Nov 17, 2008 4:01:27 AM
Innocent users could get a deal with their ISPs -- they're charged X fractional cents per email, and they choose a limit for how many emails they can send a day. Get your account cleaned out and you lose, say, ten cents and you find out your computer is infected and it has cost you ten cents. So you forbid yourself the right to send email until you get it fixed, or you lose ten cents a day until the problem builds up enough for you to notice it. Like library fines.
Who should get the money? How about the UN?
I'm not sure how to collect it.
Posted by: J Thomas at Nov 17, 2008 12:09:23 PM
http://vark.blogspot.com/2008/11/more-spam-than-ever-reports-nyt.html
Posted by: arbitraryaardvark at Nov 18, 2008 6:06:21 PM
If you have to buy some holic online gold, please come to our company.
Posted by: holic online gold at Jan 2, 2009 1:45:34 AM
EVE ISK
EVE Online ISK
Buy EVE ISK
Cheap EVE Online ISK
Posted by: aion kina at Mar 18, 2009 4:52:40 AM
It's a wonderful job for 26 days of work.
Pipe fittings , EMT Fittings
Posted by: Cord connectors at Apr 22, 2009 10:38:50 PM
Service providers have performed much work to reduce volumes to present levels. If I infect your machine with my agent and cause it to send email, it becomes difficult to target me. Many machines are on the Internet.
Posted by: online games at May 10, 2009 1:54:32 AM
If an actual monetary charge were levied per message sent, then this would still not stop spam because as rluser points out, the charge for spam would be billed not to the spammers but to the hapless millions of users who have had their computers suborned by the botnet operators. Improbable has an interesting point about this providing an incentive to keep one's machine secure...
Posted by: become taller at Aug 31, 2009 12:19:50 PM
If an actual monetary charge were levied per message sent, then this would still not stop spam because as rluser points out, the charge for spam would be billed not to the spammers but to the hapless millions of users who have had their computers suborned by the botnet operators. Improbable has an interesting point about this providing an incentive to keep one's machine secure...
Posted by: how to grow taller at Oct 12, 2009 1:06:41 PM
