The Best Way To Stop Spam: Kill The Margins
from the But-You'll-Still-Get-Useless-Emails dept
The battle against spammers rages on, both in the tech and legal worlds, but sadly, with little success. Despite the advances in anti-spam technology and spammers getting sued, shutting down and having their service providers cut off their operations, the torrent of spam hitting email inboxes continues unabated. While there are several anti-spam tools that may be good enough for most users, it's clear that a technological solution alone to stopping spam remains far off. But perhaps the biggest hope is to take aim at spammers' profitability, as their margins look a little vulnerable. A BBC story cites some earlier research that says spammers sending out 350 million messages a month can earn roughly $100 per day, while the entire massive Storm botnet could generate around $2 million per year. Neither is a figure to sniff at, but nor are they really huge sums of money -- suggesting that frustrating spammers by disrupting their services and raising costs, as well as trying to hold down responses even more, could diminish the profitability of spam to the point where it's no longer attractive. Ironically, the rise in spam plays a part, too, since spammers are in essence competing with each other for users' attention and clicks, so the more spam that gets sent, the worse the response rate for the individual message or campaign (for instance, the researchers' response rate was less than 0.00001%). But the underlying issue remains the fact that people click on spam and buy stuff through it. Changing that might be even harder than developing the perfect spam filter.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
the real spam money trail
Sure some people made money digging for gold, but most didn't. The real money was made in being a seller of shovels, picks, and mining equipment.
If Spammers just set up shop and started blasting emails, that's one thing. But me thinks pretty much all of them *buy* a package of emails from someone along with the software to send emails; or perhaps they buy the ability to send emails through a spam relay. Either way, the money maker is the seller of said service, not the spammer themselves.
So the 'click through' percentage matters even less as long as there are suckers who will keep buying thinking they will get rich. And as P.T. Barnum said...
[ link to this | view in chronology ]
Re: the real spam money trail
[ link to this | view in chronology ]
Of course, the link re-directed you to a store that sold manhood enhancing pills. ¬¬
[ link to this | view in chronology ]
Solution:
[ link to this | view in chronology ]
Re: Solution:
[ link to this | view in chronology ]
Re: Solution:
[ link to this | view in chronology ]
Re: Re: Solution:
And you must be a retard.
Gas tax, sales tax, cable fees, FCC regulatory fees, Universal Lifeline fees, etc are not Democratic taxes and fees.
You sound like the ass hat that wants his taxes to be used on military proliferation and politicians' salaries.
[ link to this | view in chronology ]
$.05 surcharge per email
[ link to this | view in chronology ]
Re: $.05 surcharge per email
Cost DOES matter to them. If it costs too much money or eats too far into the profits then it isn't worth the effort. Your comparison of snail mail is appropriate, but completely misunderstood by you. I get about 2-3 pieces of junk snail-mail every day, even after "opting out." Most of that is from companies that I already do business with, or things are are addressed to "Resident". I get about 300 pieces of spam email every day, and I'm very careful about handing out my email address. Fortunately I have good filtering so I only get 1 or 2 of them in my inbox.
The reason that I get so few junk snail-mails is precisely because the cost is so high. At 37 cents a letter (or whatever the bulk rate is) junk mail is an expensive prospect. It usually only makes sense in the context of a targeted campaign. For example, after the remnants of Hurricane Ike went through central Ohio, we got mailers from roofing companies advertising specials for roof and siding repairs. While that was a fairly expensive mailing, it made sense in the context of being targeted to a specific time, place, and need.
Spam email, on the other hand, is mostly free. You need a program to send emails and a few mailing lists, but if you can steal bandwidth to send the emails (via a botnet) the cost per message is far, far, far less than a penny.
[ link to this | view in chronology ]
Re: Solution:
The correct thing to do is find something that hurts spammers financially but only affects a very small percentage of legitimate users. Since spammers need domain names (to host websites and receive return e-mail), and they need a lot of them, raising the price charged for domains using some sort of exponential system would do the job nicely.
Basically, something like having the first 10 domains be the normal price, with the next 10 double, etc., should do the job.
Other possibilities include greatly reducing the time that you have to return a newly purchased domain for a full refund, or forcing all domain purchases to include a $100 bond that is refundable at the end of a period of time (one year, say), if there are less than N complaints about your domain.
[ link to this | view in chronology ]
Re: Re: Solution:
That said, perhaps there is a way to do this - a bounty system. If someone can forward enough SPAM messages to the domain registrar of a spammer, then that registrar would give the person who reported the domain a free domain. This would mean that every time someone wanted to start a new, legitimate site, they could simply look through their SPAM folder and get the domain for free. Since there is no monetary reward, the spammers themselves won't try to game the system.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: the e-postage idea...
[ link to this | view in chronology ]
Re: Re: the e-postage idea...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
stupid people
So... there will always be spam.
Just get a good spam filter, create a thorough white list and deal with it. Gmail is awesome at keeping spam out of my inbox.
[ link to this | view in chronology ]
Now how many of you actually sniffed while reading that? lol
[ link to this | view in chronology ]
Spam
Since ISPs are already billing the users and since they can easily count how many messages you are sending, they could then turn around and bill each other for the amount of the messages.
Meanwhile, I would pay about $2-$3 per year for a spam-free inbox.
Or, make it a crime to buy a product from a spam message. Even the threat and publicity of it would make the margins dry up.
[ link to this | view in chronology ]
With the added benefit
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Blue Frog
Blue Frog went directly after the economic side of the spam business, instead of simply the tech or legal sides. It sent complaints to the companies whose products were being sold by spammers in addition to complaints of various trade/government bodies overseeing those companies, and also went after the spammers websites where they were selling the products by filling in complaints on their order forms.
Blue Frog has so far been the only tool I know about that spammers actually made a concerted public effort to kill off. Too bad they did.
[ link to this | view in chronology ]
Re: Blue Frog
[ link to this | view in chronology ]
Re: Blue Frog
There really was no difference between Blue Frog and spammers or DoS attackers or any of the other scum out there, other than Blue Frog did a better job than most of convincing the naive and gullible that they were somehow on the side of "good".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The forgotten product
[ link to this | view in chronology ]
Snail mail
you get snail mail from multi-billion dollar companies that that sell stuff you need every day.
Local ISPs send out snail mail because if they lock you in on $100 month for 2 years, that $1 was well spent.
Cell phone companies send snail mail for the same reason as ISPs
Local grocery stores send out snail mail because if they don't sell their stock, it will go to waste and it costs A LOT of money to store food
Credit card companies get 3% of whatever you spend with their card. You spend $1000 on a new T.V. at Best Buy and they get $3 instantly. If you don't pay that $1000 off right away, they now get more money every month
email spam is virtually free to send. and they only get click-through profit. it is not a reliable income on a per-person basis like everyone that sends snail mail.
spam works entirely on the law of averages. send 350mil emails at $0.01 a piece, and those emails are costing $3.5mil/month vs $20/month of a decent broadband connection to their bot-net.
[ link to this | view in chronology ]
Re: Snail mail
[ link to this | view in chronology ]
Who Sends the bill?
Snail mail is billable, because you cannot get your post into the system without paying first. And it is a felony to just put stuff in mailboxes.
[ link to this | view in chronology ]
Re: Who Sends the bill?
In essence, just like you buy a SSL Certificate, you'd buy an e-mail address token.
The best part of this is that you can just charge $10 a year for an account that sends less then 1,000 e-mails per year and so on. You can create plans that make sense. You also get pretty reliable ID checking via e-mail.
Since every e-mail would be required to have a token, black lists would be meaningful. Abuses would quickly be identified by the token holders who would be forced to not ignore the condition that their machines are infected like they currently do.
Another possible solution is to require ISPs to track stats on each users and actively deal with any users that have a high amount of SMTP or similar outbound traffic. For me, I love the idea of requiring every e-mail account to have an SSL Certificate or similar and for $10 a year it is enough to upset the balance of spam but not be on the radar as a cost.
Freedom
[ link to this | view in chronology ]
Re: Re: Who Sends the bill?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
One premise is incorrect
Our present difficulties stem, in large part, from the steadfast refusal of many to deploy this solution and to instead waste time with thoroughly-discredited nonsense (e.g. SPF, SAV, C/R) that either does nothing to solve the problem or makes it worse. I have some hope that recent incidents (e.g. the McColo case) will make it plain to holdouts that the proper response to inbound abuse is revocation of access for the abuser -- because as we saw in that case, it spurred quick action, in marked contrast to other cases where spam/spyware/abuse operations have remained in place for years at a time.
No doubt next year yet another purported "solution" for spam will be touted by someone eager to make a quick buck from gullible VCs, and no doubt it will fail completely. Meanwhile, we have an immediately-deployable mitigation tactic available that's been conclusively proven to work.
[ link to this | view in chronology ]
Easy Solutions
Some easy technical solutions...
1) Open source the GMail SPAM filtering system and make it available as both a proxy and a module for popular mail server systems (QMAIL, IIS, Dovecot, etc.) Given a choice, I don't see why any mail server admin would turn this down.
2) Add a very, very simple email filter rule to all popular clients that checks URLs for a "referer=" or "rid=" and removes it. This would easily remove a large enough chunk of profit to stop many spammers, and could just as easily be done server-side.
3) Require every person to watch a short, 2 to 5 minute video when signing up for a webmail account. A shockingly large number of people open SPAM and click the links because they're just uninformed about SPAM. Of course, some method to bypass the video would be a good idea too, for tech-savy people who already understand SPAM.
Any of these solutions would cut profit margins enough to put most spammers out of business. All of them combined would wipe most SPAM out overnight. All can be implemented by the big 3 email providers - Hotmail, Yahoo Mail, and GMail - in a matter of minutes and at very little cost.
[ link to this | view in chronology ]
Re: Easy Solutions
Now on to the proposed solutions:
1) can be discarded, as gmail's anti-spam filters are of low quality, certainly not good enough for general use.
2) is trivially defeated by spammers via obfuscation.
3) will not happen, nor would it make any difference in the behavior of users if it did. "Trying to educate users" about spam has been a lost cause for 15 years.
[ link to this | view in chronology ]