The demonization of SPAM

You have to realize that there are some things about spam/solicited/opt-in email.

Some places will opt you in using "prior business relationship" as the way of signing you up. Say you order from Tiger Direct for a hard drive. Depending on their business rules, that purchase may sign you up for their computer hardware list because you have expressed interest in their product.

There's also a federal regulation called CAN-SPAM that was enacted in 2003 if memory serves. It places restrictions on legitimate email companies about what they must include in an email-

Clear and conspicuous notice that the email is an advertisement or solicitation (unless advertiser possesses affirmative consent of recipients).
Clear and conspicuous notice of the ability to opt out.
Unsubscribe functionality.
Advertiser's street address.

If you don't have this, they are in violation of said law.

Next, you do have the ISPs that do their own SPAM filtering. They have approved IP addresses that they will accept as coming from legitimate email companies. (Rarely do retailers do their own email work.) An ISP like AOL can do a block of everything coming from an IP if enough users click the "report spam" button. I think something close to .20% of the volume of an email can trigger a warning and some higher # will prompt the block. (Usually for 24 hours.)

Yes, non-legitimate email solicitation is a problem. But realize that there are things that you can do about it. Not listing your email on a website is one thing. Email harvesters will troll sites looking for legit email addresses. Be selective about where you put an email address when you order items and check the fine print to make sure you aren't opting-in to a list. Use the "report spam" feature on your ISP. And use the unsub feature on legit sales emails if you no longer want them. Companies are more worried about fines/lawsuits than a $50 sale to you.

BTW, the best way to avoid the signup email problems is to have a free email account that you only use for those reasons. Think of it as a spam collection bucket.

I have some personal domains and I use made up users for places that are likely to sell off my address. Ticket Master is terrible. You can't opt out when you buy tickets online. You can later by jumping through a lot of hoops. So I gave them an easily filterable address. This is one method to deal with mainsleeze junk mail (not really spam since I technically opted into it, but it is junk).

that's a great Idea and it's a brilliant theory.
However I can assure you that One penny per email will not in any way deter a spammer from continuing to spam you.
You could easily implement a system of paying the surfer a penny per email and 3 pennies for clicking on the link in the body of the email. How many people click accept to a pop up add that warns you about viruses on your computer? I'll tell you ... 1/9. Guess how much a company with Adware pays per install. On average it's $.35. I could easily run who clicked on the email link through a scrub list and remove them from any future email campaigns and keep that $.34 profit.
Now "bundle" that with incredibly geo-targeted adds, car dealerships that pay me $5.00 per click etc. The profits are obsurd.

For everything that anyone invests in detering the problem, the problem will eventually find a way around it. In 5 min I came up with a solution.

This is where you and I may disagree. You would know better than I do, but what does it cost to send / receive a reasonably sized e-mail. I'm guessing not very much. I am going to try to guess high, but I would guess it to be less than ten cents a piece. Lets go with a hypothetical cost of ten cents a piece - the ISP tacts on a reasonable profit and drives it to fifteen cents a piece.

We now cut out a lot of the non-targetted, random spam that occurs, and companies now hone in a little better on effective advertising, advertising more likely to get the attention and the money of those it is sent to. At the hypothetical fifteen cents a piece it is still cheaper than nearly every other form of "semi-targetted" ie non-broadcast advertising out there. I expect I am very high on these costs, likely to the level of 100s of magnitudes, I am trusting you could shed a little more light on it.

Most spammers or bulk emailers as I like to refer to them don't have the setup we had. I Know guys that crack a million in profits a year and run off of one or two employees.

We were running at an operation cost of around 180k a month. We also had 40 full time employees.
If you did a CPC analysis it came out to around (roughly) .00036 of a dollar to send... if you take into account that a list of 500 million emails is the norm list dealt with.

So adding a penny to every email sent and recieved would drive that operation cost to dramatically increase to 6.8 million a month. We'd have pretty much made 0 off that hoewever you take into account the points I mentioned before and you could say out of those 1/9 emails that converted just to an install that the net profits would still be around 13 million. So you see unless you made the spammer payout 1 dollar an email you really can't prevent him from Sending.

You are getting caught up in the specifics of a clearly and warned mythical system. My point was that in such a system, the cost burden changes. If a sender has to pay the vast majority of the costs to send the message the problem we call spam changes a whole lot.

If you want to setup a system where you pay me $0.01 per message you send me, and I can just ignore them, sign me up. It's not spam, I'll solicit it. I'll give you an address that's only read by /dev/null, but I'll expect those checks to roll in.

Spammers are theives, what they do is theft of service, plain and simple. Lame corportations that get you to opt in on the sly are sucky, but are not spammers. Companies that sell your address to a spammer are evil too, but they are not spammers themselves. Spammers send unsolicited, usually comericial, bulk email. There is no demonization, it's just plain evil. As I said, it's theft of service and cost shifting. I'm still confused why we call an SMTP DoS attack spam and we call a HTTP DoS a crime. There is no real difference.

Don't take this as offensive, and I know I am making some assumptions. You were operating off a backwards business model (I assume). What I mean by this is that the major hosting companies (MSN / AOL) whose subscribers you "targetted" were forced to bear a large portion (or most) of the marketting costs. Your major costs involved trying to "sneak" in and avoid there newest blocking systems. You were also using very poorly targetted marketing. Because the cost was so low you could afford to have minimal "target" action. You needed a very very small percentage to reply so you really did not take into account any demographic considerations normally considered in advertising. You were mailing to as many addresses as possible with really no need to consider that the 78 year old grandmother really had no need for ________ insert product here.

If those sending bulk mail were forced to bear the burden of the costs that there activities imposed on the system of its users you would force it to be targetted. It would not be the super wildly profitable system that it was - and face it it likely never will be again. However, with targetted marketting, and sender imposed cost for bulk mail, it would legitimize the industry. Further think of the benefits of spam over like direct mail - the ecological benefits alone of not having the paper used must be noticeable.

While I completely agree with you. The reason is that what is generally referred to, as a DOS attack, is an attack that attempts to COMPLETELY deny service. Or at least render the remaining service unusable for all practical purposes. Not deny a small part of service.

I'm surprised it's not being done. It's really easy. ISPs allow an account say 100 free email recipients a day. If you exceed that you are charged a per recipient fee. It seems too easy. What am I missing?

The only reason spam does not take down mail servers is because we have built up the infrastructure to handle it. It's still an attack, and we* are still doing our best to combat it. The scariest (IMHO) form of an attck these days is a Distributed Denial of Service. That's where somone controlls a large network of compromised remote agents (sometimes called zombies). That's computers like Grandma's with no patches that can be compromised remotly and used for whatever purpose. That machine can then be used a part of a larger attack on whatever resource you want. This technique is being used to send spam each day. We reject literally thousands of connections from Comcast and RoadRunner's customer networks each day here. And we are a small mail load. A DoS donsn't have to be sucessful to be a DoS, it's an attack on a service. Spam qualifies.




* TINW or There is no We

What good will that do? Do you think spammers are using the ISP's mail servers?

No, but they are using an ISP. It seems like the ISP could easily implement the SMTP limits. Am I missing something? I'm not a network expert by a long shot.

Well, to be honest yo uare missing a lot. Business connectivity is not as simple as a line to an ISP. It's a complex issue.