The economics of spam

"After 26 days, and almost 350 million email messages, only 28 sales resulted," says the research paper. Yet even with this apparently abysmal response rate of less than 0.00001 per cent, the researchers still estimate that the controllers of a network the size of Storm are still bringing in about $7,000 (£4,430) a day or $3.5m (£2.21m) over a year.

Here is more.

Comments

$7,000 per day x 365 = $2.5 million per annum, not $3.5 million. Fascinating statistic nonetheless.

"Anecdotal reports place the retail price of spam delivery at a bit under $80 per million [22]. This cost is an order of magnitude less than what legitimate commercial mailers charge, but is still a significant overhead; sending 350M e-mails would cost more than $25,000. Indeed, given the net revenues we estimate, retail spam delivery would only make sense if it were 20 times cheaper still."

-- from the "study" of spamalytics in question

Our collective attention span is suffering a tragedy of the commons.

"So, you are sayin' there's a chance!?!"

Was that Dumb or Dumber?

Andy hit the nail on the head... Charging 1 cent per email is a bit like charging 1 cent every time someone farts.

More realistically, you could 'charge' labor and/or computing time per email.

For example, if every time someone sent you email, their mail client had to decode a sequence that would take about a second of processor time, that might work - If you are sending email to 10 people, 10 seconds of processing is not a problem. If you are sending to 50 million people, a year and a half of processing time is quite a bit.

Andy:

Actually, there is a conceptually very simple way to "charge" for email: a computer asked to accept an email for delivery could require the sending computer to factorize a large number before accepting. This might cost ~1s of CPU time, a trivial price for anyone who wants to send just the occasional email, but a crippling price for anyone who wants to send 100M/day.

There are a number of complications to implementing a scheme like this (e.g. what about legitimate mailing lists?) but most of them can be reasonably addressed (e.g. people who want to recieve a bulk mail could white-list the sender so it would not be "charged").

The biggest impediment to such reformed email systems is coordinated adoption.

"350 million email messages". Funny, this number is certainly greater than the U.S. population. It's almost the U.S. population plus the UK's. It's a wonderful job for 26 days of work.

Innocent users could get a deal with their ISPs -- they're charged X fractional cents per email, and they choose a limit for how many emails they can send a day. Get your account cleaned out and you lose, say, ten cents and you find out your computer is infected and it has cost you ten cents. So you forbid yourself the right to send email until you get it fixed, or you lose ten cents a day until the problem builds up enough for you to notice it. Like library fines.

Who should get the money? How about the UN?

I'm not sure how to collect it.

Service providers have performed much work to reduce volumes to present levels. If I infect your machine with my agent and cause it to send email, it becomes difficult to target me. Many machines are on the Internet.

If an actual monetary charge were levied per message sent, then this would still not stop spam because as rluser points out, the charge for spam would be billed not to the spammers but to the hapless millions of users who have had their computers suborned by the botnet operators. Improbable has an interesting point about this providing an incentive to keep one's machine secure...

Comments for this post are closed