Thursday, December 28, 2006

Fighting Spam

One of my mail providers with quite some heavy Spam problems recently implemented a new anti-spam technique, which actually reduced my daily Spam from about 100 to 5-10 e-mails a day. The ISP side Spam filters conveniently caught 99% of them, with not too many false positives (“false positives” are regular e-mails that erroneously are treated a spam), so the 100 really did not bother me that much. Now the 5-10 are really fine. For various reasons I wont disclose the feature they implemented, but it seems to work well so far.

Which leads me to the still unsolved problem of Spam; Spam or UBE (“unsolicited bulk email”) could only evolve because there is no cost associated with sending or transporting email. Spammers therefore can send out as many messages as they want, with the most dubious messages, because if even only 1 in ten thousand users clicks on their link or offer, it would still be worth it.

So the more general model here is, that the spammer has a means of transporting a trigger message to his supposed audience that leads at least a tiny fraction of the audience to do something that causes the spammer to receive money; e.g. place an order with him, usually for sex related drugs or fake luxury stuff, or it might be even ad sponsored web pages.

According to this, spam works if the gain (financially for the spammer) from one user performing this action times the success rate (i.e. the fraction of users who fall for this of all the messages sent) is higher then the cost of delivering the spam messages. As long as email is free, this will obviously always work. Even if we make it significantly hard for spammers to break our spam filters, with huge numbers it pays.

As a formula:

cost-per-message*messages + setup-cost + cost-of-counter-fighting-antispam
< gain-per-click * success-rate*messages

Some parties therefore suggested to collect a very tiny amount of money, say 1cent, for each email. Regular users like you and me wouldn't really notice, because with even 100 e-mail a day its only 1€or 1$. Spammers would notice, because at several thousand to million messages it would make them pay more than the receive.

I have my doubts regarding this model:

  1. Morally: 1 cent per message seems little to us Europe or US, but is a significant barrier to everyone else, e.g. Africa; we don't want to truncate them from the net.

  2. A problem of collection: who should collect the fee ? the ISP cant and won't, because that would be event based billing, which most of the smaller ISP simple aren't setup to do.

  3. even if the ISPs were to charge for it, there would emerge at least one ISP who would break the system for a very small email flat rate, and it would pay again for spammers

  4. if the receiving party collects, then from whom ?

  5. the spam model is only about the relative price of the message to the gain (see above), Spam SMS (“short messaging service” on the mobile) shows that it works with high cost delivery (and SMS is probably the most expensive today) if only the gain is high enough; with SMS spam it is usually a call to a toll-number (1-900 in the US, 0190 in Germany, 09xx in Austria)

So as neat as charging for e-mail messages seems, because it would attack the very model of spamming, I doubt that it can work at all (or should work at all given the cost for the 3rd world).

Technorati Tags:

No comments: