Monday, September 26, 2005

Controlling spam via e-mail charges

A number of economists have noted that the problem of spam (or more correctly "Unsolicited Bulk E-mail" or UBE for short) arises because of the imbalance between the costs of sending out bulk e-mails and the benefits that might be derived by the recipients.


Although there are some costs in maintaining an e-mail account and in compiling (or buying) a list of addresses to target for these bulk e-mails, the (marginal) cost of adding an extra address to send to is effectively zero. This means that a spammer can reach literally millions of potential customers for almost nothing. E-mail is the cheapest form of direct marketing (much cheaper than telemarketing or bulk junk mail through the post). Andrew Leung (2003) observed that the response rate to spam is as low as 0.005% - only 50 in every million people respond to UBE. But despite this very low response rate spam can make economic sense because the costs of dealing with it are felt only by those recipients who don't want it. This is an example of negative externalities. Private costs and social costs diverge. Spammers are either unaware or don't care about the costs they impose.


Although technological measures (blockers and filters) and legal action (the 2003 Can-Spam Act in the US and the 2003 UK Privacy and Electronic Communications Regulations Act, as well as litigation by big players such as Microsoft) can help in controlling this unwanted e-mail, perhaps the best approach to the problem is an economic one.


In a recently published paper Sunder et al. (2005) have assessed the potential of e-mail postage charges for dealing with spam. “"Charging postage for e-mail causes senders to be more selective and to send fewer messages. However, recipients did not interpret the postage paid by senders as a signal of the importance of the message. These results suggest that markets for attention have the potential for addressing the problem of spam but their design needs further development and testing.”"

Although the ratio of spam to legitimate e-mail is still very high (reported to be 67% in June 2005) this figure is slightly down on earlier estimates (it was reckoned to stand at 83% in January 2005). However it is believed that although there may be fewer unsolicited bulk e-mails they are now more carefully targeted (“spear phishing”) and may also carry viruses or spyware. It has been estimated that the number of e-mails carrying viruses rose by 50% in the first half of 2005 and that one in twenty-eight computers is now infected with spyware or keylogging programs. Organised crime has become involved so spam is not only attempting to persuade people to buy products (especially pharmaceutical products, sex aids, counterfeited software and entertainment goods, even jewellery) but it is also implicated in money laundering schemes and identity fraud cases.

Spammers usually purchase lists of e-mail addresses that have been “harvested”. They use viruses to turn unprotected computers into “zombies” which then send out millions of spam messages across the world. Sophos estimates that half of all spam comes from zombie machines (computers that have had a program implanted on them surreptitiously making it possible for them to be used by a remote user). A botnet is a network of compromised machines that can be controlled remotely by a spammer or a phisher.

Spamhaus says that 72% of US e-mail is still spam and that a relatively small number of people are behind it – they say 7 of the worst 10 offenders are based in the US. The problem is that there are huge potential rewards (some spammers’ clients pay up to %50 thousand a month for distributing spam). The risk of detection and the penalties are still too small to deter spammers. A Sophos spokesman said “it hardly registers).

Research by Javelin suggests that the losses due to phishing in the US in 2004 could be as much as $367 million. Phishing scams contribute to the loss of confidence in using the Internet for e-commerce and e- banking because they are worried about possible identity theft and fraud. Perhaps as many as 13% of consumers in the US and Europe have stopped paying bills online because of these concerns.

A surprising number of people read spam: 23% in the UK and as many as 37% in Brazil (figures from BBC News December 2004). Either they are unaware of the dangers of spyware or are tempted by what they perceive as the bargains on offer.

There have been a number of new developments in the technology approach to filtering spam. A new technology for message verification called Domain Keys Identified Mail (DKIM) has been submitted to the Internet Engineering Task Force by a group of companies that includes Cisco and Yahoo!. Microsoft has proposed its own standard called Sender ID. Useful as these initiatives might be they will not get rid of spam on their own.

There have been a number of high profile legal cases against spammers recently. Scott Richter, who operated the Colorado based OptinRealBig.com, agreed to pay Microsoft $7million in a settlement agreed in August 2005. It is believed that over 38 billion unsolicited messages a year originated from his company pushing mortgages and other loans as well as pornography. Microsoft announced that it will donate $1 million to a New York project that is providing PCs to community centres and a further $5 million to anti-spam projects. (Guardian 11th August 2005). Microsoft has now filed over 100 anti- spam lawsuits in the US winning more than $800 million in judgments against spammers. Why is Microsoft so concerned? Most spam is sent from Windows PCs that have been infected by a trojan that has got in via a spam message or website. Despite regular patches and updates being announced to the operating system people don'’t always update their machines. The international law firm Pinsent Masons has a web page at www.out-law.com which provides up to date information on spam. Go to web site and enter the word spam in the search box to view the latest stories. An interesting story dating from May 2005 was of a survey by Mirapoint which found that many spam filters block too many legitimate mail messages (too many false positives). This suggests that technical solutions are not a panacea for dealing with spam.

A couple of other recent surveys on spam may be of interest. The Pew Internet and American Life Project last April published the results of a survey which found that, although many users are getting more spam than they did a year earlier, they are less frustrated by it -– they have learned to manage it. A survey of UK consumers and SMEs by Checkbridge, also published in April 2005, found that 57% of respondents have no anti-spam filters - –they thought it was the responsibility of their ISP to filter out these e-mails. 24% reported that they received over 50 spam e-mails per day. Interestingly 47% of respondents said that they would be willing to pay between £10-30 per year for effective filtering.

Which brings us back to our main point. It's all down to economics in the end!




References


  1. Fallows, D (2005) CAN-SPAM a year later. Pew Internet and American Life Project, April. Available online at http://www.pewinterent.org/pdfs/PIP_Spam_Ap05.pdf
  2. Sunder, S et al. (2005) Pricing Electronic Mail to Solve the Problem of Spam. Human-Computer Interaction 20 195-223. Available online at http://www.some.yale.edu/faculty/Sunder/email/HCI201-2_7.pdf


Other sources

  1. BBC News. Computer Users Ignore Warnings. 10th December 2004
    http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4084871.stm
  2. BBC News. Net Criminals Customise Attacks. 3rd August 2005
    http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4739709.stm
  3. BBC News. Software pirates tap into technology. 2nd August 2005
    http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4729235.stm
  4. BBC News. Bad e-mail habits sustains spam. 23rd March 2005
    http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4375601.stm
  5. BBC News. Net users learn to live with spam. 11th April 2005.
    http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4432231.stm
  6. Greene T C Netizens learning to tolerate spam. The Register 12th April 2005.
    http//:www.theregister.co.uk/2005/04/12/spam_gaining_acceptance/
  7. Koprowski, G J Phishing Rattles Online Consumers. ECommerce Times 17th July 2005 http://www.ecommercetimes.com/story/44443.html
  8. Leung, A Spam: the current state. Telus Corporation 8th August 2003. http://security.iia.net.au/downloads/spam%20leung%20paper.pdf
  9. Leyden, J Save us from spam. The Register 18th April 2005
    http://www.theregister.co.uk/2005/04/18/spam_survey_checkbridge
  10. Leyden, J Spear phishers launch targeted attacks. The Register 27th August 2005
    http://www.theregister.co.uk/2005/08/02/ibm_malware_report/
  11. Pinsent Masons. Spam filters block too much work e-mail. 27th April 2005-09-26 http//:www.out-law.com/page-5618
  12. TechNewsWorld 18th July 2005-09-23 http://www.technewsworld.com/story/44750.html

1 Comments:

At 8:56 AM, Blogger Guy said...

According to a report by Tom Espiner for ZDNet (1st March 2006) MessageLabs found that 91% of email traffic in India is spam.

 

Post a Comment

<< Home