My internet service provider’s web site says “Each week thousands of viruses and nearly 100 million Spam messages are eliminated before they reach your Inbox.” Could that be true?
A little less than 70% of all email is spam. It is very easy to believe that an ISP can filter out 100,000,000 spam emails week.
I don’t think that they actually mean they filtered out 100 million going to you alone…
But yah, that is a reasonable number. At work here our post-isp firewall routinely dumps between 7500 and 50,000 spam emails a week into the bit-bucket.
I have a Yahoo account that used to trap 4000 spams a month. It has dropped off in recent years though.
I had signed up my Yahoo email to a political site a few years ago; the end result was endless reams of political spam. I clicked on them all two weeks ago, ID’ed them as spam, and sent them to my spam folder.
Now, not even the spam folder catches them anymore. I simply don’t get them in the 1st place.
Most spam never even makes it into your spam folder. Some things are so obviously spam that they just dump them. The ones in your spam folder are probably those whose probability of being spam is less than 100%.
I would guess a lot of the spam is addressed to fake addresses that the spammer creates at random, like asmith@isp.com, bsmith@isp.com, etc., hoping that some of them end up being correct. Since it costs virtually nothing to send spam, the spammer can makeup addresses with every combination of first and last name. I wouldn’t be surprised that the ISP receives millions of those types of spam messages.
I recently changed ISPs and set up a catch-all for my domain on the new servers. I get waves of several hundred such emails with random addresses a few times each week, while there are only 6 genuine email accounts. I expect I only get a fraction of those actually sent and the ISP cuts off the rest when the stream is recognised as spam.
This suggests that spam could be stopped simply by charging a per-piece rate for spam. If that rate is 1/1,000 of a cent per item, a real human would need to pay only a couple of cents per lifetime to pay the rate, but the spammers who send out a hundred million a day would face costs that they cannot afford to pay. It would cost $1,000 to send 100,000,000 emails.
Each email would have to carry a certificate that the sender had paid the fee, and the certificate could be checked by the destination email provider , and rejected without a receipt.
A lot of ISPs will refuse connections from known spam-spewing servers (IP Addresses) which is why a lot of spam now comes from hacked machines - the spammers can spread their sending more and it’s harder to track them down.
As low as the cost is to spam, I’m still amazed that enough people actually buy the shit being spammed to make it worth it.
There must be a very small group of very gullible idiots who buy this shit who are funding the spam operations that annoy millions.
There is one born every minute, or rather, every millisecond. Each one puts his hand on the stove only once, but you still get most of them. There is no difference between a spammer in Moldova and an attorney who pitches class action suits on late night TV and the payday loan office down the street who bulk-mails flyers and the do-not-call violators at Credit Card Services and the Nigerian scammers. They all get the same suckers.
Paid to whom? What’s stopping these spammers making arrangements to obtain certificates without paying the correct price for them?
I always thought it’d be a cool business model to be an email service company and sell mailboxes. If any customer sent an unwanted piece of email to any other customer, the recipient could forward it to ding@napier.net and I would charge the sender a nickel. The appeal of this company would be that you could trust emails coming from its domain to not be spam.
I don’t think I know enough about email business models to see why this wouldn’t be a good plan…
I run a small mail server and I’d be willing to bet we handle about 1mm pieces of spam per week, and that’s over like 30 domains with fewer than 500 active addresses total.
Up at ISP level, 100mm is absolutely reachable.
You already see spam emails disguised as bounced emails. I wouldn’t be surprised if the spammers started sending falsified forwarded emails to that address just to sabotage what might otherwise become a threat to their business strategy.
To the USA, of course, by the grace of whom the Internets and the World Wide Web exist, with the taxing authority subcontracted to the relatively unregulated private sector to administer according to their caprice and how much markup they can get away with. A few will slip through the cracks, just as a few robocallers slip through the do-not-call cracks.
It will take a certain effort for spammers to counterfeit certificates, and they can be combated as effectively as viruses and trojans, if there’s money to be made doing it…
It has occurred to me that the massive abundance of spam e-mails is a glowing example of the economic phenomenon of externalities or external costs in which the true cost of a good or service is borne by third parties other than the provider and the customer of the good or service.
The true cost of an e-mail includes the cost of all the servers and network infrastructure through which the e-mail passes on its way; the cost of disk space and CPU processing time on every server; the CPU time and disk space and electrical expenses of every final recipient; and the value of the time spent by the recipient in reading the e-mail (or simply clicking on the Delete button).
Neither spammers nor even the willing recipients of said spam are paying for most of that. All the other 3rd parties are. According to the well-established economic theory, such products or services will be produced in greater abundance than the laws of supply and demand will properly dictate (since the producer is paying much less than the true full cost that he ought to be paying). Spam, being so expensive when all the costs are considered compared to the miniscule price that the producers actually pay, gives us a particularly extreme example of this.
This only works if you set a price that is higher that spammers can afford, and also low enough so as not to discourage wanted emails.
Unfortunately, there’s good evidence that the price spammers are willing to pay is higher than what a typical user would pay. Easily several cents per email received, perhaps more than a dollar. That’s more than a good portion of the world’s population could afford.
Your post advocates a
( ) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won’t work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we’ll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don’t care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else’s career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don’t want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don’t think it would work.
( ) This is a stupid idea, and you’re a stupid person for suggesting it.
( ) Nice try, assh0le! I’m going to find out where you live and burn your
house down!