As a follow up on the fact that spammers get 1 customer for every 12 million emails they send out, what can we do to stop them?
The easy answer would be to stop buying from them and they will go away, unfortunately it only takes 1 idiot in 12 million to break the pact…
Here’s some thoughts:
Email is almost free, what if it cost to email?
Let’s say you could send 1000 emails for £5. That’s half a pence each so should be no problem in paying that to send a real email, but it would cost the spammers £60,000 to send their 12 million emails.
The email providers would love this (more revenue for them) and in theory it would kill spam overnight.
So what’s wrong with that? Well firstly, it would set a dangerous precedent of paying extra for some services over the Internet and soon afterwards we would start to find we were being charged different amounts for video traffic, text traffic etc.
Secondly, even if the big-boys of Yahoo, AOL, Google and Microsoft started charging for email, somebody else (probably me) would set up free accounts again to compete with them. Assuming that people would rather get something for free than pay for it, the problem would start all over again.
Thirdly, the spammers are not using their own systems to send spam, they are using your computer! About 80% of spam is sent from so called Botnets, which are networks of ordinary computers infected with viruses. Even if it cost to send an email, it wouldn’t be the spammer out of pocket, it would be you.
Only my friends can send me email…
What if you never had an email client on your computer and all your email was web-based (the trend is going this way anyway)? Then, in order to send me an email, you had to pair your account with mine. Once paired we could send as many emails as we wanted, but if you weren’t in my address book, I wouldn’t even see your email.
This is basically what happens in social networking sites like MySpace and Facebook. You can only send a message if you’re my friend and you have to go through a laborious process to ask me if you can be my friend.
So what’s wrong with that? Maybe nothing…
The only problem I see is it becoming a “walled garden” where you can’t speak to me because I use Yahoo and you use Google. It would have to be an open system which of course these big businesses don’t like and which also leads to potential security risks where you would just get spam friend requests instead of spam emails. Could be a solution though if someone smarter than me put some effort into it.
Fight back…
According to Wikipedia, 80% of all spam is sent by 200 people. The laws and effort going in to tracking these people are too weak to put an end to this and even if they were stopped, another couple of hundred would take over.
Most spam directs you to a website where you buy some kind of product such as Viagra or perfume etc. One very semi-effective method is then to use distributed computing to eat up this websites bandwidth. i.e you have a program on your computer that downloads a picture off this website over and over. If 10 thousand of us have this program, the website will run out of bandwidth pretty quickly and have to shut down or will be priced out of the game.
There was a few examples of this a few years ago, for example Lad Vampire and Make Love, Not Spam.
There are four obvious flaws in this…
Flaw 1: It’s extremely close to a denial of service attack which is eh, illegal to say the least.
Flaw 2: Most websites are on shared servers. This website shares a server with 1195 other websites, I don’t really want to disrupt 1194 websites to get 1.
Flaw 3: You would have to be very careful about what sites get shut down. What if I was a devious competitor who sent spam in the name of my competitor just to get them shut down. We would all end up on the wrong end of a lawsuit.
Flaw 4: The spammers would just move around and it would be a game of cat and mouse.
That’s exactly what happened to Make Love Not Spam which was more of a marketing stunt than a real way to solve the problem. In the end, although the program got downloaded over 100,000 times, it lasted about 1 month and then was shut down by ISP’s annoyed at paying for the extra bandwidth.
Not that I’m advocating this, but the problem with Make Love Not Spam and Lad Vampire was that they were both too centralised. If I was making it, I would use the Bit-Torrent architecture. But I’m not making it.
So what’s the answer? I don’t know. I have a feeling that as we move away from the desktop and into more server side applications, we will gradually fix the virus problem. I think that perhaps that will be enough cut the number of spam, and then perhaps a mixture of a pay per delivery and friend network thing could take the rest.
For example, what about if I have accepted you as a friend you don’t have to pay, but if you are from outside my friend list, you have to pay 1p to email me? Any ideas?
The problem as I see it is that the spam is non-targeted. The spammers send out emails to 12 million people who don’t want the spam and won’t buy anything from it in order to reach the one guy who will. If it were properly targeted, we would stop receiving spam and the people who are interested in it would still get it.
Clearly, educating users isn’t going to help because the chances of finding that one guy are pretty slim.
What would work is finding a way of making the spammers target only the people who actually purchase things marketed by spam. Most of the micro-payment ideas are essentially attempting to make this happen. Unfortunately, these ideas impact on legitimate mailing lists unfairly, impact on normal users a little and are difficult to implement due to the lack of a central controlling body for email. Other methopds such as pre-computing hashes fail for all the same reasons.
One thing all these methods have in common is that they try to punish the spammers. I suspect many spammers fall under the definition of psychopaths found here: http://www.hare.org/links/saturday.html which suggests that a threat of punishment is not a deterrent.
What we need is to provide an advantage for spammers to target their spams rather than a punishment for not targeting their spams. They will, however, only take this advantage if they can be absolutely certain that the one guy who buys the stuff is not in the list of people being excluded. (Or rather, IS in the list being targeted.)
One advantage for spammers would be that if they weren’t so darn annoying to us sysadmins, we wouldn’t spend so much effort in trying to block them and hence they could start using normal English again rather than v14gr4.
This is just an idle thought but I think with a little refinement it could be turned into a powerful psychological incentive.
Hiya Dave,
Thanks for your interesting comment. The way I see it is that if spammers were targeting their offers better, they wouldn’t be spammers, they would be legitimate Internet marketers.
This path is open to them already, but it takes work and knowledge and skill to be able to carry out proper market research and find a path to your target customers. Spammers make an active choice not to do this and instead use non-legitimate methods to find their customers. It’s like using a nuclear bomb to kill a fly.