What Is The Real Cost of Spam? 316
securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."
Re:First Amendment rights my ass (Score:3, Informative)
Has nothing to do with whether it's commercial or not. The first amendment guarantees your right to speak - NOT your right to hijack servers and bandwidth all across the world in order to force people to listen to you.
Re:The real issue is not now, but tomorrow (Score:2, Informative)
Normally, I'm disturbed by violence.
However, in the case of spammers, I really don't think there really is a limit to what is "just".
Some suggestions:
I get, when I take into account the amount of email per box, something like 2000 emails a day after all is said and done. It doesn't come out to $1 per spam, but I find myself constantly having to deal with it throughout the day.
I'm reminded of this one tommy gun scene where the guy firing loads of lead comments: Keep the change, you dirty rat.
Re:84 seconds per spam?! (Score:3, Informative)
Fine, this is not much of a problem for someone who is at their computer a lot and can basically delete spam as they arrive. I get a similar amount of spam as you (maybe slightly less, but still at least 10 per day, consistently). But what happens if you go on holiday for a month? Suddenly that small handful of 'delete' presses becomes a huge mass of junk, from which it is really hard to find the important messages. And what if you were away for 6 months? The task of filtering out the junk would be practically impossible.
For someone who doesn't work with computers, who maybe checks their email once a week, spam becomes a major chore.
Compare with snail mail; I get practically no junk mail (I also have a 'no junk mail' sign on the letterbox, which I suspect is legally enforcable where I live). Sorting out the mail after a long holiday (yeah I wish!) is actually an interesting and not long task.
The way it is now, it is impossible to use email for important communication (think bills, court documents, things you really _need_ to receive), simply because of spam. Filtering isn't the answer. Email was intended to be robust; either the message would get through or it would bounce. Spam filters make this no longer true, not by a long shot.
Re:Is this real money? (Score:3, Informative)
Back when I used to get spam, I got about 100-150 a day. It took me about 10 or 15 minutes of actually going through the mailbox checking and hitting DEL to clean it out.
The bummer was that if I got behind, it would seem like an enormous amount, and I'd put off going through my inbox at all. That, of course, was a bigger productivity loss.
If we say someone takes half an hour a day to both clean out the spam and grumble about it, we might guestimate the annual productivity loss something like: ...which sounds very high. On the other hand, my gut feeling is that the 1/2 hour isn't an overestimate for average workers (who only cost the company $30/hour total).
If you just ask people how much time they spend dealing with spam you'll get wildly unreliable answers, depending on how they think their answer will be interpreted.
In any case I'm convinced the productivity cost dwarfs the infrastructure cost. I just haven't (yet) seen any statistics I'd call definitive.
Re:Let's say it's $1B (Score:4, Informative)
The whole 'frea speach' issue is a red herring, used by spammers to make stupid people take pause before doing something.
The first amendment guarantees the right to say whatever you want, but it does not guarantee the right to use other people's resources to say it.
There is NO first amendment issue regarding spam.
Re:First Amendment rights my ass (Score:3, Informative)
1. You are not allowed to advertise fraudulently.
2. You are not allowed to reveal national secrets.
3. You are not allowed to violate a gag order given by a court.
4. You are not allowed to perform someone's song publicly unless you pay a fee.
5. You are not allowed to yell "fire!" in a crowded theater. (sorry, couldn't resist)
6. You are not allowed to speak on my lawn. Ever.
7. You are not allowed to show obscene material in public. You are not even allowed to LOOK at kiddie porn.
8. You are not allowed to give away trade secrets of your employer.
9. You are not allowed to incite illegal activity.
10. Defamation is not protected speech. If you defame me, you cannot use the first amendment as a defense.
Oh, there are plenty of others, but those are 10 nice, good ones. BTW I've read the First Amendment, as well as thousands of supreme court cases interpreting it. Now, if you're one of those people who believe the Constitution is not meant to be applied to real-life facts, then what can I say. Sorry, but you live in the real world.
Stupid System Administrators (Score:5, Informative)
If people would set up their email servers correctly, I could eliminate 99% of the spam from my systems. Unfortunately, a bunch of administrators seem to feel that they do not actually have to configure their systems correctly. If I want to be able to receive mail from them, then I need to open my server up and allow misconfigured servers to talk to it. Guess who has the majority of (usually intentionally) misconfigured servers. You guessed it, spammers.
Getting rid of spam is simple. Stop bitching about it and fix your own damned mail server.
Do you:
Just my two cents.
-sirket
Re:A dollar a message (Score:3, Informative)
According to an IBM study quoted in McConnell's Rapid Development, it takes the average programmer 15 minutes to recover fully from an interruption.
Re:A dollar a message (Score:2, Informative)
Unfortunately there isn't much there in the way of installation instructions. I think the developers of SpamAssassin are planning to release a commercial version soon (which I would gladly buy to support them and their efforts.) Perhaps the commercial version will be easier to install.
A brief summary of what needs to be done:
Install SpamAssassin and (optionally) razor.
Install the perl module Sendmail::Milter
(You'll need a version of perl that supports threads like 5.6 or later. If you don't have one, install it first.)
Add a few lines to your sendmail
INPUT_MAIL_FILTER(`myspamfilter', `S=local:/var/run/mperl.sock, F=T, T=S:1m;R:1m')dnl
Use m4 to make a new sendmail.cf file.
Create the proper configuration files for spamd and spamass-milter per the documentation.
Restart sendmail and start the daemonized version of SpamAssasin (spamd).
Start spamass-milter.
Sit back and watch the spam bounce off your server.
Some Actual Numbers (Score:2, Informative)
Total email processed: 271,217
Total junk email identified: 239,560
88.32779% of email sent to our company is identified as spam.
That's over 6000 a day.
That's over 67 per account per day.
Before we installed a spam filter (you may feel free to ask me which), each person had to sift through their hypothetical 10 emails and delete almost 9 spams.