Forgot your password?
typodupeerror
Spam Your Rights Online

What Is The Real Cost of Spam? 316

Posted by timothy
from the human-depravity dept.
securitas writes "The NY Times has a nice feature about the diverging estimates of the costs of spam (Google). The estimates vary widely from $10 billion to $87 billion per year for American workers, and even more for global costs. Critics say that research firms' estimates vastly overstate the actual cost of spam. Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers. And at companies like Nortel Networks, security architect Chris Lewis says that the real economic burden is the 10 to 15 percent - 5,000 to 10,000 messages a day - of the spam that still gets through, which costs the company about $1 in lost productivity per message. The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain." A chart of the per user amount of spam and the time spent processing it, as well as the varying estimates of the per user cost of spam are included in the article."
This discussion has been archived. No new comments can be posted.

What Is The Real Cost of Spam?

Comments Filter:
  • My own thoughts (Score:5, Interesting)

    by Phroggy (441) * <slashdot3NO@SPAMphroggy.com> on Monday July 28, 2003 @07:10PM (#6555015) Homepage
    here [phroggy.com]
    • Re:My own thoughts (Score:3, Insightful)

      by kaltkalt (620110)
      So let's say it takes five seconds to recognized and delete one message. That's not really significant, is it? But if you do the math, for someone who receives 100 per day, at minimum wage it works out to over $300 per year!

      Ok, but someone who is getting paid minimum wage isn't gonna be docked for those wasted 500 seconds each day. Frankly, they should be. Then people would start caring more about spam and we would get a blue-collar army to rise up and get some real anti-spam laws passed.

      Or, make it
    • by kramer2718 (598033) on Monday July 28, 2003 @11:15PM (#6556462) Homepage
      The lost productivity due to spam is inconsequential compared to the lost productivity due to Slashdot.

  • by Anonymous Coward on Monday July 28, 2003 @07:12PM (#6555033)
    The costs can be much higher if a top executive is upset or mad about spam. "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain."

    Well, yes, since the CEO needs to ask his assistant to ask a senior manager to ask the Spam Control Committee to ask a freshly-hired sysadmin to fucking hit his goddamn delete key. All that and more for just $50 million a year, plus golden parachute!

    • Well you just don't know how difficult it is to line your pockets while avoiding SEC investigations er... I mean maximize shareholder value.
    • Re:PHB Gets Spammed (Score:2, Interesting)

      by larry bagina (561269)
      There are plenty of upper management (or older generation) types that don't deal with email directly.

      E. Djiekstra, for example, had his secretary print out email, to which he would write out a reply in long hand, which would then be typed back in.

      Ted Turner stated in an interview a few months ago that his secretary deals with all his email, and he never touches it.

      I know Lotus Notes allows you to allow others access to read/send email on your behalf. High level management have personal attendants to d

      • by mwolff (594593) on Monday July 28, 2003 @08:10PM (#6555459)
        Some older people do not understand spam. I found my boss replying with individual, very professional messages to the spammers. His assistant, who is not as old as my boss, caught on and then went to me for help about it. She knew what spam was, but did not know how to deal with it.
        • Re:PHB Gets Spammed (Score:3, Interesting)

          by frostman (302143)
          Funny, in the early days of spam I did the same thing, even though I knew plenty about spam.

          If I could track down the responsible party I would send a very professional yet very nasty message.

          I knew it was pointless, but I felt a little better afterward.

          *sigh* those were the days...
    • by vaxer (91962) <[sylvar] [at] [vaxer.net]> on Monday July 28, 2003 @09:19PM (#6555851) Homepage
      "I got three spams this morning, can you do anything about it?"

      1. Not if you keep zeroing out the machete budget.
      2. Sure, why don't we trade accounts? I got sixty.
      3. Okay, I'll post your address on Usenet. You'll never wake up to three spams again.
    • I've been there (Score:4, Insightful)

      by Dr. Evil (3501) on Tuesday July 29, 2003 @07:45AM (#6558062)

      It's really about a bunch of senior executive yes-men overreacting. Usually what happens is something like this:


      • Exec: "Oh look, somebody is trying to extend my member. I hate spam."
        Assistant: (takes mental note and walks into a neighbouring execs office, usually somebody in IT, and says) "--insert head hancho's name-- is getting deluged with spam, it's a real problem. Could we have somebody come up here and do something?"
        IT Exec: "That's unfortunate, I'll see what I can do"
        IT Exec: (calls personal friend in technical support (kiss-ass middle management), chats about golf, the latest corporate results, a couple real business related things, and adds: --insert head hancho's name-- is having a real problem with Spam, can we do anything?
        Kiss-ass middle managment: (calls lower management of tech support) "--insert head hancho's name-- has a critical presentation to do and their computer won't work anymore! Send somebody up there quick! I don't care what they're doing, this takes priority, this is --insert head hancho's name--!"
        Lower management to techie(this response can really vary): "--insert head hancho's name--'s computer is messed up, I need you to pop up and have a look. --kiss assed middle management-- is very concerned, so this is unfotunately high profile."
        Techie, calls Assistant: "What's up?"
        Assistant: "We're being killed with spam, --insert head hancho's name-- is furious, get up here now!"
        Techie to Exec: "Hello, --assistant-- says you're being killed with spam, do you have any of it left?"
        Exec: "No, I deleted it, don't worry about it"
        Techie: "Next time you get one, hang on to it and we might be able to do something about it. --spout summarized corporate spam policy--. Do you need anything else?"
        Exec: "No, that's all for now, thanks."

      ...and the end result is that everyone it the IT department thinks that the top exec doesn't know how to hit the delete key.

      Not to say that there aren't technophobes in senior management, but in my experience, they're quick learners. Just tell them what to do and they'll remember. Often to your detriment.

  • by perimorph (635149) on Monday July 28, 2003 @07:12PM (#6555042)
    ...which costs the company about $1 in lost productivity per message.

    Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!
    • by Threni (635302) on Monday July 28, 2003 @07:26PM (#6555153)
      "Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!"

      Well, in my dreams that'd be the job description for a vacancy at the Patent Office but I don't see that particular dream coming true any time soon.
    • by Arker (91948) on Monday July 28, 2003 @07:26PM (#6555159) Homepage

      You can't just hit the delete button. You have to figure out that it's spam first. This involves viewing the message, reading at least part of it. If you're talking about someone that costs the company $60/hr (doesn't mean he takes that home, when you include overhead/ss/unemployment/insurance etc. a lot of people cost more than that to employ) that's $1 per minute, and a 'clever' spam that slips past your filters can take a minute to conclusively identify and delete.

      Not to mention all the problems that are created when the filters catch the wrong mail...

      • Are you JOKING ME!? Most spam can be recognized just by the subject line. If it takes you a minute to recognize a spam message, you should be shot and dragged down the streets in a burlap sack.
      • To: CEO
        From: John Smith
        Subject: V*I*A*G*R*A

        To: CEO
        From: Your Buddy
        Subject: Are you feeling a little less than you could be?

        Now let's take a poll. How long wold it take for most of you to figure out this is Spam? How many of you would approach the 10 second mark for deleting both of these? If you are, then you have a slow trigger finger.
      • yeah ... you can't just hit delete ...
        90% or more of my spam is identified just by reading the subject and the senders address
        i don't think someone payd $60/hr is working at a computer that has over 30 seconds to open a message =)))
        one look at the message disqualifes the other ~8% of the spam
        before i start reading a message i go over it just looking for the topic and who was writing this message
        if this takes someone over 30 seconds you should reconsider his wage (especially if it's over 60$/hr)
    • Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!

      I have a job like that for you. Just post your email here, and I'll send you all the information.

    • by BJH (11355)
      Average it out - as it said in the story, if senior management gets a bee in their bonnet about spam they received, you could have several guys spending an hour or two doing whatever it takes to placate them.
    • I take it you don't have much spam, where you are...sure, $1 per message sounds like a lot, but my guess would be $.50: think of the _interruption_ time it involves. These (lucky, few) people with jobs are getting paid $50 a day or more, and have to stop what they're doing 'cause the 'you have mail' flag comes up. [No, they don't have to stop, but burn someone for not responding to the boss's mail in a hurry, and you'll see that recipient watching that flag like a TV set] And every time it's spam, he me

      • by dubl-u (51156) *
        think of the _interruption_ time it involves.

        According to an IBM study quoted in McConnell's Rapid Development, it takes the average programmer 15 minutes to recover fully from an interruption.
    • by Jade E. 2 (313290) <slashdot@@@perlstorm...net> on Monday July 28, 2003 @10:54PM (#6556340) Homepage
      Where can I find a job where I get paid $1 every time I press the delete button? I'll fax in my resume' right away!

      That would be the job of the person receiving your resumes.

  • Is this real money? (Score:5, Interesting)

    by eric434 (161022) on Monday July 28, 2003 @07:13PM (#6555045) Homepage
    Or has this been calculated in the same way that they calculate money lost from 'piracy' and 'hacking'?

    I can certainly see how spam costs real money in terms of bandwidth and all, but I'm wondering whether they actually did some research or just guessed.
    • by frostman (302143)
      Interesting question. I'd like to know too.

      Back when I used to get spam, I got about 100-150 a day. It took me about 10 or 15 minutes of actually going through the mailbox checking and hitting DEL to clean it out.

      The bummer was that if I got behind, it would seem like an enormous amount, and I'd put off going through my inbox at all. That, of course, was a bigger productivity loss.

      If we say someone takes half an hour a day to both clean out the spam and grumble about it, we might guestimate the annual
  • Spam (Score:2, Funny)

    by Luigi30 (656867)
    I don't like wading through Spam... too gooey and greasy.
  • by mrand (147739) * on Monday July 28, 2003 @07:16PM (#6555068)
    Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?

    And the person quoted about the cost of setting up spam filters and following up on incorrect filtering seems to ignore the fact that the effort for this person to do this is spread across all the users... thousands of them (or tens or hundreds of thousands, in this case).

    Marc
    • Yeah, those estimates are gross exaggerations.

      Here's a different kind of cost though. I have always been careful with my email addresses and managed to avoid most spam. But now it has affected me. Because of spam, my block of IPs (Comcast) has been blacklisted by quite a few mail servers. I can still send email if I go through Comcast servers, but I'd rather send it directly, and to me it's sad to see locks and fences thrown up (the "taming of the wild west" if you will), in opposition to the peer-to-

    • Either I'm a spam processing machine, or some of these estimates are WAY overstated. After running through two filters, I end up only seeing 20 TO 40 spam's a day, and it takes me all of 20 or 30 seconds to deal with them - for the WHOLE DAY. Do these people keep their delete key in their drawer or what?

      Fine, this is not much of a problem for someone who is at their computer a lot and can basically delete spam as they arrive. I get a similar amount of spam as you (maybe slightly less, but still at least

  • spambayes (Score:4, Insightful)

    by utexaspunk (527541) on Monday July 28, 2003 @07:16PM (#6555076)
    how do they figure $1/msg? It maybe only takes me 10 seconds to alt-tab over to outlook and see that it's spam, delete it, and alt-tab back. let's see... that amounts to $360/hr! I wish I were making that kind of money! If it weren't for all this spam...

    if they'd just get spambayes [sourceforge.net] they wouldn't have this problem anymore. hardly any junk mail gets past spambayes...
    • by Threni (635302)
      > that amounts to $360/hr

      Shush!! That's not what it costs!! That's just what you tell the lawyers it costs!

      Obviously it just takes under a second to decide to delete it and press the `delete` key, plus however long Outlook feels like taking, to actually delete it.

    • how do they figure $1/msg?

      Well, is it $1/msg, or $1/msg/user? If it's just $1 per message then at 30-50 employees you only need to make a minimum wage for it to be true.
  • for now,we have to live with it (or with what gets through our filters).

    "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain."

    In other words, stop whining and hit delete.
  • by gorbachev (512743) on Monday July 28, 2003 @07:19PM (#6555100) Homepage
    The real issue about costs of spam is not what it costs today, but what it costs a year, two or 5 years from now, if it's not killed today.

    The volume of spam is increasing exponentially. It will reach a point when it will start choking up Email entirely.

    At that point it's too late.

    Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death
    • Normally, I'm disturbed by violence.

      However, in the case of spammers, I really don't think there really is a limit to what is "just".

      Some suggestions:

      • Use tranquilizers. You don't want to damage any sensitive nerve bundles.
      • I would recommend either bamboo slits or rusty nails underneath their finger and toe nails.
      • Keep everything disinfected. Rotting flesh is dead, unfeeling, flesh.

      I get, when I take into account the amount of email per box, something like 2000 emails a day after all is said and done.

  • This is an issue. (Score:5, Interesting)

    by AntiOrganic (650691) on Monday July 28, 2003 @07:19PM (#6555104) Homepage
    This is a big issue for me. I work for a web hosting company, and we had two options when it came down to dealing with spam:

    Sift through hundreds, sometimes thousands of messages a day searching for legitimate technical support issues

    Only accept email from addresses belonging to customers on file.

    This has had a detrimental effect, and we often do get calls from customers saying their emails never got through and that they need to know which of their email addresses is on the account because they don't remember. This is inconvenient, and these measures may have led to the loss of a few customers for us. This isn't terrible, however, compared to spending hours a day sifting through spam, which would probably cost us more than the customers we lost.

    This is still unacceptable.

    • Re:Wrong Thinking? (Score:2, Insightful)

      by globalar (669767)
      "'Spam, although it is a bad thing per se, is fostering the growth of the e-mail infrastructure,' he said."

      I disagree with this positive outlook on spam. Technically, Dr. Fader is right: the infrastructure grows because spam forces it to do so.

      This is not productive growth to me, it's just fat. One needs more bandwidth and processing capability to manage spam. This capacity could be used for other avenues, or the money spent someplace else. This is bad economics - something along the lines of the b

    • I mean, especially with being a web HOSTING company, where many of your clients won't even have a decent e-mail address until the buy one from you, why on earth did you bother with support via e-mail when web interfaces, even ones that have anonymous access, are so much better.

      I killed many of my personal e-mail address a long time ago, with an auto-reply that leads to http://www.rahga.com/contact.... I get roughly 2 spams a month through the form from desperate spammers.
      • All of our plans have a minimum of 5 included email accounts. We're not cheapasses, we cater to small business and sites that go beyond what would be better off on Geocities where they started.

        We do provide a web form, but the fact that 2% of our customers use it over the email-based system does indicate that what you're suggesting is inconvenient for customers. In fact, the only customers we seem to find using the web system are the ones who have web-based mail, such as Yahoo or Hotmail.

        And I understand
  • by geekd (14774) on Monday July 28, 2003 @07:19PM (#6555107) Homepage
    Spam has cost me over $10,000, and my dick STILL isn't any bigger.

  • by YllabianBitPipe (647462) on Monday July 28, 2003 @07:20PM (#6555111)

    I wonder about the effectivity of Spam because I just chuck it all. I can't remember a single time I clicked on a spam email. Nobody I know gets any spam that's worthwhile in any regard.

    I just read James Cramer's bio and he talks about how TheStreet.com did a bulk mailing that they paid $500,000 for it. End result? 5 subscribers. $100,000 per subscriber. That's a terrible conversion rate for junk mail. Now I know that was junk mail, not spam email, but I simply can't imagine the rates being all that much better for Spam.

    I'd say one way to fight spam is have a "do not spam" registry ... like what's being done with telemarketers.

    • by AnotherBlackHat (265897) on Monday July 28, 2003 @08:07PM (#6555437) Homepage
      Every case is going to be different, but response rates for junk mail are typically claimed in the 2-4 per thousand range,
      and spam is estimated at 1-3 per ten thousand.
      (A response is not a sale, but the response to sale ratios are fairly high - usually double digits.)

      A full color piece of junk mail costs about $1.
      A single spam costs less than $0.00001.
      That $500,000 mail campain would have cost less than $5 if done through email.

      That, in a nutshell, is the real problem with spam.
      It doesn't have to work well because it's so cheap.

      -- this is not a .sig
  • Does spam generate enough revenue to justify it's cost, even at $Billion, or heck, even $100 million? If not, then it's time for the government to step in. It's your "1st amendment right" to tell epople to buy stock XYZ (knowing you are going to dump it next week), so why are there laws that will put you in prision if you do? The reason why there are SEC rules and such are because it hurts the economy to have people messing with the stock market.

    Well, if the spammers are costing more money than they are
    • by schon (31600) on Monday July 28, 2003 @10:05PM (#6556087)
      Well, if the spammers are costing more money than they are generating then they too are hurting the economy, and rules need to be made to regulate them.

      The whole 'frea speach' issue is a red herring, used by spammers to make stupid people take pause before doing something.

      The first amendment guarantees the right to say whatever you want, but it does not guarantee the right to use other people's resources to say it.

      There is NO first amendment issue regarding spam.
  • by SuperBanana (662181) on Monday July 28, 2003 @07:22PM (#6555132)
    "If someone in senior management gets spammed," Mr. Lewis said, "it could take 20 or 30 hours of everyone's time, up and down the chain."

    That's not the fault of spam- that's the fault of whiny executives. Execs are always whining about efficiency, "making the sacrifice", cutting the fat...yet they're responsible for more productivity loss for most IT departments than other employees combined.

    When 2-3 execs moved into the office I was supporting, they were a massive drain, killing my productivity- because any time even the slightest thing was wrong, we had to drop what we were doing, and rush to make the Big Baby happy.

    Executives, hear this. One sure fire way to enhance the productivity of your IT staff is to learn how to use your #$!@ing email program, not complain when your desktop is the wrong color, learn how to back up your data, and don't make us run in circles on your bloody little pet projects. Don't even get me started about personal printers/fax machines.

    • by billstewart (78916) on Monday July 28, 2003 @07:34PM (#6555217) Journal
      Remember when people had secretaries, who kept track of where they were supposed to be, filtered their incoming paper mail, decided what they'd think was important, and handled communications when they were travelling? Most executives still have them, though their titles are often "executive assistant" or whatever, and they can still filter out spam...

      But yes, execs do sometimes need handholding. Years ago, while I was still doing sysadmin, the head of one of the neighboring departments would ask me for help when his Mac wouldn't print. Hey, I was a Unix guy, not a Mac guy, though if they'd gotten me a Mac I'd have been quite happy - but 95% of the time it was a matter of rebooting the network printer frob a couple of times and it'd work....

    • by Tailhook (98486) on Monday July 28, 2003 @07:53PM (#6555348)
      This depends on just how "senior" your executive is. If you're dealing with the senior management of a struggling startup, you can have an indifferent attitude. On the other hand, if Rick Wagoner gets an add for "free porn" in his inbox, you can damn well bet all hell will break loose. If he gets spam it indicates a breakdown occurred in a chain of responsibilities shared by multiple highly paid people. I'd be mad too.

      We need to move beyond email. If executive management is using email to do actual business then it needs to grow up. Messages need electronic signatures than can be examined and verified before a message is accessed. Getting a worthy signature needs to cost a bit of money. That's all it would take to kill spam. If you want to get a message to me I require that you pony up and get yourself a signature, otherwise, forget it. Send messages to people who like dysfunctional communication mechanisms.
  • by mudshark (19714) on Monday July 28, 2003 @07:23PM (#6555135)
    Since most, if not virtually all spam is commercial in nature, it is not protected by the First Amendment. Kind of like the whiny telemarketers suing the FCC -- nobody has a "right" to try and sell me anything, thanks. And use of a recipient-pays delivery model removes them even more from the collective good graces of everyone trying to wade out from under the deluge. So screw the bogus legal pretext and lets get on with some gruesome public executions.
    • Has nothing to do with whether it's commercial or not. The first amendment guarantees your right to speak - NOT your right to hijack servers and bandwidth all across the world in order to force people to listen to you.

      • The first amendment guarantees your right to speak - NOT your right to hijack servers and bandwidth all across the world in order to force people to listen to you.

        True. OTOH, spammers don't do that. If your email is set up to accept unsolicited email, why is it spammers' fault that they're sending you such email. You could always whitelist. In truth, email accounts, by their very existence, are an implicit invitation for people to mail to them. Much like I can use your property to go to your front door an
    • by dissy (172727) on Monday July 28, 2003 @07:36PM (#6555233)
      That one had me confused as well.
      The First Amendment says the government can not stop you from speaking out aginst the government.

      If the government isnt the ones stopping the spam from getting to you, it does not voilate the amendment.
      Anyone else can do so.

      Additionally, the government CAN stop spam from reaching their own staff (IE their own mail server can use spam filters) as long as that mail server ONLY serves the workers and noone else.

      The only way the first amendment is involved is if a non government related person attempts to say something to another non government related person, and a government related person steps in to prevent that from happening.

      This is the main reason its so hard to pass a federal law to stop spam.
      Spam can NOT be defined as a type of email for them to outlaw it.
      They have to define it in another way that relates to an already criminal act.

      This is why in some states (not nearly enough), it is already illegal to forge headers or use misleading subject lines.

      But this is the only thing the first amendment prevents, is a law aginst spam directly. Doesnt prevent anyone else from stopping it.

    • No, commercial speech is protected by the first amendment. There are some other limits to it: the advertising has to be truthful, and some disclosures can be required, e.g. ingredients lists, but it's basically protected. There no bogus legal pretext whatsoever. Do you need case cites?
    • I think the issue was Indiana University having some kind of free speech concerns. Indiana University being a public, government-funded institution I believe they have a higher standard with regard to First Ammendment protections.

      Although I'm at a loss why even these elevated concerns would impact COMMERCIAL speech. You have to get a permit to sell stuff on campus, and I've never heard of the ACLU getting involved with a University over sales calls from vendors.

      Maybe they get a lot of University-specifi
  • Cost/Benefit (Score:4, Insightful)

    by Killer Eye (3711) on Monday July 28, 2003 @07:26PM (#6555150)
    It could be that cost is the wrong focus. Advertising the lack of benefits might deter spammers. By now most people have a knee-jerk reaction to delete the stuff before ever seeing what's in it; therefore, it stands to reason that the cost of paying someone to send ads anonymously may now outweigh the payback. Posting some hard stats on that might get organizations to send less spam, or pay spammers less money, or fire some spammers - all of which could result in less spam.
  • "Critics say that research firms' estimates vastly overstate the actual cost of spam"

    They probably use the same methods that determined that Mitnick caused $200billion in damages.
    • They probably use the same methods that determined that Mitnick caused $200billion in damages.

      Exactly. The situations are very similar. However typical "hacker attacks" are even more like spam than the Mitnick case. Mitnick actually copied some files which had a dollar value. Normal hackers (Mafiaboy [bbc.co.uk] et al) only really deface or DOS some machines, forcing a few days of shutdown and hardening.

      In both hacking and spam, the victim doesn't lose actual money- only some time (which is opportunity to earn m
  • by JohnGrahamCumming (684871) * <slashdot@jgc . o rg> on Monday July 28, 2003 @07:32PM (#6555204) Homepage Journal
    A number of people have responded "But I can delete spam really fast" etc.
    claiming that the costs quoted seem way to high. What they don't estimate is
    the full cost within an organization of dealing with a problem like spam which
    is greatly increased by a number of factors:

    1. Management get annoyed by spam and see it as a drain on their team's
    time and want to do something about it: that costs time there for them---
    because they are thinking about spam and not making widget X---and the IT
    department of the company who has to respond to the manager's questions re:
    what are we doing about this problem?

    2. Not all employees are as sophisticated as the Slashdot crowd (can't believe
    I said that) and so for them spam is a far greater time sink (== $$$). They
    start wondering why they got the spam (especially when it's pornographic) and
    wonder if they did something wrong or if someone is going to "find out". While
    they think about spam they are not working.

    3. Spam is a workplace nuisance for the HR department because offensive material
    that enters the workplace becomes the employer's problem when people go to HR
    to say that the employer should "do something" about the offensive material
    (after all an employer would "protect" its employees from a calendar of nude
    women or a harrassing coworker). More $$ spent in the time to complain and HR
    doing something about it.

    4. And finally there's the IT guy who bears the brunt trying to fight the battle
    against spam when he's got plenty of other stuff to do. And so he buys expensive
    software to deal with the problem. More $$ spent on his time and the software and
    maintaining the software.

    It's just a little more complicated than "can't people just delete the stuff". Even
    people who say "just get tool XYZ" overlook the cost of deploying (to 1000s of
    desktop machines), training employees (to use the thing) and maintaining it. That's
    a very expensive proposition.

    John.
    • The # of complaints that go to HR stating "This stuff is DISGUSTING! You must stop it NOW!" is enough to cause quite a lot of hoop-la.

      And before you say "never give out your e-mail" there are Sales and Support people that really don't have a choice.

      Not to mention those public e-mail addresses on websites... "support@mycompany.com" that are just absolutely drowned with spam.

      SpamAssassin/MimeDefang are a nice cost-effective combination though, and have so far proven to be quite effective.
      • And before you say "never give out your e-mail" there are Sales and Support people that really don't have a choice.

        Not to mention those public e-mail addresses on websites... "support@mycompany.com" that are just absolutely drowned with spam.


        Don't forget that, thanks to email worms, there's really no such thing as a "private" email address anymore. If you forwarded an email to a friend, who forwarded to a friend, ad nauseum any one of those people in the trail not only has the address, but might also unw
        • This is why I think that all sub-standard open source mail servers should be outlawed in favor of Exchange 2000, which in coordination with Active Directory is the only messaging solution which supports a PKI (Public Key Infrastructure) whereby sources of email can be authenticated by the sender's trusted certificate, and if necessary blocked.

          Now why the hell wasn't this moderated as funny?

          The poster was kidding, right?!

          [Although I do agree that SMTP needs to be replaced entirely]
    • Not to mention the need to spend money on email systems (hardware, software, networks, &c) to collect, transport, store, and present perhaps many times the volume of genuine email.

      Another thing people hereabouts seem to forget is that people receive different quantities of spam. Even a newbie could cope with one spam message a week. All but the clueless could handle one a day. Most people would be mildly annoyed by one an hour, but not debilitated. One a minute, though, would tax most people, and eve

  • I know the group that must have performed this study, they're the same that stated that P2P networks cost the music industry $2 billion a year.
    I think they used to run a few S & L's during the 80's.

  • "$874 a year for every office worker with an e-mail account"....

    What on earth type of number is that? I work in a small (3 person) office, a branch of the main company.... Unfortunately, this means that when someone calls us, I'll pick up the phone half the time. The time I have to waste trying to figure out is it's a telemarketer or not is insane, and it takes quite a bit of skill to represent your company with class while hanging up on these 2-bit lowlife punks.

    My calculation: 3x the wasted time of spa
  • by billstewart (78916) on Monday July 28, 2003 @07:45PM (#6555291) Journal
    Hey, even though they've got a few orders of magnitude variation in the costs, at least they're talking about the costs of wasted employee time, which is the real cost, and not whining about bandwidth usage. Yes, when I'm on dialup, downloading spam takes some time, but on a work LAN or on DSL at home it's very little download time, and the bits it consumes are usually a lot less than reading Slashdot.

    That's also true for ISPs - web traffic carries a lot more bits than spam, and while spam email probably outnumbers real email by byte-count as well as message count, it's not really a big deal for connectivity-provider ISPs. (Email-specialist ISPs are obviously another case entirely.) On the other hand, the worker-time cost of handling spam complaints and trying to keep filters up to date is more important than the cost of the bits.

    Almost all email programs let you display the sender and subject without opening the message. 90% of the time it's pretty easy to tell just from reading those whether to delete it without opening - filters can often trash many of those messages automatically, but they can also speed up the decision time by marking suspicious messages.

  • Here's another estimate [spamwolf.com]

    Probably should double those numbers since the page is over a year old.

    -- this is not a .sig
  • Real costs (Score:5, Insightful)

    by WindBourne (631190) on Monday July 28, 2003 @07:48PM (#6555310) Journal
    Funny thing is that Viruses actually cost more than spam, yet these folks are worrying about spam.
  • by Pig Hogger (10379) <`moc.liamg' `ta' `reggoh.gip'> on Monday July 28, 2003 @07:50PM (#6555324) Journal
    The first amendment DOES NOT COVER SPAMMING.

    Anybody who says otherwise is BULLSHITTING.

    The first amendment talks about Freedom of speech - freedom of the press. Nowhere does it permits anyone from using someone else's press, as spamming does by using someone else's computer/network ressources.

    • Nowhere does it permits anyone from using someone else's press, as spamming does by using someone else's computer/network ressources.

      You are correct.

      But, I ask, isn't it okay for other people to use your resources if you give them permission. You have to say yes, because the ability to grant or deny permission to others is very important if you want to assert control over things. If you're not able to act as the gatekeeper, someone else could let others in or deny them contrary to your wishes.

      So you get
  • by PaulK (85154) on Monday July 28, 2003 @07:51PM (#6555333)
    Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.

    First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".

    Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.

    If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.

    When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?

    The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.

    Because, I am a spammerhunter. [spammerhunters.com]

    • First Amendment rights do not apply to spam.

      Wrong.

      Spam is not directed at an individual per se, but at a list of millions of people.

      Oh, like a national magazine or newspaper? Or TV or radio? Or the messages on the side of the Goodyear blimp or written in the sky? Or mass mailings or even door-to-door canvassing?

      Breadth is not a factor. Speech is speech whether directed at one person or literally everyone.

      This is not a soapbox preacher that you can just walk away from

      Sure you can. You can delete i
  • Maybe a way to avoid any shaky first amendment issues - commercial speech already enjoys less fa privliges than personal speech.

    First require all spammers to register and be licensed as a business. A nice solid license fee (not so high as to risk legal challenge, but in line with what other businesses have to pay that are licensed).

    A $.05 tax PER ADDRESSEE for all unsolicited commercial email would end spam fast. $5k to send out 100k spams would put an end to it fast. (Does anyone know what rate a bulk s
  • Ask not how to get rid of spam, ask how to send your spam to SCO [mailto].
  • My Rough Estimate (Score:4, Interesting)

    by duplicate-nickname (87112) on Monday July 28, 2003 @08:03PM (#6555412) Homepage
    I'm pulling these numbers partly from my experience and partly from my ass.

    Average user at work receives ~ 10 spam messages per day, with our spam filters catching 80%, so the user receives 2 per day.

    I figure you can classify spam messages into 3 types which require varying amount of effort to determine when to delete them.

    First, you have obvious spam that can be deleted by reading the subject. I figure that 25% that get though spam filters are this type. Let's say they require 5 seconds to read/delete.

    Second type requires the user opening the message and reading the contents. Let's say 70% are this type and require 15 seconds.

    The last type are the ones that confuse users or they think they are legit. These are the messages that users will reply to, talk to their coworkers about, or forward to IS to be verified. This would be the remaining 5% and require 5 minutes (300 seconds) of time.

    With those numbers, the users spend 27 seconds per message or 54 seconds per day.

    Per year, that is 5.475 hours. If the average cost of a user (pay + benefits) is $30/hour then the annual cost for spam per user is $164.25/year or $0.225/spam.

    Now, we are running spam software in this situation. Figure that the spam software cost $10/user/year in licensing, and an additional $10/user/year in hardware or administrative costs. I'm also assuming that the spam load on our mail servers is minimal enough that the costs involved there are insignificant.

    That puts the total now at $184.25/year. However, without antispam software, that total would sky rocket to $821.25/year since the user would have to deal with 5x the spam. Of course, this may be high since there will probably a larger percentage of those 5-seconds-to-delete messages.

    About the only interesting thing about these BS numbers is that the lower one ($184) is close to Ferris Research's estimate of $168/year; while the higher number ($821) is close to Nucleus Research's $874/year.

    • You forgot to mention the guy that opens the attachment to become infected with the Melissa virus (not everyone updates their antivirus software you know).

      Or the extra admin/programming effort it takes to combat spam.

      Or the additional cpu processing and hard drive space required to deal with spam.

  • That ancient question is "what is the cost of spam?"

    It doesn't matter that much... I suppose it might to law makers since those are the guys who care more about the cost in terms of dollars instead of other forms of cost. But to me, if it never cost anything but measures of "frustration and anger" then it simply costs too much.

    Somewhere out there is a select group of people who are willing to piss me and thousands of other people off for money. These selfish bastards who, at my personal expense, want to
  • The university is building a filter for a new $50,000 server, and it does not know yet how many of these it will need for its entire network. The task requires not only programmers but also lawyers, as the state university has to be sensitive to the First Amendment rights of the spammers.

    Why hire more than one lawyer for something as trivial as "the First Amendment rights of the spammers"? Or even better, you could let some of the Seniors and Faculty of the on-campus law school elaborate in legal fashio
  • Everyone must be adopting the RIAA method of calculating costs due to "illegal" actions.

    Researchers: Hey, your company only makes $10 million net per year. How the hell are you claiming $1 billion in lost profit due to spam?
    Company: Wha?? Look at the monkey! Look at the silly monkey...
    Researchers: Oh, I see. $1 billion it is.
  • Laws Won't Help (Score:2, Interesting)

    by Shmew (693245)
    You can't legislate your way out of the spam mess. Read this: http://www.zeropath.com/bigbiz.html [zeropath.com] for an example of how Spam legislation will backfire on us all and only end up supporting Microsoft.
  • by dryguy (103495) on Monday July 28, 2003 @08:17PM (#6555521)
    $2.50 a can. [spamgift.com]

    Next question?

  • by whoever57 (658626) on Monday July 28, 2003 @08:19PM (#6555535) Journal
    "Spammers know they are going to be kicked off, so they won't pay their first few months' bill," said Craig Silliman, the legal director for MCI's network and facilities operation. "By the time you catch them, they turn into a net loss."

    So, not only do they fail to act on SPAM reports, but they don't disconnect for failing to pay? What are they thinking? I mean, how long does it take to "catch" a SPAMMER on their own network?
  • by firewood (41230) on Monday July 28, 2003 @08:26PM (#6555572)
    Getting a mailbox full of raw sewage and dirty needles every day would probably be fine if you were an organic farmer into collecting antique medical instruments. If you are an office worker only takes a few seconds to use a fire hose and wash the stink off your desk and inbox at work every morning; that's what storm drains are for. I'm sure the FBI would never arrest your household because of the contents of all those needles you have to throw in the garbage every day. You have to be careful opening packages in order not to get stuck with an infected needle.

    Now your mom doesn't want to check her mailbox at all anymore. But many people would just tell mom to call instead, since they no longer want to search for her letter amidst the toxic waste. And they certainly wouldn't send their kids down to stick their hand in the mailbox anymore with all those wrapped and unwrapped filthy needles.

    People will stop wasting their time with email (as currently implemented), and thus this new form of communication will be strangled soon after its birth.

  • Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.
    There's no First Amendment right to spam! The First Amendment guarantees your right to speak, but does not guarantee you the use of any particular venue for your speech, nor the right to make others pay for your speech, which is what spamming does. Courts have ruled that there is not a First Amendment right for a telemarketer to call you if you don't want to be called; it will be quite a surprise if courts decide otherwise for spam.
  • SPAM is not just about someone being too lazy to be bothered with hitting the delete key. The costs of SPAM are incurred way before that even happens.

    SPAM's biggest costs are in bandwidth and storage space for all those useless e-mail messages. If a 2 kilobyte e-mail is sent to a half-million e-mail boxes, that equals 1 GB of data transfer, plus 1 GB of e-mail storage. MSN claims they get 2.4 billion SPAM items per day. Can you see how much the bulk of spam can cost in real dollars?

    And while I includ

  • by Anonymous Coward on Monday July 28, 2003 @08:55PM (#6555744)
    Just as commercials on television pay for the programming you get to enjoy, advertisements in email are there to defray the cost of the email infrastructure. If you don't take the time to read these short, unintrusive messages, advertisers will be unwilling to pay to advertise on the internet. Who then will pay for the email system you take for granted?

    The evasion of commercial email is a serious ethical, moral, and legal issue. Users caught implementing "filters" to evade their responsibilities could face an expensive lawsuit or even jail time.

    We as a society must learn to respect the copyrights and first amendment rights of bulk emailers, many of whom struggle to put food on the table for their families. To summarize:

    1. Commercial email deletion is a serious moral and legal issue.

    2. "Everyone does it" or "I didn't know it was illegal to filter spam" are not valid excuses.

    3. Filter users could face an expensive lawsuit or even jail time. To avoid this threat, just delete all spam filtering software you may have installed on your computer.

    4. We will not rest until this insidious form of electronic shoplifting is eradicated for good.
  • by Skapare (16644) on Monday July 28, 2003 @09:28PM (#6555884) Homepage
    Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.

    What kind of BS is that? No they do not.

    IU and other public institutions are NOT lawmakers, nor are they free public resources. Now if individual students are doing the spamming, there may be some complexities to deal with, especially if other students are the targets of the spam. But public schools are not a resource that anyone may just freely use.

    If the school does make certain facilities open for public use, then they do have to do so fairly. That means, for example, if a facility like a stadium is used for a convention by members of the public (and usually these are done on a basis of school use has first priority, student use second priority, and public use last and usually paid), then spammers would probably have to be given equal access as members of the public. So you might see a spammer's convention meeting there.

    The real issues are:

    • Students spamming students (and we might include faculty here, too) using school computing and/or network facilities.
    • Students spamming the internet from school facilities.
    • Spammers spamming students (ingress use of school facilities).

    Does Kinkos have a right to post signs anywhere on school property to advertise their copying services to students? No! They must follow specific rules. There might be places designated for signs to be posted. The school newspaper might be advertising supported and Kinkos could buy ad space there. The school might even sell naming rights to the gymnasium to Kinkos (if they want to buy that). But there exists no free right for anyone, not even students or faculty, to come and commandeer any resource they wish for their own purposes.

    Certainly this rules out students spamming the internet, and I would argue it also gives no one in the public any particular right to communicate with a student on the school's network, even if the student grants that permission by signing up for advertising. The school owns the property and it is generally well considered to not be public use property. The school is definitely not preventing people from using their own personal property/resources when that school restricts the ways the school's property/resources are used to be limited to what the mission of the school is.

    It might be a whole different matter if a government entity were setting up a network, such as an open WiFi node, for anyone in the public to make use of. That is not what public institutions of higher learning do.

  • Cost (Score:3, Funny)

    by schnitzi (243781) on Monday July 28, 2003 @10:13PM (#6556124) Homepage
    Sure, spam has cost me a lot over the years, but if this deal comes through helping Mrs. Mariam Sese-Seko (widow of late president Mobuto Sese-Seko of Zaire) transfer her money out of the country, I'll have more than broke even!

  • by sirket (60694) on Monday July 28, 2003 @10:45PM (#6556301)
    I have said this before, and I will say it again:

    If people would set up their email servers correctly, I could eliminate 99% of the spam from my systems. Unfortunately, a bunch of administrators seem to feel that they do not actually have to configure their systems correctly. If I want to be able to receive mail from them, then I need to open my server up and allow misconfigured servers to talk to it. Guess who has the majority of (usually intentionally) misconfigured servers. You guessed it, spammers.

    Getting rid of spam is simple. Stop bitching about it and fix your own damned mail server.

    Do you:
    1. Have a postmaster account?
    2. Have an abuse account?
    3. Have reverse DNS?
    4. Have matching forward and reverse DNS?
    5. HELO with your server's Fully Qualified Domain Name (FQDN)?
    6. Use a FQDN at all points during the transaction?
    7. Have an A Record in DNS for those FQDN's?
    8. Have proper MX records?
    9. Use strict RFC821 envelopes?
    10. Reject unauthorized command pipelining?
    11. Reject non-existent sender domains? (joe@doesnotexist.com)
    12. Reject invalid HELO names (Either non-FQDN's, HELO names that do not resolve, HELO names that do not resolve to the IP address of the connection, or hosts that use a numeric HELO without brackets)
    13. Accept email for postmaster@a.b.c.d (Where a.b.c.d is the external address of your email server and e.f.g.h is the internal, non-NAT'd address). Many hosts fail this test (Though this is not something that you, as the receiver, would be checking.)

    Just my two cents.

    -sirket

  • by theLOUDroom (556455) on Tuesday July 29, 2003 @12:08AM (#6556738)
    It's amazing how many people are screaming:
    "There's no way spam costs $1/message"
    "It doesn't take me that long to hit the delete key."


    [sarcasm]What an amazing, informative analysis[/sarcasm]

    First off, they're probably figuring their cost as their take home pay. This is much too low.
    Say I was to make around $25/hr. That says nothing about all the other hidden costs/tradeoffs going on. I could be making that much, but the corp. I work for could be billing for my time at a rate of $1000/day. If they have a substantial backlog of contracts, they basically are loosing out on that much money if I don't work for a day.

    Now lets do some math. $1000/8hours = 125 dollars / hour * 1 hour / 60 min = $2.08 / minute

    Say it takes me 15 seconds to open up outlook, see the message, realize it's spam, delete it, and go back to what I was doing. That's $.52 right there.
    Then you have to add in other costs.
    How much did/does it cost to store that email? How much did it cost to download it (including the gifs)? How much of your IT staff's time is devoted to reducing spam, upgrading mailservers, deleting old mail, backing up mail, etc? Is that email you just got from Hamza Kalu just spam, or an event that should be reported to corporate security? (Some businesses do have to worry about fraud/industrial espionage via forged email.) How much time did you spend thinking about that? Five seconds? Ten?
    Is the spam clever enough to fool other, less tech savvy people? (I once recieved a fake email from BestBuy.com's fraud dept, the would be pretty convincing to someone who doesn't know much about conputers.) How much time do you spend warning them?

    Spam is costing businesses a significant amout of money. It may cost less for some and more for others, but it seems some people have no idea how quickly the dollar signs add up when you're running a business. I know I have a tough time wrapping my brain around it.
  • by SlimFastForYou (578183) <konsoleman AT yahoo DOT com> on Tuesday July 29, 2003 @02:42AM (#6557208) Journal
    I can say that spam does cost. Many calls I get have me spending time walking clueless people through the steps necessary to enable the server-side spam filter and the client-side mail rules.

    It doesn't end there, either. From what users are saying, it seems like spammers trade their mailing lists which cause users to recieve increasing amounts of spam. Some users complain that it takes too long to download the spam. I kindly remind them that not only does our mail server have to download the mail but also transmit the mail to them.

    Figure you are on a bit of mailing lists, and you receive 500K of spam per day (some messages are html with images). The ISP has to use 1000k (say a megabyte) for that user. Multiply that by 4,000 users, and you have 4 GB of data transfer. Think of it as a T1 simultaneously using maximum up and down bandwidth for almost THREE HOURS.

    That is not even mentioning the users who get on a billion mailing lists and never check their mail/delete their messages. Say (a conservative figure) 50 users got 500K of spam per day. That's almost 750 MB/month. 9 gigs of hard drive gone in the name of unread spam in a year. It all adds up folks.

    Screw the Do-Not-Call list, I would rather have had a Do-Not-Email list _first_. When an occasional telemarketer calls my home or my workplace, there is a ~30 second distraction. End of story. Nothing like a day of 20 minute phone calls walking users through setting up spam filters and explaining to them why they get so much spam. Although my job is a part-time one, I figure around $150 in labor is paid by both parties per day (the ISP and customers) to set up a *workaround* (which sometimes isn't enough for high-volume victims of spam).
  • by edunbar93 (141167) on Tuesday July 29, 2003 @03:33AM (#6557375)
    Take the cost of running a mail server. Hardware, upgrades, bandwidth, administration.

    Multiply by 40-60%. This is the noise part of the signal-noise ratio that is e-mail. I'm sure you get the picture.

    And that's if you don't even try to squelch the noise. Hardware and administration costs go up exponentially when you start diverting CPU time from sorting mail to filtering it.

    Oh, and don't forget the problem is getting worse - exponentially.

    It won't be long until 80-90% of the cost of running a mail server goes towards dealing with ads for things that would make the ACLU wish they hadn't fought the CDA. Now consider how much money Sprint spends on providing e-mail to their clients. And consider how Sprint would love to see 70-80% of that cost go away. I would imagine the next conservative administration would introduce legislation that would legalize the public flogging of spammers, just based on pressure from big business, nevermind the public.

If God had a beard, he'd be a UNIX programmer.

Working...