Amazon Bulk-Email Service Could Lure Spammers

snydeq writes "Amazon Simple Email Service and Amazon Web Services look to be a potent combination for businesses and developers, no matter which side of the law they're on, InfoWorld reports. The newly announced bulk email service, which will enable Amazon customers to send 100 emails for a penny, could prove enticing to those seeking a cheap way to bombard inboxes with spam, malware, and phishing lures. Amazon claims its in-house content filtering technology should assuage anyone thinking SES will be used by scammers. 'Those assurances aren't entirely heartening, though, unless Amazon is way ahead of the curve with content-filtering technology. Email services and software vendors have tried for years to keep spam and other unwanted messages from showing up in users' viewing pane, but the crud keeps slipping through.'"

Just don't you dare...

[colinnwn]

Amazon's content filtering may be on-par with the industry. But if any customer has the temerity to forward Wikileaks docs through their bulk email service, I bet we'll find out that their "spam" filter is better than we thought.

Amazon can terminate spam accounts

[arevos]

Those assurances aren't entirely heartening, though, unless Amazon is way ahead of the curve with content-filtering technology.

Amazon has the spammer's credit card details, knows where each email comes from, and can freeze or terminate accounts at the touch of a button (or via an algorithm). This gives it a considerable advantage over those that have to passively filter spam.

And in any case, spam filters are pretty damn good these days. I've had a public email address for going on 15 years, which used to get hundreds of spam emails every day. Now it's very rare for even one to slip past GMail's filter.

100 emails for a penny

[John Hasler]

Why would any spammer pay that much when they can rent a botnet?

Re:100 emails for a penny

[Anonymous Coward]

If they're using a stolen credit card, they don't have to worry much about payment.

Re:Sending emails is cheap

[icebraining]

Your post advocates a

( ) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if ph

Re:Spammers cannot afford $0.10 per 1000 emails

[tlhIngan]

The response rate for spam is very low (1 in 12.5 million according to http://www.techradar.com/news/computing/spammers-get-1-response-to-12-500-000-emails-483381?src=rss&attr=all [techradar.com]), so a spammer would have to pay 12.5M / 1K * $0.10 = $1,250 to get a response by paying Amazon to send emails. Multiple responses will be required to make a sale. If they can't make $1,250 of profit per response, they can't make money by using Amazon to send their spam.

Actually, that would be the business doing the spamming.

Amazon in this case is doing what spammers do - sells email services on a per-email basis. Most spammers get payment to spam N million people, and they don't really care if 99.9999% of them are filtered out by the time it's received - they've gotten their $100 or whatever they've charged. It's the business wanting the spamming service that has to make up the $100 on the remaining few.

That's why spammers make so much money - they just have to send email and not guarantee results. And the business that paid $100 to get $12 worth of business? Well, he may never hire a spammer again, but there's another business "genius" wanting marketing services at his door.

It's also why most spam is virus laden crap - that's far more profitable than trying to sell product.