On Thu, 12 Feb 2004, Dan Kolis wrote:
Further, any cost increase in email that is less than the cost of bulk
postal mail will not deter genuine spammers. But even the regular user
would feel the crunch if each email cost $0.37. If the IETF had to pay
$0.37 per email, or even $0.15 per email, its 2 million/yr or so budget
would not cover its email costs, and your draft would not be published.
Dan says:
Well, I have never gotten an unsolicited paper item for Viagra, but have
gotten hundreds of electronic ones. There is a distinction between
unsolicited communications, direct marketing, and spam. Its subtle and
creates (in the US) first amendment rights issues that are non-trivial.
But, 100M email mass solicitation at $0.001 each is $100K, which is a medium
good houseworth of dollar value here. I think it would annihlate the worst
of mass spam.
It won't cost $0.001 in additional marginal cost to send a spam message
even if every bit of the proposal is implemented. Assume 2K keys per
user, that is 200 GB of (reusable) hard storage required for the
database. Assume 1000 messages can be encrypted per second, delivered
to the MTA, and pumped onto the net (a very reasonable estimate and in
any event not bottlenecked by the DB lookup or encryption step,
especially given that both can be parallelized).
That is 86,400,000 messages PER DAY (just under your 100M
specification), using roughly 1 MB/sec total bandwidth on an internet
connection 24x7 during that time. Obviously if we tweak things a tiny
bit which we easily can, we could send 100M messages/day without
breaking a sweat from a single computer IF the MTA itself is capable of
it in the first place, so let's use this as a round number.
Let's BUY the MTA server and two encryption nodes whose only job is to
ensure that the MTA queue never runs dry, each equipped with 600 GB in
RAID3. Let's see, that would be, hmm, less than $10K if one got gold
plated parts, less than $4K at my local OTC no-name computer store.
Let's amortize all costs over a year. The $10K hardware cost is then a
measley $30/day.
Let's prepay for high bandwidth access to the network at exorbitant
rates, maybe $2000/month. That works out to maybe $70/day (note that
I'm being deliberately absurd in my estimates). However, note that this
cost is the SAME before and after the proposed encryption step is added
-- the cost of sending 100 GB of data out on the wire is independent of
whether or not the data is encrypted and might even be LESS because
messages are typically compressed before being encrypted and can be
smaller encrypted than in plaintext.
Forget the fact that the MARGINAL cost of encryption is thus $30/day, or
an even smaller $10/day if we assume the hardware will last three eyars.
Even at $100 cost / 100M messages = 1x10^{-6} dollars per message. One
ten-thousdandth of a cent. And this estimate is probably high by a
factor of ten over real costs, especially if the spammer is effectively
stealing the resource via a virus in which case the real cost could be
"nothing" -- to the spammer. It costs the spammer more in HUMAN TIME
setting up the messages, billing for returns, and managing the systems
than it does to do ANY AMOUNT of automated mail processing, with or
without encryption. Hardware is cheap and easily augmented if there is
any marginal benefit in doing so.
Note that NO REASONABLE SCALING of the work done to encrypt a message
will yield significant costs to the spammer before they do immense
amounts of damage in rising costs (especially HUMAN costs) elsewhere on
the Internet. Suppose it takes a whopping 0.1 seconds to encrypt a 1K
message (it doesn't, not even close). Fine, I could design a cheap-ass
100 node beowulf cluster that would cost, oh, $35K to feed the MTA its
requisite 1000 mps. This bumps my per-message cost by another $100/day,
so it now costs me TWO ten-thousands of a cent to send a message. I
don't think spammers work at such a low marginal profit that the extra
$100 in daily costs will phase them.
I think whoever thought up the idea should be identified as a pretty sharp
cookie. Its just slices through so many thorny issues with few downsides.
I think that whoever thought the idea up needs to do some concrete
arithmetic and some actual measurements and consider the cost-benefit.
Huge administrative costs to implement across the entire internet. Huge
inconvenience. Huge administrative costs passed back to the consumer.
All to AT MOST double the marginal cost per message to the spammer, who
makes a lucrative living because the marginal cost per message is so low
that doubling it, or even multiplying it by tenfold, is STILL almost
invisible to him or her.
Alas, the costs are not so low to the people the measure is intended to
protect. The big cost to people who manage lists (or send any kind of
mail by hand) is going to be HUMAN -- administrative. It is a PITA to
manage lists now -- addresses go bad, spammers try to sneak onto a list
to feed their address collection agents, a virus or spambot gets
inserted onto a legitimate list-member's system and makes it through a
whitelist so everybody gets hammered until the administrator shuts him
down. This work burden will only increase manifold when in addition to
managing email addresses, one has to manage keys as well. A user's key
is compromised. A database with several entities in it has to be kept
consistent and clean. Resources are diverted. Debugging a failing
email connection becomes a work of art because the traffic looks like
garbage anyway, you don't control the user's keys or decryption agents,
and there are multiple points where corruption or protocol failure can
occur. As a SERIOUS email user, I don't want to even think about
the hassle of having to manage keys for both myself and all the people
and lists I communicate with. As a nearly twenty year sysadmin, I also
don't want to imagine trying to train users and support users with all
the headaches mandated use of public key/private keys would create.
SPAM is undeniably evil, but the place to add costs is at the ISP level
and the PoP level. Acceptable use agreements with sharp nasty teeth and
anti-spam legislation that hits spammers AND the networks that
tolerate/enable their activities AND the actual vendors that are selling
the products being spammed with big fines have a far better chance of
having a favorable impact on SPAM than any number of arcane and
expensive countermeasures at the level of the mailer itself.
I was pleased to note that one of the group of SPAMmers who was recently
run to ground in North Carolina has just gone to trial today. This is
what I expect to be at least part of a real solution -- hit him with a
$1M fine and park his butt in jail for a year or three, and publish it
loudly that you've done so. Then hit the next one, and the next one.
Eventually spammers will have to add the amortized risk of getting fined
into financial ruin and put in jail with a bunch of relatively decent
rapists and murderers and cellmate molesters to their inevitably trivial
dollar cost per message. Make this a REAL risk and a VISIBLE risk, and
wildcat spamming will stop, at least in this country.
Legislation CAN be effective. The new do-not call list has worked
absolute wonders for me. Note that PHONE spam was never free -- it
costs anywhere from $0.10 to $1 per call. Yet three months ago I would
get hit a half-dozen times per day or more. Caller ID was all but
useless, as few phonespammers used listed numbers or else they used
blocks. The DNC list plus the promise of fines or worse, and I now get
phone-spammed once every few weeks, usually by somebody that apologizes
profusely and babbles about removing my name from their list once I
point out that I'm on the DNC list. After all, they can't sell to me
without telling me who they are, and that's all I need to have them
fined or worse.
rgb
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525
email:rgb(_at_)phy(_dot_)duke(_dot_)edu