-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 10 September 2004 10:33 pm, Ralf Doeblitz wrote:
IBTD. He raises a valid point. In theory, raising the cost of spam will
make spamming economically unattractive. OK. But this will only work if
the cost is raised hig enough, so that the increase in cost that we
induce is larger than the increase in profit and/or the decrease in cost
for e.g. connectivity or traffic.
Forcing spammers to register more throw-away domains may be fine. But if
they can get them for a cent apiece they will hardly notice it.
This is another misconception in the spam community.
We don't have to raise the cost of spamming to infinity. We don't even have
to raise the cost to a very large number. We only have to raise the cost a
*little bit* to stop spam forever.
Why do I say this? I say this because already today spamming is generally
unprofitable. Only very few people are able to make any money spamming, and
they are only able to make somewhere around $40k a year doing it full time.
If we do raise the total cost to just one tenth of a penny per spam, that
is going to add up to *millions of dollars* of increased costs to the
spammers. That will go directly against their $40k net profit, putting them
all into the red, by several million dollars.
If we use your number of 1 penny per spam, then that is tens of millions of
dollars. Even that small of an increase would virtually guarantee that the
spam industry would collapse almost immediately and permanently. I don't
believe we can do anything that would raise the cost of spam by that much,
but 1/10 of a penny is much more likely.
*No one* will be able to send spam after SPF / reputation / accreditation is
implementd because it won't be worth it. It will be the equivalent to
spending $100 to get $1 in revenue. No sane person, nobody with any
acquired capital (because only people that can make a profit have capital
in our capitalistic free market society), will ever be able to do it or
would choose to do so, unless they had a brain seizure that cause them to
make consistently wrong decisions.
Now, I can argue with you that because the rate of spam is increasing, it is
a sign that the cost of spam *is* increasing. In other words, this is the
final effort to turn a profit before the business is shut down for good.
The increase in spam is caused by spammers trying to turn their pathetic
profits into something that is justifiable. They are increasing the scale
of their operation. Their thinking goes, "I send X spam right now and make
$40k. If I double that to 2*X, then I should make $80k, and that would
justify my time doing it." What they don't realize is the negative effect
that they are inducing by their own actions. of course, these people have
always been short-sighted, and it is their ultimate doom.
I think you can find a parallel in other businesses. When businesses do
something drastic or even seemingly stupid, it is because they are in deep
trouble and are making a final effort to stay alive. You can expand this to
what armies and nations do in times of trouble, but let's leave politics
out of this.
The biggest single piece of evidence of their short-sightedness is the fact
that they are publishing SPF records at a disproportionate rate. Why would
spammers want to show themselves? It makes no sense. If I were committing
criminal acts, I would try to hide any piece of evidence that could connect
myself to the crime. Instead, these spammers are now leaving trails that
previously law enforcement could not follow. It's like a bank robber taking
off his gloves and touching everything intentionally, or a murderer
plucking hair from their head and putting it near the murdered victim.
So my thesis is as follows.
We have to increase the cost of spam by a little bit to stop spamming
altogether. Spammers are shortsighted. So they are increasing the rate of
spam because their profits are decreasing. They are also leaving additonal
evidence for law enforcement in a bid to turn a good profit. They are
already nearly bankrupt.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBRfz+BFeYcclU5Q0RAt0sAJ90Gvsj/ApFZ1zpvvvAacroM9DUOgCfT6wf
0rs0TiyGf34EOYqQeWAyDuw=
=rLe6
-----END PGP SIGNATURE-----