1997-06-05 - Responses to “Spam costs and questions” (long)

Header Data

From: Declan McCullagh <declan@well.com>
To: cypherpunks@toad.com
Message Hash: 1df228ffbb080329710c34a1c8a051208d8c97423a69a3c68471d2b70d25a988
Message ID: <Pine.GSO.3.95.970605132008.27292F-100000@well.com>
Reply To: N/A
UTC Datetime: 1997-06-05 20:21:38 UTC
Raw Date: Thu, 5 Jun 1997 13:21:38 -0700 (PDT)

Raw message

From: Declan McCullagh <declan@well.com>
Date: Thu, 5 Jun 1997 13:21:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Responses to "Spam costs and questions" (long)
Message-ID: <Pine.GSO.3.95.970605132008.27292F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Yesterday I forwarded questions about spam from a friend who was speaking
before the FTC next week. Here are most of the replies I received, which
I've attached below. Some may have appeared here already.

From: glee harrah cady <glee@netcom.com>
From: Wei Dai <weidai@eskimo.com>
From: Stanton McCandlish <mech@eff.org>
From: Robert Moskowitz <rgm3@chrysler.com>
From: "Halpert, James - DC" <jhalpert@pipermar.com>
From: Azeem Azhar <aja@economist.com>
From: Mark Grant <mark@unicorn.com>
From: Charlie Stross <charlie@public.antipope.org>
From: Bill Frantz <frantz@netcom.com>
From: "Shabbir J. Safdar" <shabbir@vtw.org>
From: djones@insight.dcss.McMaster.CA (David Jones)
From: wyang@ktel.osc.edu
From: clinton@annoy.com (Clinton at Annoy)
From: Eric Murray <ericm@lne.com>
From: Ray Everett-Church <ray@everett.org>
From: Chris Poupart <jyhad@odyssee.net>
From: "Marius  Loots" <MLOOTS@medic.up.ac.za>
From: Roger Bohn <Rbohn@UCSD.edu>

-Declan


***********

Date: Wed, 4 Jun 1997 15:26:33 -0700 (PDT)
From: glee harrah cady <glee@netcom.com>
To: Declan McCullagh <declan@well.com>

A large amount of real costs are principally being borne not by the
individual recipient but by the networks that are being abused in the
process, which costs the users of the networks involved.  Lots of spammers
are not using "their own" networks to send out the spam, but using the
open nature of the Internet to relay the messages off the mail servers of
networks throughout the world.  One really egregious instance of which
I've been told is that someone used a mailserver in New Zealand as a relay
for a large spam.  I've heard that data charges in New Zealand are for
info in AND out, the provider had to pay for the privilege.  SInce this
was a third-hand story, I can't cite you chapter and verse -- wish I
could.  When lots of spam hits a single network, email processing for all
customers, whether or not they are recipients of that particular spam, is
slowed.  Lots of networks have this problem.  Unlike email systems that
stored one copy of an email, regardless of the number of recipients, the
systems we're using on the Internet today send real physical bits for each
message that take up space on mail queues.  This, too, inhibits email of
all involved.  Then, folks have to deal with the fact that the spam is on
their network: tech support folks are paid to answer queries about it,
sysadmins are paid to toss it out (in cases where it hits large intranets
-- one company local to here has two sysadmins that do nothing but get rid
of spam coming into their local net) or to manage the disk space required
to store the stuff. 

Smaller providers are getting killed with the stuff.  

The reason that many of us provider-types find more to like the Torricelli
approach is that it goes after the deceptive practices that make it harder
for us all to trace the sources of the spam: the hiding behind false or
not accurate domain names; the hiding of the actual email address of the
spammer; the harvesting of names and addresses from the open directories
of whitepage services or of online providers, etc.  This approach, we
think will be more effective at getting to the root of the problem than
labelling speech.  After all, it's not only commercial speech that is
being sent as spam and it's not responsible marketers who are doing it
either. 

I'm not sure that legislation is actually needed to address the problem.  
I could make an argument that said that the deceptive practices that are 
making it difficult to go after the spammers actually fall into the 
purview of the FTC.  I am concerned that we don't legislate something 
that we'll really be sorry about later.

As usual, summarizing a complex and difficult policy and operational 
issue in one short email probably causes problems, too.  I hope I've not 
left out anything, but probably I did.  Ask if what I've said isn't 
clear.
:-) 
  ____________________________
	glee harrah cady        Manager, Public Policy, NETCOM
   	+1.408.881.3227	     1.800.NETCOM-1	  glee@netcom.com 
           co-author, _Mastering the Internet_, Sybex, 1995 & 1996

*********

Date: Wed, 4 Jun 1997 23:39:28 -0700 (PDT)
From: Wei Dai <weidai@eskimo.com>
To: Declan McCullagh <declan@well.com>

Here's a cost that's seldomly counted: the occasionally useful spam that
we delete without reading because most spam are simply garbage.

I would argue that any spam protection system that does not allow useful
spam to get through is flawed.

*********

From: Stanton McCandlish <mech@eff.org>
To: declan@well.com
Date: Wed, 4 Jun 1997 16:22:12 -0700 (PDT)
Cc: fight-censorship-announce@vorlon.mit.edu,
        mech@eff.org (Stanton McCandlish)

Feel free to send this to FC, etc.

This response does not constitute and official EFF position, but I believe
it acurately reflects thinking here that will become EFF position shortly.

Declan McCullagh typed:
> 
> A friend who's going to be on one of the FTC panels next week sent me a
> few questions about spam. Does anyone want to try their hand at answering
> them? I'll forward along all responses I get. 
> 
> 	What are the costs to consumers of
> 	unsolicited e-mail?  I guess the time it
> 	takes to delete it might be one, hard
> 	drive space might be another.  I would

ALL/MULTIPLE USERS

* cost of storage (ISP, user or both, depending on mail system) in disk
  space and memory (remember it takes RAM to load a mailbox into any 
  modern email program).
* severe degradation and sometimes destruction of forums as they are
  over-run by spammage.
* reputational harm and loss of all usefulness of Internet account (after
  being subject to a spammer's header forgery listing the innocent victim
  as the sender, who then receives all the hatemail the spamming
  generates).


INDIVIDUAL END USER ADDITIONAL COSTS

* time to read/examine
* time to delete
* time to filter
* time to unsubscribe, complain, or otherwise respond
* increased ISP/online service subscription fees as provider costs are
  passed on to customers.
* per byte, per minute or per message costs from ISP (not all users)
* per minute costs from phone or other conduit provider (not all
  users)

CORPORATE END USER ADDITIONAL COSTS

* lost productivity due to time sinks mentioned above, frustration,
  etc.
* missed opportunities, deadlines, etc., due to too much mail to sort
  thru resulting in important messages being missed. Major potential for
  corporate lossage here.

CORPORATE ADMINISTRATOR ADDL. COSTS

* time (often quite a lot) filtering dependent users' mail, blocking
  spamming sites, contending with filled up disks, and other wastes of
  stafftime due to spamming.

ISP/ONLINE SERVICE ADDL. COSTS

* Help desk and admins' time filtering/blocking by customer request (not
  all sites do this)
* Help desk and admins' time filtering/blocking by necessity to prevent
  exceedingly abusive spammers sucking up all available disk space 
* admins' time in cleanup after one of their users engages is spamming or
  is perceived to have done so due to forged headers, and 1000s of angry
  victims send in complaints, threats, etc.
* company's losses in market share and reputation after one of their users
  engages is spamming or is perceived to have done so due to forged
  headers 
* admins' time in cleanup after one of their users engages is
  spamming or is perceived to have done so due to forged headers, and 10s
  or more of angry victims become vigilantes, and hack the provider, SYN
  flood them, send them crippling emailbombs, etc.
* company's losses in mkt. share and reputation after their service slows,
  crashes or otherwise is negatively affected by such attacks.
* company's liability when other subscribers sue for breach of contract,
  for return of subscription fees, etc., due to such outtages or
  degradation of service
* CEO & legal staff time researching if any recourse is available.
* increased connectivity costs as 56K, T1, etc. high-speed connections are
  not fast enough to keep up with all the spam (e.g. it is currently
  physically impossible to carry a full "Big 8" and alt Usenet feed with
  only a T1 connection [verify with a major ISP if in doubt], largely due
  to the amount of spamming in the alt groups.
* increased staffing costs as more people have to be hired or consulted to
  deal with the problems caused by spammers.

Please feel free to send suggestions for addtions to this list, which I've
made for other purposes than answering Declan's query.


Remember that TIME = MONEY and RESOURCES = MONEY in all above
formulations.


> 	like to know how to quantify it, and



> 	compare it with the cost of sending
> 	e-mail.

It costs roughly $20 for Net access[*], plus the cost of a
spamming-targeted mailing list ($50?) to send multiple millions of
messages. 

[Actually this is not really true - unless AOL has changed the
capabilities of its trial accounts, it actaully costs NOTHING to set up a
temporary account that is capable of massive spammage. Worse yet, the
technology to MAKE massive email lists is trivially available and/or
creatable, so one does not even have to buy such a list.  ZERO cost at
all.)
 
> 	If you banned commercial e-mail,
> 	wouldn't it just affect legitimate
> 	commercial transactions?  That is to say,
> 	wouldn't fly-by-night pyramid-scheme
> 	builders still be able to spam?  I would
> 	think that if they are so untraceable
> 	that it's hard to block their spam that
> 	it wouldn't really matter if it were
> 	simply made illegal.

Certainly. There are many other problems:

1) Any ban is going to be very difficult to write in a way that will
survive constitutional scrutiny.

2) Banning all commercial email is obvioulys stupid and unconstitutional -
I have a First Amendment right to receive commercial messages if I want
to.

3) Banning all unsolicited email is obviously stupid and unconstitutional
- I have a First Amendment right right to tell IBM that I like their web
page, even if they didn't ask me for my comments.

4) Banning all commercial unsolicited email is obviously stupid and
arguably unconstitutional.  I probably have a right to send you a message
offering my product if something in an email or a post or web page by you
indicated you might be interested in what I'm offering. Additionally, such
a ban does not speak to the issue - commerciality is not the problem.
Religious and political rants are, to most people, an even more offensive
form of spamming that advertisements are.

5) Despite the optimism of some, no local (i.e. national) law will ever
stop spam, it will simply move spammers off-shore.  That fewer
respondents will buy, due to distrust of foreign merchants, is irrelevant
- the spamming business model is successful if only 1 out of a million
people makes a purchase, because there are essentially no costs.

6) All such bans attack content. This makes them presumptively
unconstitutional right from the start. The issue of spamming cannot be 
solved with a ban.  Spamming as a problem is divisible into TWO problems:

a) Theft, abuse or usurpation of resources owned by specific parties (i.e.
ISP connectivity, staff time, etc., and your productivity), or owned by
everyone (tragedy of the commons).  This is a matter of the right to not
be forced to bear the costs of another's expression (a component of the
right to freedom of speech and press), with shades of the right to use
public resources (i.e. offline if some bully, every time you try to go a
public park, blocks your entrance into the park, you can get an injunction
against this person. Hard to map this kind of thing to the offline world
though, on legal grounds even if the ethics of the situation are plain as
day.)

b) Violation of the recipient's right to be left alone (a component of the
right to privacy) and right to not be forced to read another's expression
(a component of the right to free speech and press).  Spammers love to
contort this last into another *almost* opposite right - the right to
speak freekly in public even if it offends someone. They avoid the issue
of not having a right to do this in private spaces, and not having a right
to force others to bear their costs even for public expression.

Anyway, the privacy and freedom to not read issues seem to apply
principally if not only to private email, while the arguments in point a)
seem to apply to private mail, and forums (mailing lists, newsgroups).

These two problems require different solutions (and probably in fact both
require combinations of several different solutions, ranging from class
action suits to fraud prosecution to better filters to increased system
security to prevent forgery to tighter users contract to "don't route
spamming ISP's traffic" agreements between ISPs and NSPs, etc., etc.)

EFF is forming a working group to try to size up the various options and
possible solutions and see which ones are viable, which ones are best for
rights and for the Internet, which are expedient but would harm the public
interest, which are unconstitutional or otherwise bad, and so on.

We also have to look at this beyond the here-and-now. What about ISPs that
in the fine print say they sell their entire user base's contact info to
e-marketers? What about the use of "push" technology for spam-like
purposes? What about a MoU between all backbones and major NSPs to simply
drop service to any "spammer haven" ISP?  What about calls for direct
regulation by the FTC or FCC? Or by a UN body?  Many proposals are flying,
many problems envisioned (and some being missed by most), and many people
are getting increasingly hysterical about this so we need to find
some solutions quickly. None of the legislation produced so far does
anything but cause more damage.

--
Stanton McCandlish                                           mech@eff.org
Electronic Frontier Foundation                           Program Director
http://www.eff.org/~mech    +1 415 436 9333 x105 (v), +1 415 436 9333 (f)
Are YOU an EFF member?                            http://www.eff.org/join


*********

Date: Thu, 05 Jun 1997 06:52:36 -0400
To: declan@relay.pathfinder.com,
From: Robert Moskowitz <rgm3@chrysler.com>

Morning Declan.

In today's Internet charging scheme, there are two costs to the Internet
consumer: Time to retrieve mail, and time to process scams.  The first will
fade as higher bandwidth solutions come into play.  The later may never
fade.  Most users are not email savy, even if their email software is.
People do dumb things like post to USENET groups and then get on the big
spam lists, further increasing their mail filtering efforts.

But let's put this into perspective.  Today, I might send 5 - 10 minutes
everyday, sorting through my USMail.  Now I am a good recycler, and I open
everyone and put all of the papers into the proper bins; some days this can
take me 20 minutes.

Despite my Eudora Pro filters that color flag suspected spams (I don't
delete them, the filters might be in error) for easy delete, I have dozens
of emails among my hunderds of messages to read before trashing.  Maybe 5 -
10 minutes a day.

I really do not think spam is all that bad unless....

What I have discovered is that recreational email, ie use of USENET and
recreational LISTSERVs is the way that people get on spam lists.  Us
techies thus may have a very low spam to message ratio.  But poor johnQpub,
naively posts to alt.rec.sailboats and then gets 100 spams a day
semi-related to sailing (Sherri would LOVE to go sailing with you...).

Interestingly, the answer to spam is NOT filters to block it, but filters
to move ligitamate mail into folders for processing and leave your IN box
for quick scan/trashing.  Thus the cost of spam to the user is education
and GOOD (read not free) email software.

Now the cost to mail handlers is different, but they can and should fight
back.  Look at the lawsuit by flowers.com.  Tracy and her husband run a
small time operation.  The spam that used their domain name as the reply-to
cost them time and business.  They are going after the kid.  This is
costing them, but it will get them on a list of 'do not spam' sights, we hope.



Robert Moskowitz
Chrysler Corporation
(810) 758-8212

*********

From: "Halpert, James - DC" <jhalpert@pipermar.com>
Date: Wed, 04 Jun 97 17:00:00 DST


Declan,


Very high volume spam can and does burden service providers'
systems.  Remember the cost of sending a million or so e-mails
is very low, but engineering a network to handle, say, 200,000
improperly addressed e-mails that collect on a service provider's
mail server costs a good deal more.  Herein lies an economic
problem.

This is not to say that the Constitution shouldn't be sacrificed on
the altar of an economic problem, but the concern about high volume
spam should not be dismissed as trivial.

                         -- Jim Halpert


*********


Date: Thu, 5 Jun 1997 00:10:54 +0100
To: declan@well.com
From: Azeem Azhar <aja@economist.com>


Declan,

Here are a variety of costs:
1. phone costs (non-us)
2. traffic costs (if you are one of the customers on metered useage that
e.g. UUnet and BBNplanet offer)
3. hard-drive costs (my mac crashed a few weeks ago losing data in another
application because an incoming e-mail took up my last bit of drive space.
technically myu fault, i know, but a cost nonetheless.)
4. my time (to write and check anti-spam filters. it took me over an hour
to construct a good system in eudora. my charge out rate is GBP100 an hour,
minimum 8 hours.)
5. CPU time on mail-relays on the way. e-mail *does* impose a measurable
load on an SMTP host.


Azeem

Azeem Azhar                     vx: +44 171 830 7133
The Economist      		fx: +44 171 681 1358
25 St James Street              e-mail: aja@economist.com
London SW1A 1HG                 www: http://www.economist.com/

Disclaimer: The views expressed in this email do not necessarily represent
those of my employer.

*********

Date: Thu, 5 Jun 1997 02:43:02 -0700 (PDT)
From: Mark Grant <mark@unicorn.com>
To: declan@well.com


> What are the costs to consumers of unsolicited e-mail? 

Up to 150k of disk space, up to about 50 seconds of connect time for those
who download it by modem (assuming 28.8k), a few seconds of time to delete
it or a few minutes to send complaint mail back to their ISP.

Worse is the indirect cost to consumers through the hassle it causes to
their ISPs. They need faster links and more powerful mail servers to
process the extra unwanted data and take time to install filters and deal
with spammers. I've already had one spammer send out mail with a false
unicorn.com return address which took a day of my time to sort out.

>If you banned commercial e-mail, wouldn't it just affect legitimate
>commercial transactions?

Of course. Banning it is dumb and will cause all sorts of unexpected
problems. A few class-action suits should eliminate most of them.

	Mark
	(postmaster@unicorn.com)

*********

Date: Thu, 5 Jun 1997 11:02:49 +0100 (BST)
From: Charlie Stross <charlie@public.antipope.org>
To: Declan McCullagh <declan@well.com>


On Wed, 4 Jun 1997, Declan McCullagh wrote:

> 	What are the costs to consumers of
> 	unsolicited e-mail?  I guess the time it
> 	takes to delete it might be one, hard
> 	drive space might be another.  

Those are minimal.

Here in the UK, there are NO free local phone calls (unless you're lucky
enough to live in Hull, or have a cableco who want to let you yack to your
neighbours - it's a long and boring story). Furthermore, if you receive
email via SMTP or UUCP (rather than via a mailbox reader protocol like
POP3 or whatever) you can't filter the junk out before it reaches you.
Thus, receiving spam costs money, in terms of dialup connect time.
Moreover, some spammers use really poor, munged, address lists; I've
seen 100Kb mails (a couple of minutes of download time on an old 14.4K
modem, which is what many people still use) with maybe a 1K payload at
the end of the headers.

Given that I've got three or four users on my dialup site, and we get
an average of 5 UCEs/person/day, it's probably costing us 5-15 pence/day
extra on the phone bill. Not significant for _one_ site, but if you
multiply by two million (est. number of UK internet users) you get 
a plague that's costing about 20 million UK pounds/year -- to the 
unwilling victims.

This is before you factor in the online services like Compuserve or CIX
that charge per unit connect time, or charge for mail received from the
internet.

The real victims, though, are the people whose addresses the spammers bung
in the Reply-to: fields, so that they get mailbombed by indignant
recipients. 


-- Charlie Stross

*********

Date: Wed, 4 Jun 1997 23:17:10 -0700
To: Declan McCullagh <declan@well.com>, cypherpunks@toad.com
From: Bill Frantz <frantz@netcom.com>


At 12:45 PM -0700 6/4/97, Declan McCullagh asked:
>	What are the costs to consumers of
>	unsolicited e-mail?  I guess the time it
>	takes to delete it might be one, hard
>	drive space might be another.  I would
>	like to know how to quantify it, and
>	compare it with the cost of sending
>	e-mail.

I don't think the costs of the 1-3 spam messages I get each day is
significant.  (But I don't post to Usenet.)


>	If you banned commercial e-mail,
>	wouldn't it just affect legitimate
>	commercial transactions?  That is to say,
>	wouldn't fly-by-night pyramid-scheme
>	builders still be able to spam?  I would
>	think that if they are so untraceable
>	that it's hard to block their spam that
>	it wouldn't really matter if it were
>	simply made illegal.

Can you say regulatory arbitrage?  The current social controls on spam are
good enough that no one with any positive reputation wants to have anything
to do with it.  This means that spammers have to use anonymous offshore
answering services.  The widespread hatred of spam and spammers should keep
the total amount under control without the legal action and in spite of the
very low cost of spamming.

The recent problems Spamford has been having with denial of service attacks
is just one example of the social control process.  The flood of hostile
email spammers who include real email addresses receive are another.
Legitimate commercial email does not evoke these strong reactions.


-------------------------------------------------------------------------
Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA

*********

Date: Wed, 4 Jun 1997 16:15:27 -0400
To: Declan McCullagh <declan@well.com>, fight-censorship@vorlon.mit.edu
From: "Shabbir J. Safdar" <shabbir@vtw.org>


The combined EF-Florida/EFF-Austin/VTW filings for the FTC workshop will
contain an exhaustive examination of the costs associated with junk email
and the technology paradigms for addressing it.

It's a technology paper, and doesn't take any particular political agenda.

-S

*********

Date: Wed, 4 Jun 97 16:11:58 EDT
From: djones@insight.dcss.McMaster.CA (David Jones)


> 	What are the costs to consumers of
> 	unsolicited e-mail?  I guess the time it
> 	takes to delete it might be one, hard
> 	drive space might be another.  I would
> 	like to know how to quantify it, and
> 	compare it with the cost of sending
> 	e-mail.

To many people, the cost of spam is simply the time and tedium wasted
deleted unwanted messages.  Pretty minimal.  A burdensome set of
regulatory restrictions would also be an annoyance as people waste time
and effory making sure reasonable email correspondence "complies"
with the new rules.

To some users of certain online services, they must pay for
email messages or disk space and must pay for connect time.
In these cases, there is a real and measurable monetary cost
of spam.  I'm sorry, I can't quantify that for you.

At the organizational level, some companies may pay for 
Internet traffic bandwidth.  If a significant fraction of
the traffic is wasted on spam (actually I *really* doubt this is the case)
then it could be calculated.


> 	If you banned commercial e-mail,
> 	wouldn't it just affect legitimate
> 	commercial transactions?  That is to say,
> 	wouldn't fly-by-night pyramid-scheme
> 	builders still be able to spam?  I would
> 	think that if they are so untraceable
> 	that it's hard to block their spam that
> 	it wouldn't really matter if it were
> 	simply made illegal.

Hang on.  A true "pyramid scheme" requires the victims to
send money to the folks operating the scheme.  Therefore, they
can't be entirely anonymous ... or they'd never be able to cash in!

Banning "commercial email" is just nuts.  Should we also
ban "business-related email" ?  Or "advertising email" ?
.... or what about "political advertising on the Net" ??

The Canadian government just made the front page of HotWired's
online magazine for being foolish enough to ban certain political
advertisements on the Net.  Surely the U.S. won't make the same mistake.

-- David Jones, PhD
president, Electronic Frontier Canada -- djones@efc.ca

*********

Date: Wed, 4 Jun 1997 18:15:59 -0400 (EDT)
From: wyang@ktel.osc.edu
To: declan@well.com


Hi.

I run a Free-Net -- a community outreach project of the Ohio State
University and the Ohio Supercomputer Center, which gives free access
to anyone who lives in our service area (we're serving about 20,000
people right now -- I understand that, in our service area, Compuserve
only has about 12,000 customers).

I don't read the censorship fighting list, but someone who does
forwarded me your message.

I don't know about user costs... but I do know about network-level
(provider-level) costs.  Disk space is only PART of the computational
problem.  There's also the swallowing of network bandwidth, and the
drain on compute resources (CPU/RAM).

My site normally carries about 25,000 unique message ID's per day.
Our estimates (these are eyeball numbers, not based on hard-and-fast
numbers) make it look as though 10% to 20% of those messages are spam.
That's ten to twenty percent of our e-mail operation cost being
immediately put toward spam.  Beyond that, our users complain about
spam.  A lot.  Right now, about an hour of my time every day is spent
dealing with spam complaints (about other sites spamming us, mind).
That's 1/8th of my work time, with a massive opportunity cost (as well
as a real cost).  The other staff members are *also* getting similar
time drains.  We currently estimate that between $500 and $2000 per
month is completely lost to spammers -- funds redirected away from our
community outreach/service mission, SUBSIDIZING COMMERCIAL OPERATIONS
which generally do not enrich our community.  That monthly cost is
being drained out of a very small ($150k - $200k per year) project
budget which is only getting smaller because people only donate to our
donation-driven budget when they like what's going on, and they don't
like spam.

You might try to call it the cost of doing business... except for the
fact that I'm not a normal network carrier.  I'm a Free-Net, one of
those community-minded sites that's trying to make sure that access to
the informational wealth on the Internet is available at price that
everyone can afford (free).  Universal access is being threatened by
this kind of activity, which has a massive user-level costs and
implications.  Most Free-Nets are incapable of handling the constant
barrage of spam, and the complaints they generate.


> 	If you banned commercial e-mail,
> 	wouldn't it just affect legitimate
> 	commercial transactions?  That is to say,
> 	wouldn't fly-by-night pyramid-scheme
> 	builders still be able to spam?  I would
> 	think that if they are so untraceable
> 	that it's hard to block their spam that
> 	it wouldn't really matter if it were
> 	simply made illegal.

Everything can be traced on the 'net.  The question is what the cost
of tracing it is going to be.

You need to remember that there's virtually NO cost associated with
*sending* spam.  ISP connectivity costs, maybe bandwidth metering for
a couple of messages.

Those messages, however, can be expanded (1:1,000,000 kinds of ratios
are potentially possible; one message can theoretically generate a
MILLION spam messages; in practice, I've seen 1:10,000 ratios).  The
networks that carry the traffic are taking that computational and
network-bandwidth cost.  And they get hit by complaints from their
users.

I recognize that no matter what the law is going to do, you're not
going to *stop* spam.  The issue is to reduce the volume of spam
enough to make sure that the cost is reduced to acceptable and
absorbable cost-levels.  That may mean making spamming tools such as
"e-mail blaster" criminal tools.

Free speech is great... but it's only free when it's not invasive into
the rights of others.  Spam *is* invasive, and there are clear,
acceptable, and frankly more effective alternative methods for
communicating commercial messages.

	-Bill

System Manager, Lead System Administrator
The Greater Columbus Free-Net

********

From: clinton@annoy.com (Clinton at Annoy)
To: "'declan@well.com'" <declan@well.com>

It is vital to distinguish between "unsolicited email" and "spam".

Spam is essentially considered mass e-mailing for commercial purposes,
(usually such as the selling of a product or service).

If "unsolicited e-mail" is rendered illegal, what will happen to someone who
mistakenly sends an email to the wrong address? It's like prosecuting 
someone for dialing the wrong number.

What about a deliberately targeted, but unsolicited email that is crafted to express 
displeasure to a politician, for instance? To be potentially prosecuted on such a basis 
could (and will) place a severe chill on the rights of people to communicate freely 
with elected officials - the cornerstone of democracy.

A protocol to deal with spamming is by no means unwelcome, but to confuse it with unsolicited 
email is potentially very dangerous. Especially with a government so intent on censoring the 
free flow of information and thought. Perhaps the first place to start would be to clearly
define spam.

Clinton Fein
Publisher and Editor
annoy.com

*************

From: Eric Murray <ericm@lne.com>
Subject: Re: Spam costs and questions
To: declan@well.com
Date: Wed, 4 Jun 1997 14:09:42 -0700 (PDT)

Declan McCullagh writes:
> 
> A friend who's going to be speaking on one of the FTC panels next week
> sent me a few questions about spam. Does anyone want to try their hand at
> answering them? I'll forward along all responses I get.
> 
> 	What are the costs to consumers of
> 	unsolicited e-mail?  I guess the time it
> 	takes to delete it might be one, hard
> 	drive space might be another.  I would
> 	like to know how to quantify it, and
> 	compare it with the cost of sending
> 	e-mail.

Also there's the cost of network transport of spam, both from
the spammer's host to the recipient's ISP, and from the ISP
to the recipients PC.  The last is often the worst, as it eats up
time the victim could be using to do something productive.

In addition, most spam is bounced through an innocent third party
who has a good network connection, like a university.
Sending out a lot of spam takes much bandwidth, so the spammer
steals the bandwidth and processing power from the innocent third party.

> 	If you banned commercial e-mail,
> 	wouldn't it just affect legitimate
> 	commercial transactions?  That is to say,
> 	wouldn't fly-by-night pyramid-scheme
> 	builders still be able to spam?  I would
> 	think that if they are so untraceable
> 	that it's hard to block their spam that
> 	it wouldn't really matter if it were
> 	simply made illegal.

Spammers need to have a way that you can respond to them.
Since spam is legal, and they don't want email in return, they
include phone numbers, fax numbers, or snail-mail addresses
for people to reply to.  If spam were illegal, then spammers
could be tracked via the phone numbers.  It's only the email's
return path that's difficult to trace- spam, because it is selling
something, must have a way for potential customers to respond.

Most of the purported 'anti-spam' legislation is thinly-disguised
LEGITIMIZATION of spam!!  Anything that puts the burden on ISPs
or recipients to filter out 'tagged' messages legitimizes
spam.  As annoying as spam is, I would much prefer that nothing
be done rather than a poorly-thought-out law.  So far, all the proposed
laws I have seen have had flaws in them that make me unable to
support them.  To be honest, I can not myself come up with a law that
I would find acceptable.  It's a hard problem.


-- 
   Eric Murray  ericm@lne.com         Privacy through technology!
  Network security and encryption consulting.    PGP keyid:E03F65E5 

***********

Date: Wed, 4 Jun 97 16:10:07 -0400
From: Ray Everett-Church <ray@everett.org>
To: "Declan McCullagh" <declan@well.com>, <fight-censorship@vorlon.mit.edu>

On 6/4/97 3:44 PM, Declan McCullagh (declan@well.com) wrote:

>A friend who's going to be speaking on one of the FTC panels next week
>sent me a few questions about spam. Does anyone want to try their hand at
>answering them? I'll forward along all responses I get.
>
>	What are the costs to consumers of
>	unsolicited e-mail?  I guess the time it
>	takes to delete it might be one, hard
>	drive space might be another.  I would
>	like to know how to quantify it, and
>	compare it with the cost of sending
>	e-mail.

I also will be speaking at the FTC next week and address that question in 
my FTC filing which can be seen at 
<http://www.smart.net/~everett/comment.html>

The short version of the answer is that UCE is difficult to assign a 
clear cost to in part because it is spread over such an ever widening 
base that the more people you spam, the harder it is to know where the 
costs are concentrated. However there are costs to the bandwidth provider 
for the site originating the spam in terms of consumed bandwidth, there's 
also costs of consumed bandwidth leading into every site that receives 
the mail. Once it arrives at an ISP, there are costs in terms of the CPU 
time and system efficiency issues, and disk space consumed, and costs for 
the consumers who may have to spend more time and money (if they pay on a 
metered basis) to download and sort through the stuff. It's hard to 
quantify in dollars and cents, but lets look at the quantities we're 
talking about. AOL has publically estimated that they process about 30 
million pieces of email a day and further they've publically estimated 
that 40-45% of that is spam. I recently sampled 3 days of my regular spam 
load and the average piece was a hair over 5000 bytes. 5k * 13 million 
messages, you're talking roughly 65 million kilobytes a day. (somebody 
please correct my math... i'm a lawyer not an accountant). Since people 
don't read their email every day, some of that must be stored for several 
days. And if it is bouncing back to an invalid sender address, the rest 
ends up in the postmaster mailbox. Assuming that those same figures and 
costs are spread among other ISPs as well, that's a heck of a lot of data 
to transmit and store...which translates into costs for ISPs and their 
customers.

>
>	If you banned commercial e-mail,
>	wouldn't it just affect legitimate
>	commercial transactions?  That is to say,
>	wouldn't fly-by-night pyramid-scheme
>	builders still be able to spam?  I would
>	think that if they are so untraceable
>	that it's hard to block their spam that
>	it wouldn't really matter if it were
>	simply made illegal.

I don't think anybody wants to ban all commercial mail, just the 
unsolicited advertisements for which the advertisers don't bear the real 
costs. If you're truly trying to operate a moneymaking business, you've 
got to have someplace for people to send the money... So regardless of 
how you disguise the headers, you still have a means of tracking down the 
culprit... and in the case of the Smith legislation you'd have the chance 
to recover up to $1500 per message. There is at least one major national 
collection agency that I know of who is chomping at the bit to recover 
that for you.

-Ray
<everett@cauce.org>
-------------------------------------------------------------------------
 Ray Everett-Church, Esq.  <ray@everett.org>    www.everett.org/~everett
 This mail isn't legal advice.   Opinion(RE-C) != Opinion(clients(RE-C)) 
 (C)1997 Ray Everett-Church ** Help outlaw "spam"=> http://www.cauce.org 
-------------------------------------------------------------------------

********

Date: Wed, 04 Jun 1997 19:20:36 -0400
From: Chris Poupart <jyhad@odyssee.net>
To: declan@well.com

<quote>
        If you banned commercial e-mail,
        wouldn't it just affect legitimate
        commercial transactions?  That is to say,
        wouldn't fly-by-night pyramid-scheme
        builders still be able to spam?  I would
        think that if they are so untraceable
        that it's hard to block their spam that
        it wouldn't really matter if it were
        simply made illegal.
</quote>

making spam illegal would be a futile plan, unless the authorities were
given the power to persue not just the sender, but the people for whome
it advertises.  Not only could the fly-by-night pyramid-schemes work,
but there are programs out there that allow you to route your e-mail so
that it is Anonymous, now these programs can also do bulk mailing... I
think you get my picture.  If you could also press charges against the
advertised company (providing it was authorised by them), then that
might work.  If not, well then with all the free e-mail available
(www.hotmail.com and www.netaddress.com or .net I can't remember),
people might want to set up an e-mail account to use with Usenet and to
give as pw, ect, and then they could keep one privit and "secret"
amongst their friends.  The internet has flourished w/out government
help and I beleive that it will continiue to do so.

					Chris Poupart
					Montreal, Canada

-- 
Chris Poupart                        mailto:chris@peacefire.org   
Support Freedom of Speech and visit: 
http://www.peacefire.org | http://www.eff.org
http://www.geocities.com/Colosseum/Field/6078/censor-index.html

**********

From: "Marius  Loots" <MLOOTS@medic.up.ac.za>
To: Declan McCullagh <declan@well.com>
Date:          Thu, 5 Jun 1997 11:16:21 GMT+2

Hallo Declan

I really enjoy your list.  The mailings are very interesting and
relevant.  Thanks.  My thoughts on the two questions:

>     What are the costs to consumers of
>     unsolicited e-mail?  I guess the time it
>     takes to delete it might be one, hard
>     drive space might be another.  I would
>     like to know how to quantify it, and
>     compare it with the cost of sending
>     e-mail.

It would be extremely difficult to quantify in monetary terms.  It has
been long since I had one of those BIG things in my mailbox.  Most of
these has lately been smaller emails that compare well in size to some of
the material I send around.  Because harddrives are not that expensive
anymore, storage space is IMO, not a factor at all.

The irritation factor is my biggest concern.  You have to sort it from
the valuable mail, that takes time.  You have to delete it, that takes
time. And some people has to download it, that takes time.

This eating up of my time, irritates me. And with the present information
overload, time is one of the few things we definitely don't have.

>     If you banned commercial e-mail,
>     wouldn't it just affect legitimate
>     commercial transactions?  That is to say,
>     wouldn't fly-by-night pyramid-scheme
>     builders still be able to spam?  I would
>     think that if they are so untraceable
>     that it's hard to block their spam that
>     it wouldn't really matter if it were
>     simply made illegal.

You are not going to be able to ban it.  As long as email is email, there
will be people using it to spam.  Even if you make it illegal, it will
still happen.

A few quick thoughts or ideas to be kicked around:
1. What could be made illegal is the selling of email addresses.
2. Ban *unsolicited* commercial email
3. Make ISP who supply service for free or without proper checking liable
for prosecution if spam comes from their system.
4.  Black-list people that are caught spamming (use in tandem with 3).

A number of these spammers are not once-only fly-by-nighters.  They strike
again and again.  Because it is not illegal at the moment, no-one can do
anything.  I am not able to write the legalese but these are some rough
thoughts on the matter.

Unsolicited email is unsolicited email, and the sooner we get that out of
the system, the better.


Groetnis
Marius Loots

-------------------------------------------------------
Maestro  mloots@medic.up.ac.za  +27-12-319-2144  pgp2.6
TOP 50 on the SA WebChart - Have a look and vote NOW!!!
http://www.geocities.com/Athens/6398
Add some Chaos to your Life and put the World in Order
-------------------------------------------------------

*********

Date: Wed, 4 Jun 1997 13:28:38 -0700
To: declan@relay.pathfinder.com
From: Roger Bohn <Rbohn@UCSD.edu>
Subject: Re: Spam costs and questions


At 3:47 PM -0400 6/4/97, Declan McCullagh wrote:
>A friend who's going to be speaking on one of the FTC panels next week
>sent me a few questions about spam. Does anyone want to try their hand at
>answering them? I'll forward along all responses I get.
>
>	What are the costs to consumers of
>	unsolicited e-mail?  I guess the time it
>	takes to delete it might be one, hard
>	drive space might be another.  I would
>	like to know how to quantify it, and
>	compare it with the cost of sending
>	e-mail.

A big cost is that it reduces the S/N ratio of e-mail.  As the amount of
spam goes up, sooner or later you start missing legitimate messages that
you should have read, because you do blanket erases, don't read carefully,
close down entire accounts, etc.  Personally I've not reached that point,
but spam is growing exponentially so I give it 2 years.

Cost of telephone connect time is also a consideration for most users.
Even if you are on a flat phone rate, there is an opportunity cost from
having your phone tied up longer.   (Yes, even if you have 2 lines--the
members of my household are always fighting over the second line.)

>
>	If you banned commercial e-mail,
>	wouldn't it just affect legitimate
>	commercial transactions?  That is to say,
>	wouldn't fly-by-night pyramid-scheme
>	builders still be able to spam?  I would
>	think that if they are so untraceable
>	that it's hard to block their spam that
>	it wouldn't really matter if it were
>	simply made illegal.
>
Yes and no.  Fly by nights would continue, certainly.  But look how
successful the mail fraud laws have been at limiting (not eradicating) mail
based pyramid schemes, for example.   Laws, if carefully drawn, would have
an effect.

I think mandatory labeling is much better than banning commercial e-mail,
by the way.  An outright ban has several problems,  in the U.S. at least.
A mandatory label deals with the S/N issue cited above (you can filter
commercial messages), and as mail packages get smarter they can be set to
not download messages selectively, thus dealing with the other problems.
Something as draconian as an outright ban also encourages lawbreaking more
than a labeling provision would.

Roger Bohn

###










Thread