Killing spam with economics
The way to get a business to stop doing something is either to remove the economic incentive for doing the unpleasant behavior (i.e. kill revenue), or by raising the cost of the behavior to be prohibitive. Either way you do it, you kill profits and that kills the behavior. The thing is, nobody’s doing much of either against spam. It seems that everyone’s forgotten that spam is not a technical problem to be solved, but an economic one.
Spam is a great business to be in. It took off as an industry because the cost side of the equation is so small. Sending a billion emails costs almost nothing - one successful hit (customer, victem, etc) pretty much pays your operating costs. Two and you’re rolling in profits. Spam filters are no help because not everybody runs them and all it takes is one or two naive people to respond to spam to make spamming profitable. As long as spamming is profitable, it will continue to exist.
Paul Graham has an interesting idea for combating spam:
following all the urls in a spam would have an amusing side-effect. If popular email clients did this in order to filter spam, the spammer’s servers would take a serious pounding. The more I think about this, the better an idea it seems. This isn’t just amusing; it would be hard to imagine a more perfectly targeted counterattack on spammers.
It’s a great idea: by adding this functionality to clients, we effectively recruit the vast majority of PCs into a grand army that pummels their servers with massive amounts of traffic (on the same order of magnitude that google & friends have to deal with). Clients can spoof a real browser session, thus making attack traffic indistinguishable from a naive spam respondant (i.e. revenue generator). It’s incredibly expensive to maintain a server farm and data pipe to handle that many requests. Further, it’s cheap to add to clients - email clients can do it in the background when email gets downloaded without adding much of a delay or bandwidth hit. In short: it massively shifts the equation to make spam unprofitable while not affecting individual users much.
It won’t eliminate spam, though. It’ll kill the massive scale spammers that operate today. They’ll have to switch to smaller scale mailings or trickle out spam to manage their load. Still, statistics and economics are working against them. Let’s say that one out of every thousand recipients of a particular spam message responds to it. If the spammer sends 100k-1M messages a day, they’ll get 100-1000 respondants. Very profitable. But, with crawling, they may able to only send 10k messages a day. Now they’re only getting 10 respondants/day. That may not be enough to pay all the bills and certainly won’t pay for another Lambourghini.
Though it won’t kill spam entirely, it certainly will be much more effective than any of the authentication or filtering schemes I’ve heard proposed. Though it sounds cynical, the following is true: you can’t change people with technology. You can change them with money.
