On Thu, 12 Feb 2004, Dan Kolis wrote: > >Further, any cost increase in email that is less than the cost of bulk > >postal mail will not deter genuine spammers. But even the regular user > >would feel the crunch if each email cost $0.37. If the IETF had to pay > >$0.37 per email, or even $0.15 per email, its 2 million/yr or so budget > >would not cover its email costs, and your draft would not be published. > > Dan says: > Well, I have never gotten an unsolicited paper item for Viagra, but have > gotten hundreds of electronic ones. There is a distinction between > unsolicited communications, direct marketing, and spam. Its subtle and > creates (in the US) first amendment rights issues that are non-trivial. > > But, 100M email mass solicitation at $0.001 each is $100K, which is a medium > good houseworth of dollar value here. I think it would annihlate the worst > of mass spam. It won't cost $0.001 in additional marginal cost to send a spam message even if every bit of the proposal is implemented. Assume 2K keys per user, that is 200 GB of (reusable) hard storage required for the database. Assume 1000 messages can be encrypted per second, delivered to the MTA, and pumped onto the net (a very reasonable estimate and in any event not bottlenecked by the DB lookup or encryption step, especially given that both can be parallelized). That is 86,400,000 messages PER DAY (just under your 100M specification), using roughly 1 MB/sec total bandwidth on an internet connection 24x7 during that time. Obviously if we tweak things a tiny bit which we easily can, we could send 100M messages/day without breaking a sweat from a single computer IF the MTA itself is capable of it in the first place, so let's use this as a round number. Let's BUY the MTA server and two encryption nodes whose only job is to ensure that the MTA queue never runs dry, each equipped with 600 GB in RAID3. Let's see, that would be, hmm, less than $10K if one got gold plated parts, less than $4K at my local OTC no-name computer store. Let's amortize all costs over a year. The $10K hardware cost is then a measley $30/day. Let's prepay for high bandwidth access to the network at exorbitant rates, maybe $2000/month. That works out to maybe $70/day (note that I'm being deliberately absurd in my estimates). However, note that this cost is the SAME before and after the proposed encryption step is added -- the cost of sending 100 GB of data out on the wire is independent of whether or not the data is encrypted and might even be LESS because messages are typically compressed before being encrypted and can be smaller encrypted than in plaintext. Forget the fact that the MARGINAL cost of encryption is thus $30/day, or an even smaller $10/day if we assume the hardware will last three eyars. Even at $100 cost / 100M messages = 1x10^{-6} dollars per message. One ten-thousdandth of a cent. And this estimate is probably high by a factor of ten over real costs, especially if the spammer is effectively stealing the resource via a virus in which case the real cost could be "nothing" -- to the spammer. It costs the spammer more in HUMAN TIME setting up the messages, billing for returns, and managing the systems than it does to do ANY AMOUNT of automated mail processing, with or without encryption. Hardware is cheap and easily augmented if there is any marginal benefit in doing so. Note that NO REASONABLE SCALING of the work done to encrypt a message will yield significant costs to the spammer before they do immense amounts of damage in rising costs (especially HUMAN costs) elsewhere on the Internet. Suppose it takes a whopping 0.1 seconds to encrypt a 1K message (it doesn't, not even close). Fine, I could design a cheap-ass 100 node beowulf cluster that would cost, oh, $35K to feed the MTA its requisite 1000 mps. This bumps my per-message cost by another $100/day, so it now costs me TWO ten-thousands of a cent to send a message. I don't think spammers work at such a low marginal profit that the extra $100 in daily costs will phase them. > I think whoever thought up the idea should be identified as a pretty sharp > cookie. Its just slices through so many thorny issues with few downsides. I think that whoever thought the idea up needs to do some concrete arithmetic and some actual measurements and consider the cost-benefit. Huge administrative costs to implement across the entire internet. Huge inconvenience. Huge administrative costs passed back to the consumer. All to AT MOST double the marginal cost per message to the spammer, who makes a lucrative living because the marginal cost per message is so low that doubling it, or even multiplying it by tenfold, is STILL almost invisible to him or her. Alas, the costs are not so low to the people the measure is intended to protect. The big cost to people who manage lists (or send any kind of mail by hand) is going to be HUMAN -- administrative. It is a PITA to manage lists now -- addresses go bad, spammers try to sneak onto a list to feed their address collection agents, a virus or spambot gets inserted onto a legitimate list-member's system and makes it through a whitelist so everybody gets hammered until the administrator shuts him down. This work burden will only increase manifold when in addition to managing email addresses, one has to manage keys as well. A user's key is compromised. A database with several entities in it has to be kept consistent and clean. Resources are diverted. Debugging a failing email connection becomes a work of art because the traffic looks like garbage anyway, you don't control the user's keys or decryption agents, and there are multiple points where corruption or protocol failure can occur. As a SERIOUS email user, I don't want to even think about the hassle of having to manage keys for both myself and all the people and lists I communicate with. As a nearly twenty year sysadmin, I also don't want to imagine trying to train users and support users with all the headaches mandated use of public key/private keys would create. SPAM is undeniably evil, but the place to add costs is at the ISP level and the PoP level. Acceptable use agreements with sharp nasty teeth and anti-spam legislation that hits spammers AND the networks that tolerate/enable their activities AND the actual vendors that are selling the products being spammed with big fines have a far better chance of having a favorable impact on SPAM than any number of arcane and expensive countermeasures at the level of the mailer itself. I was pleased to note that one of the group of SPAMmers who was recently run to ground in North Carolina has just gone to trial today. This is what I expect to be at least part of a real solution -- hit him with a $1M fine and park his butt in jail for a year or three, and publish it loudly that you've done so. Then hit the next one, and the next one. Eventually spammers will have to add the amortized risk of getting fined into financial ruin and put in jail with a bunch of relatively decent rapists and murderers and cellmate molesters to their inevitably trivial dollar cost per message. Make this a REAL risk and a VISIBLE risk, and wildcat spamming will stop, at least in this country. Legislation CAN be effective. The new do-not call list has worked absolute wonders for me. Note that PHONE spam was never free -- it costs anywhere from $0.10 to $1 per call. Yet three months ago I would get hit a half-dozen times per day or more. Caller ID was all but useless, as few phonespammers used listed numbers or else they used blocks. The DNC list plus the promise of fines or worse, and I now get phone-spammed once every few weeks, usually by somebody that apologizes profusely and babbles about removing my name from their list once I point out that I'm on the DNC list. After all, they can't sell to me without telling me who they are, and that's all I need to have them fined or worse. rgb -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@xxxxxxxxxxxx