X

Want to stop spammers? Charge 'em

CNET News.com's Declan McCullagh says spam isn't so much a technological or legal problem as it is an economic one. So if one wants to change spammers' cost-benefit calculations, raise their costs.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Declan McCullagh
5 min read
WASHINGTON--I spent last week at the Federal Trade Commission's three-day spam summit where hundreds of people, fed up with the skyrocketing amount of unsolicited bulk e-mail, gathered to figure out how to stop it.

The suggestions were predictable: As they have each year since 1997, with nothing to show for it so far, members of Congress vowed to enact a law restricting spam. People selling spam blockers touted their products, and so-called e-mail marketers complained that their bulk messages were being unfairly tossed in the trash. Poor things.

On Friday morning, though, FTC Commissioner Orson Swindle said something that made a lot of sense. "I don't care if it's commercial, religious or entertainment (spam). It's all pollution," he said.

That's exactly right, and it's how we need to start thinking about spam. Spam is not primarily a technological or legal problem: It's an economic one.

From an economic perspective, spam is just another form of pollution, an activity that imposes costs on people without their permission. Like all polluters, spammers impose these costs because of the benefits to them--in this case, the profits they make from sales, however few.

Like many victims of dirty air and befouled water, spam recipients are mostly powerless against the polluters. To curb pollution, we need to figure out how to change a polluter's cost-benefit calculations.

Yet for victims, the time and effort needed to shift costs back to where they belong typically wipe out any theoretical benefits. Because my home e-mail address has stayed the same since 1995, I receive hundreds of spam-o-grams per day, and I don't report each one to the FTC or an Internet provider's abuse address. It's just not worth my time.

It is worth something to the spammers. Here's why: Because of the low cost of bulk e-mail, a response rate as low as one-thousandth of 1 percent can mean profits. A paper by the ePrivacy Group notes that the cost per message for postal mail declines because of printing efficiencies and bulk postage, and then levels out. "Conversely, per-message costs for spammers start out low and decline rapidly with volume. Indeed, some spammers pay nothing for sending their messages, hijacking resources that belong to others," according to the ePrivacy Group.

The usual way to address pollution problems is for the government to step in and raise costs. Rep. Zoe Lofgren, D-Calif., wants to give those who report spam to the FTC a "bounty" that would come out of a judgment collected from a spammer. Other proposals would raise the costs for spammers by making it easier to sue them.

To curb pollution, we need to figure out how to change a polluter's cost-benefit calculations.

That's a good start, but it's not good enough. Roughly half of spam already comes from overseas, panelists at the FTC confab said last week, and they estimated that it's doubling every month or two. Even if we managed to get rid of all domestic spam tomorrow, in a few months we'd be back up to current levels. And we can't wait a decade for an international treaty to be drafted, ratified and implemented.

Fortunately, there's a second way to raise costs for spammers: Charge them.

Imagine a system that lets you set up a kind of electronic guard dog that would police incoming e-mail. Using a set of user-defined rules, e-mail from preprogrammed domain names, such as yourcompany.com, would be sniffed and automatically approved. So would messages from friends, family, prior correspondents and known mailing lists.

Unknown correspondents, on the other hand, could contact you only if they paid for the privilege. Without bothering you, your guard dog would reply and tell the sender how much "postage" he owed. It's likely that a polite custom would arise: If the message you received from an unknown sender was sufficiently interesting, you'd return the payment or simply not deposit it.

I'm hardly the first person to suggest this idea. Brad Templeton, the chairman of the Electronic Frontier Foundation, wrote an influential essay around 1995 on "e-stamps," though he no longer likes the idea. A 1997 patent granted in the United States to Todd Sundsted covers some uses of filtering e-mail through "an attached electronic stamp." Scott Fahlman, a computer scientist at Carnegie Mellon University, recently published a paper titled "Selling interrupt rights: A way to control unwanted e-mail and telephone calls." And an Australian entrepreneur recently launched a pay-to-send service that works in part as I described.

Imagine a system that lets you set up a kind of electronic guard dog that would police incoming e-mail.

Whatever the system, if enough people use it, you'll only have to charge as little as a penny to effectively ban spam from your in-box forever. The higher cost of watchdog-protected accounts suddenly would make spam uneconomical by shifting some of the cost of dealing with spam back to the sender, where it belongs. Payment systems like PayPal, E-Gold and GoldMoney.com would make the system feasible.

Then again, the postage would not have to be paid in legal tender. Any activity that cost the sender enough would do the trick. One scheme that's been proposed uses computation instead of currency. Called "HashCash," it requires the sender not to send money, but to instruct his computer to perform an arbitrarily complex calculation that would take a few seconds even on a fast microprocessor. Think of it: If a would-be spammer had to perform even three seconds of computation for each person she spammed, the pace of spam would slow to glacial.

"This can be used as the basis for an e-cash system measured in burnt CPU cycles," writes Adam Back, a British cryptographer who invented HashCash. "Such cash systems can be used to throttle systematic abuses of unmetered Internet resources...On a global scale, use of bandwidth and CPU resources is wasted. The spam recipient's time is wasted as well, and in the case of people using commercial service providers, some recipients have metered phone calls, and some service providers charge hourly rates for connection time."

Back told me on Friday that he envisions a transition from filters to HashCash. "What do you do, when you receive mail from people who are not using HashCash? Deleting that mail is not really acceptable," Back said.

"What people have proposed to do is to combine HashCash with filtering software solutions like SpamAssassin and the like," he said. "If you used HashCash to send a message, it wouldn't be filtered at all. That gives you an incentive to install HashCash. Every person gets extra value from it because they get extra reliability when sending e-mail."

Whether we end up using HashCash or some form of micropayment, we desperately need to raise the cost of spamming. New laws and new filtering technologies aren't good enough: Spam can be canned only through economics.