Illustration by Leo Espinosa |
Untold billions of dollars have been poured into the problem of combating spam, and untold millions of hours have been wasted scrolling through unwanted messages. President Bush waved a wand and promised the problem would disappear when he signed into law the CAN-SPAM Act of 2003, “imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet.” Anybody notice any less spam since that law was passed? By some estimates, the percentage of Internet traffic that is spam now exceeds 60 percent.
So why have all the efforts to control spam been so ineffectual? The answer may be that we’ve wrongly assumed we should treat spam like a disease, relying on various digital antibiotics to contain the infectious spread of unwanted e-mails. Developers of spam-protection software have created blacklists of “known spammers” whose e-mail addresses are automatically rejected from our in-boxes. They’ve compiled elaborate inventories of junk mail content used to block specific messages. And they’ve developed intelligent pattern-recognition software that can detect telltale signs of spam, even if the message has been sent for the first time. The disease model is based on the premise that spam is going to be ubiquitous and that the best thing we can do is build up the antibodies in our computers’ immune systems to protect us from it.
Maybe we just need a new model: Spam as a digital version of pollution. We can fight pollution in two ways: Either invest in technologies that protect individuals from the effects of environmental hazards or try to identify and eliminate the root cause of those hazards. Right now, we’re following the first approach with spam. It’s as though we’ve decided to shield ourselves from toxic air by installing air filters in every window and handing out gas masks to those who venture outdoors. To get to the root cause of the problem, we have to confront one crucial fact: Spam pays. We can build all the filters and blacklists we want, but the spammers have an incentive to find ways around those defenses because sending spam continues to be a relatively easy way to make money.
Over the past two decades, environmentalists have refined a methodology that is sometimes called true-cost accounting. The crux of this methodology is that the costs associated with polluting the environment and wasting precious natural resources are often hidden. When you buy a gallon of gasoline, for example, you’re paying for the costs of extracting that fuel from the ground, refining it, and shipping it to your corner gas station, along with other business overhead. But you are not paying for the damage you do to the environment or to other people’s health.
The same analysis can be applied to spam. The price of sending spam doesn’t account for the cost of receiving it. E-mail is essentially free, whether you’re sending a two-sentence birthday greeting to your mother or a hundred thousand “free Viagra” spam messages. You have to pay money to get connected to the Internet, usually through a service provider like AOL or Earthlink. But once you’ve paid your monthly flat-rate bill, you can send as many messages as you want. As your total sent mail rises in number, the cost of sending an individual message approaches zero. Even the most implausible business can make money if the cost of reaching new customers is zero. You might fool only one in 10,000 recipients with your plea to wire money to a bank account in Nigeria, but if it costs almost nothing to send your plea to 100 million people, you’re left with a tidy profit at the end of the day.
Meanwhile, the true costs of those bulk e-mail messages are carried by nonspammers—directly in terms of time wasted separating the wheat from the chaff or installing new spam-blocking software but also indirectly in higher rates from Internet service providers.
Last year AOL alone blocked nearly 500 billion spam messages and fielded nearly 20.4 million complaints in a single day from customers. Industry analysts at Ferris Research estimate that the total cost to businesses of fighting spam in 2003 was $10 billion.
