Chapter 12: The Real Cost of Spam

 < Day Day Up > 



Finding the True Cost of Spam

Many studies currently taking place attempt to calculate just how much spammers and the spam they send cost a business annually. This figure is highly debated and at times over-inflated, since it can commonly be used as a sales pitch for spam-filtering software and services. In this chapter, we attempt to quantify how much spam costs an average, reformed spammer-cum-systems-administrator such as the author. This chapter details everything from the cost of my time to the expense of running spam-filtering software; it compares the results from my experience to the high figure the U.S. government thinks I spent on dealing with spam.

To start with, let’s break down the parameters I use to operate that I will use in my calculations:

  • The average amount of spam I receive, after spam filtering, is 15 messages daily.

  • I am running a Linux-based spam-filtering package on my mail server; it consists of a very paranoid installation of spam-assassin.

  • My ISP charges me 10 cents per megabyte of traffic I download, after I exceed 10GB a month.

  • I use Outlook as my e-mail client and run Windows XP on my desktop.

And now, let’s begin.

Spam and Its Effect on Time for “Real” Work

The most common argument regarding the cost of spam is that recipients spend hours deleting spam messages from their in-boxes instead of focusing on their “real” jobs. This arduous task apparently consumes many minutes of their precious work time, and as the saying goes, time is money. I decided to put this argument to the test and bought a shiny new stopwatch to time how long it takes me to casually delete the spam e-mail I receive when I first log into my computer in the morning.

The morning that I wrote this chapter, I received 13 spam messages that bypassed the spam-filtering methods I employ. The majority of these spam e-mails are for sexual enhancement pills and a large amount of Russian and Chinese language spam. To casually delete all these messages has taken me 7 seconds, and since my spam messages are easily identified by how different they look from the rest of my mail, my method of “select and delete” has never deleted a legitimate e-mail so far. This is probably because my friends and colleagues do not try to sell me V1agr4. Yearly, then, this task equates to 30.33 minutes of my time spent deleting spam. If I am paid $30 an hour for my work time, that equals $15 annually that has been lost due to spam.

However, a study by the FTC showed that 77 percent of Americans spend at least 10 minutes each day deleting spam, which, in my opinion, is an exaggerated figure. These results are based on the recipient opening and reading each e-mail individually, then deleting it. However, many of these e-mails contain obvious subject lines such as “Buy Your Viagra here” or “B1y M1d1c1nde,” denoting them as spam and making it unnecessary to open them.

start sidebar
Tricks of the Trade…Spam Stats Omissions

Many published spam statistics do not take into account any spam filters in use, making cost estimates very large and impressive. However, a mail server that does not run any spam filters is very rare nowadays. Therefore, the majority of spam statistics are very unrealistic since they count on 100 percent of all spam being delivered to the user’s in-box and then the user opening each e-mail message, reading it, then deciding whether he or she should delete it.

end sidebar

Notes from the Underground ...

Speaking of Wasting Time

I run Microsoft Windows on my business computer and have a great many problems with it—what with patching, updating, fixing the updates, and removing spyware, I could easy spend half an hour a week maintaining my desktop. This weekly 30 minutes equates to 26 hours of wasted work time annually, which is 3.2 full working days lost due to Microsoft and Windows. These 3.2 working days will cost my business $780 annually, compared with the $15 worth of lost time deleting spam.

So, personally for me, deleting spam is not a very time-consuming task. I usually purge my spam while waking up with a coffee in the morning. It has become a part of my daily ritual, and I do not find it that tedious or annoying.

Spam and the Overhead on Mail Servers

Another selling point against spam is that it adds significant stress on mail servers due to the large amounts of extra processing power that is required to filter each message. Although this is very true for large mail servers, such as hotmail.com or any countrywide ISP, in reality spam has very little effect on my personal mail server. It’s arguable that the majority of e-mail my mail server processes is spam, but the modern technology I use is barely affected by the extra stress this causes.

Today, for example, my mail server processed 753 e-mail messages; 29 of those were legitimate and 13 were spam messages that failed to be spotted by my spam filter. This means that 711 messages were blocked and deleted on entry. I am running a very unforgiving configuration of spam-assassin, so each message is marked in its headers as to how long it took to process. A short message takes 1.8 seconds on average, whereas longer messages can take up to 2.6 seconds to process. So on average, each message takes 2 seconds to be scanned and processed by my spam filter. My server has just spent a total of 25.1 minutes scanning all my mail, which included both legitimate and spam messages; since there are 1,440 minutes in a day and given the same mail statistics, my mail server could process 57 separate e-mail accounts each day if it were to work constantly scanning incoming e-mail. However, there are only five e-mail accounts on this server, so I can afford for the server to spend up to 251 minutes scanning each mail account, until I theoretically exhaust all my available resources. Given the fact that spam is increasing by an average of 20 percent each year, I will run out of resources in five years if I do not create any new e-mail accounts or change any of my hardware.

My mail server is leased from Hewlett-Packard and each three years is replaced with new hardware, so within three years, technology will have given me headroom for another six or seven years’ worth of growth, in the form of faster hardware, capable of scanning spam at an even higher rate. Theoretically, I will never reach my server threshold, and as long as I keep up to date with new hardware, my server will never become overburdened, although I admit this is a cat-and-mouse game.

start sidebar
Tricks of the Trade…Accurate Statistics

The goal of this chapter is not to say that spam does not cost anyone anything. It is only to make the point that the costs are usually blown far out of proportion or based on statistics from huge ISPs that suffer great costs associated with spam. Spam does not have a large negative effect on small businesses like mine, but this fact is never taken into account when analysts attempt to define annual losses attributed to spam.

Accurate statistics are highly important, since the fines associated with the CAN-SPAM Act are primarily so high due to the industry assumption that spammers cost the world billions of dollars. If new evidence came forward suggesting that spammers cost only a fraction of this assumed amount, the CAN-SPAM Act could be rewritten with reduced fines.

end sidebar

As long as I keep updating my hardware, the percentages of server utilization will remain very similar. With this in mind, I can say that spam being sent to my five e-mail accounts will account for 10 percent of the server’s processing time. If the server costs me $1,500 yearly to lease, spam’s cost to me is $150 annually, although it should be noted that this is not just directly related to spam, since even in a world with no product-based spam I would still need to scan my e-mails for viruses or unwanted content.

In terms of man-hours spent maintaining spam software, they are very minimal. Once a month I spend up to an hour in total updating or tweaking my spam filters or installing new versions of my filtering software. This time accrues to another $360 a year that spam will cost me. However, this is an indirect or potential cost, since I do not have to pay myself for my time. My spam filter is still cheaper to maintain than my Windows-based desktop.

Bandwidth and Storage Charges

One unavoidable cost of spam is the bandwidth taken to download the message and the storage space used to keep it. When a host connects to your mail server, you have very little say about “refusing” the connection. Unless explicit network-based rules are defined, the majority of spam filters will accept the entire message before potentially filtering it due to the remote host being known for sending spam.

According to government studies, a single host can waste gigabytes of bandwidth receiving unwanted spam messages; the host still has to pay for all this mail traffic, and this significantly adds to the cost of spam. Just how much volume does a mail server really process in the course of a day, and how much does this actually cost? Bandwidth in any developed country is relatively cheap. The days of extortionate prices per megabyte are very numbered, and the majority of the time bandwidth is the least of a company’s yearly expenses. A mail server does not need to be on a 100MB dedicated connection to process your e-mail—a 512kb leased line suffices for most situations.

Spam messages vary in size, ranging from 1kb for an HTML-based spam that contains links to externally hosted pictures to 5kb for a large text-based spam that includes a full body or large amounts of random data. On average, the size of my spam messages is around 3.5kb. Today I received 724 spam messages; 13 of these were successfully delivered, whereas 711 were deleted on arrival. All, however, were downloaded by my mail server and consumed my bandwidth. Given this data, we can estimate that my mail server received 2.47 megabytes’ worth of spam messages today. Per month, this equates to 74 megabytes’ worth of spam for each e-mail account I house. Since my server contains five e-mail accounts, it is fair to assume that based on the same statistics, I receive a grand total of 371 megabytes worth of spam per month.

The data limit from my ISP is the smallest it offers, a whopping 10GB, and to date I have never exceeded this limit. Since 371 megabytes is a mere 4 percent of my total bandwidth usage, this allows for plenty of room to grow, and I could afford to house another 130 e-mail accounts’ worth of spam. Only then would I begin to exceed my bandwidth allowance, so personally, spam has no direct additional bandwidth cost to my business. I require the T1 line I have installed and the data plan is the smallest one offered. Spam does take up potential bandwidth, but this does not directly hurt my wallet, so in realistic figures, there is no real money or time that my small business pays out due to the cost of spam.

Of course, the other obvious cost associated with spam is the additional storage space required to store the massive volumes of spam messages received daily. Analysts claim that spam increases and heightens already problematic storage requirements, which leads to expensive storage solutions. Most expense calculators put the cost of storing spam annually in the tens of thousands of dollars. According to the experts, even for relatively small companies with fewer than 100 employees, it will cost a great deal of money to store all the incoming spam they receive.

I have previously said that each spam message I receive is on average 3.5kb; again, using the example of 13 spam messages received in one morning, all slipped though my spam filter and were successfully delivered and stored locally on my mail server. These messages did take up valuable storage space, requiring my mail server to contain a relatively large disk for storage purposes. The total amount of delivered spam equaled 60kb, although the average amount of spam I receive is fractionally lower at 45.5kb. Spam does not stay on the server very long, though, since I delete all junk e-mail daily. Because I am taking into account the time I waste deleting spam, I will factor in only the storage requirements of archiving a week’s worth of spam. Recently, storage costs have become amazingly competitive, and it is common for even a low-end server to ship with a 36GB SCSI disk. I doubt manufacturers are even producing disks smaller than 36GB anymore. My storage requirements are as follows: Each day I store 45.5kb worth of spam. Weekly this equates to 0.31MB, so I could fit the total amount of spam I receive in a week on a diskette, four times over. I have five e-mail accounts, and each account receives similar amounts of spam, which makes my total weekly spam storage requirements approximately 1.55MB. I try to keep a clean mailbox and delete any spam messages that evade my spam filter; additionally, Outlook is set up to perform a weekly archive of the remaining legitimate e-mails, so they are compressed and stored locally for later sorting or searching.

My server contains a pair of 36GB SCSI disks running in a RAID 1 configuration (they mirror each other), which provides me with adequate fault tolerance in case one disk fails. Therefore, any toll spam takes on my storage equipment is doubled to cover the expense of the second disk. As I previously mentioned, I lease my mail server, but if I were to buy two 36GB disks, they would cost me approximately $250 each. This means that I pay $6.83 per megabyte of storage I use. Two disks in use, both holding a week’s worth of spam for five e-mail accounts, will cost me a total of $21.17 worth of storage capacity. For argument’s sake, let’s double this figure again, because I understand that some people do not actively delete spam as often as I do. This brings my total cost of storage requirements to $42.34 a year, considering that the users of my e-mail server delete all delivered spam within two weeks.

start sidebar
Tricks of the Trade…SAN and NAS

I have noticed a common trend in online spam cost analyses: Storage requirements are often based on keeping spam on large-scale storage area network (SAN) or network-attached storage (NAS) devices. Such storage equipment carries with it significant overhead costs in terms of both maintenance and equipment.

In reality, very few small companies can afford to buy a SAN or NAS device, since the cost of such hardware is often extreme. The majority of solutions implemented involve simply buying a slightly larger hard disk to store mail on. This reality is rarely taken into account when spam costs are calculated, and for that reason, storage figures are often greatly inflated.

end sidebar

The Total

With these facts established, we can work out the annual expense spam has on my pocket, based on realistic figures and the exact amount of time and money spam costs me annually (see Table 10.1): $567.34.

Table 10.1: The Total Cost of Spam for My Business

Field

Monetary Cost

Time spent deleting spam

$15.00

Maintenance of spam filter

$360.00

Server time spent filtering spam

$150.00

Wasted storage and bandwidth

$42.34

Total annual cost of spam to my business

$567.34

To put this figure in perspective, let’s compare it to other expenses I have.

Ever since I was 13, I have been addicted to coffee, and now I can’t live a day without my latte or flat white, and so every morning without fail I visit my favorite coffee house and buy a tall latte. The cost of this sweet stimulant is $2.50, and I would say that I buy at least 300 coffees a year (just because it is the weekend does not mean that I do not need my caffeine fix). This addiction annually costs me $750, so to put my costs of spam in perspective, I spend more on coffee than I do on spam.

As mentioned earlier, I use an average of 3.2 working days a year maintaining, upgrading, and fixing my Windows desktop, which amounts to $780 worth of my time each year. Using Microsoft products on one desktop annually costs me more than filtering, storing, and sorting all the spam I receive for five e-mail accounts.

start sidebar
Tricks of the Trade…Spam Calculators

The majority of Internet users do not find any pleasure or enjoyment in spam. With this in mind, most people simply accept any potentially inflated figure given to them. If the FTC claims that spam cost the United States $8 billion last year, no one questions the figure. Pro-spam lobbyists are few and far between, and spammers are not known for coming forward to defend themselves or give an accurate depiction of what they do. For that reason, figures are blindly accepted by the public, and there is usually very little debate over them.

Many companies have published online spam calculators, such as www.postini.com/services/roi_calculator.html and www.vircom. com/Cost_Calculator/. These online, subjective tools are designed to show just how harmful spam can be financially. One spam calculator estimates that based on wasted time alone, spam will cost my business $5,789 annually, a highly inflated value since, as I have shown, my actual costs are just under a tenth of this amount. Not to mention the fact that my expenses included wasted time, hardware, bandwidth, and storage requirements!

end sidebar

The most recent estimates for spam costs in 2004 place the figure at $41.6 billion—more than a year’s worth of oil and petroleum exports from Saudi Arabia, an astronomical amount that is obviously inflated. Although spam can have a significant cost to a large company such as Microsoft, Yahoo!, EarthLink, or AOL, the majority of small companies will face very insignificant costs associated with spam. Personally, I stand to save more money if coffee becomes outlawed than if spam ceases to exist.

And, now that you have seen my personal cost calculation, please read the following statements made at the latest Spam Summit by “industry leaders” justifying how much spam costs them and why they consider spam such a burden.(A full copy of the report can be found at: www.apig.org.uk/spam_report.pdf.)

Excerpt from www.apig.org.uk/spam_report.pdf:

How much does spam cost?

28. Because the transfer of email is now so rapid and hence cheap, the actual “bandwidth” costs are seldom significant, even for individuals. However, our attention was drawn to people who accessed email over new generation mobile phones and here the cost of connectivity did matter.

29. Most attention on the cost of spam has related to the effort required to sort through incoming email to discard the unwanted material and locate the email that was actually required. We were told of various studies that have attempted to determine the cost of spam in terms of lost productivity to businesses (it being difficult to ascribe a monetary cost to an individual’s time in their homes).

Ferris Research, January 2003

Estimated total cost for spam in corporations in 2002 was $8.9 billion and in 2003 lost productivity costs will be approximately $14 per user per month causing the total cost to rise above $10 billion.

Radicati Group, July 2003

A company of 10,000 users with no anti-spam solution will spend on average $49 per year per mailbox in processing spam messages.

Vircom Ltd., June 2003

Lost productivity will cost a company of 1,000 users with no anti-spam solution approximately $205,000 per year.

MessageLabs Ltd., June 2003

Based on productivity loss, spam costs UK business 3.2 billion annually.

A U.K. university, June 2003

The direct costs of their spam-filtering system were 78,000. However, it is still costing them an estimated 1.1 million per annum, assuming that staff can deal with the spam that gets through the filters in a mere two minutes each per day.

Charles Smith, Oaksys Tech Ltd.

Charles Smith came and gave us oral evidence from the point of view of an ordinary small-business email user. He told us that he receives about 1000 spam emails a day. He has built up about 280 rules within his email software which traps most of the spam. About 10 spam emails get through and he deals with these manually. He also needs to check the email that is filtered, recently he had almost missed a share trading opportunity worth 1500. He estimated that in total he spent about 20 minutes a day dealing with spam and that at his professional hourly rate this was costing him 50 a day.

30. There are many other monetary costs associated with spam. In a widely cited June 1999 report, the Gartner Group pointed out that the response of many customers to spam was to abandon their email address and change ISP. They estimated that cost of this “churn” was about $7 million annually for an ISP with a million customers. The IWF also suggested that spam was generating a general loss of confidence in the Internet.

31. However, many costs are not monetary at all. The EEMA pointed out that nobody was interested in creating an email address directory (a “white pages” service) because no names would be submitted through fear of receiving more spam. They also drew our attention to the cost of archiving spam because it was mixed in with other email that had to be preserved for business reasons. Other people pointed out the cost to entirely properly run email marketing operations when their “opt-in” messages were blocked along with the spam. A great deal of spam is forged to appear to come from legitimate businesses with consequent damage to their reputations. Our attention was also drawn to the damage to national reputations when entire towns, states or countries become inextricably linked with spam in people’s minds.

Interesting—although it is clear that these results are highly biased. Statements such as “A company of 10,000 users with no anti-spam solution will spend on average $49 per year per mailbox in processing spam messages” is strongly exaggerated, because everyone in the industry has spam-filtering software. Analogous to this would be to say that “To power our servers with 10,000 486s would cost us $1,000 an hour in power usage.” These statements are inaccurate and misleading. I always find estimates on productivity losses attributed from spam questionable; the idea that recipients take more than 7 seconds to delete each spam e-mail they receive is highly unlikely in most cases, in my opinion.

Note

Just how long is 7 seconds? Moreover, what can you actually do in the space of 7 seconds?

Start counting in your head, one Mississippi, two Mississippi, three Mississippi …

Think in your head about deleting an e-mail, how long it takes to click the message and scan it with your eyes. Close your eyes and visually picture the process while counting up to seven Mississippi.

I can read most long, legitimate e-mails that have a complex body in 7 seconds. Average spam e-mails contain very simple bodies, and usually after half a second I have mentally determined whether the message is spam or not. The majority of the time I can tell by the message subject or the sender of the message that it’s spam. It is fair to say that I rarely open a spam message to read its contents, unless the sender is someone I know or the subject is very convincing. Even when I do open the e-mail, I do not read it for 7 seconds.

There are many annual cost estimates flying around the Internet, and a Google search for “spam costs billions” shows that these estimates vary greatly, from the conservative $4 billion in annual losses right up to the extremely preposterous estimate of $41.6 billion from “research firm” Radicati Group.

In all, it is fair to say that very few people have any idea just how much spam costs U.S. businesses, but common sense says that these published estimates are greatly inflated. Too often, these figures are published and never questioned; as long as the report is anti-spam, few people see any reason to contest it. It seems no one in this business is pro-spam—not surprising, but more depressing is the fact that no one is pro-truth, and the majority of the published information is inaccurate and wrong.



 < Day Day Up > 



Inside the SPAM Cartel(c) Trade Secrets From the Dark Side
Inside the SPAM Cartel: By Spammer-X
ISBN: 1932266860
EAN: 2147483647
Year: 2004
Pages: 79

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net