economics of spam (Re: A Trial Balloon to Ban Email?)

Tim Dierks tim at dierks.org
Mon May 12 18:18:25 PDT 2003


At 04:45 PM 5/12/2003, Adam Back wrote:
>Whether you think a few seconds is sufficient depends on your views of
>the economics of spamming.  Ie how close to losing break-even the
>spammers are, and whether a few seconds of CPU per message is enough
>to significantly increase the cost.  This article for example
>discusses the economics of spam:
>
>http://www.eprivacygroup.com/article/articlestatic/58/1/6
>
>they give an example of a spam campaign with a 0.0023% response rate,
>and a yeild of $19 per response.  They estimate the cost of sending
>the spam was less than 0.01c per message.  I've seen significantly
>lower estimates for the sending costs.  To deter a given spam campaign
>we just have to increase the cost to the point of making it
>unprofitable given the response rate and profit per responder.  The
>other side of this equation is what a second of CPU costs in monetary
>terms to a spammer.

Assuming that a CPU costs $500 and that its value can be amortized over 2 
years, CPU costs .0016 cents/second.

Based on the numbers enough, the revenue/spam sent is .044 cents. Thus, the 
breakeven point is 27.6 seconds/message: assuming other costs are minimal, 
you have to require > 27.6 seconds of CPU calculation from an email 
submittant to ruin the spamming business model.

A few thoughts on this:
  - You have to adjust the size of the calculation frequently to keep up 
with Moore's law (although the time/$500 CPU is constant, assuming constant 
profitability for spam)
  - If spammers have new technology or economies of scale available to 
them, it's going to adversely affect everyone else. (That is, if you're 
using an 18-month-old CPU and CPU-seconds cost you twice what they cost in 
the volume it costs spammers, your $500 computer will have to spend 2 
minutes of time to calculate a token it takes a spammer 30 seconds to 
calculate).
  - This is going to dramatically increase the costs of sending bulk e-mail 
for non-spammers: for example, I get airline specials a few times a week; 
they must send millions of these.
  - The CPU time required here is several orders of magnitude larger than 
the cryptographic costs associated with SSL, and SSL is not broadly 
accepted at least in part due to the CPU cost associated with with it; this 
implies to me that there will be substantial resistance.
  - The CPU costs associated with SSL engendered a substantial market in 
cryptographic accelerators intended to reduce the cost to do an RSA private 
key operation. Presumably, a system like this will create such a market for 
e-mail token accelerators: unfortunately, this is exactly the kind of new 
tech / economy of scale envisioned above: we may end up with a situation 
where a calculation which costs a spammer .044 cents will take the average 
user's CPU 10 minutes or more to calculate.

  - Tim





More information about the cypherpunks-legacy mailing list