anybody else been spammed by "no-ip.com" yet?

[1]
This raises an interesting question of how can you claim an email costs
$.02 to receive, when the bandwidth to get it is about 3 orders of
magnitude less, and diskspace costs 2 orders of magnitude less ($10/gig)?

If your average user gets 10 emails/day, that means that each user gets
300 emails/month, and costs you $6.00 in resources?

  You need to keep in mind the cost of disk space. And you
can not use the el-cheapo 5400 rpm ide disks as your price model
either. While in a smaller environment they work fine. (read:
my home mail server), if you're running a commercial isp, you
need higher data transfer rates.

If you have dialup users paying $20/month, do you kick them off if they
subscribe to a busyish mailing list and get over 35 emails/day?

  If they don't fetch their e-mail in a reasonable amount of time
I have known isps to delete the mail. My employer has given me an
earthlink account for when I travel to dial-up. I don't
check that mail there. I don't expect them to keep all the
spam that might accumulate so in 3 years from now when I decide
to pop-3 in for the fun of it, i download a few gigs of spam.

In terms of ISP resources, emails cannot be costing $.02 each to receive.

  I'm not entirely supporting that figure but not disputing it.

  You need to keep in mind:

  1) Disk space costs. You need to have a reasonable disk space
system set up for any moderate-large sized isp. This includes
10krpm scsi disks as well as raid including backups. (Your customer
John doesn't want to lose his e-mail from Aunt Sally).
  2) not everyone reads their mailbox realtime or locally.
While the average ISP customer is online more and more time a
month and cable modems and other services have increased their ability
to fetch their e-mail in more frequency, you may have to store
mail for up to 2 weeks for the average user. (anything over that
they're out of the country I suspect and not interested in their
e-mail).
  3) the cost of the bits over transit/peering are low enough
that most people don't count them, they are very low as compared
to the cost of disk space/cpu and ram required to handle massive amounts
of e-mail in a reasonable/prompt manner, but they do exist. One will
need to invest in a seperate ethernet switch and other devices to help
keep the traffic segmented. this is a component of the cost of
an isp providing smtp service.

In terms of the time to delete them, I could believe that they cost $.02
each. (If you value your time at $20/hour, $.02 is 3 seconds)

  an ISP with about 250k customers needs many gigs of disk space
to hold their mail and about 10-15 servers to process it. As the
spam increases, the number of servers required will go up because
you have to process those smtp connections. There are also the
technology costs of building a smtp system that can handle such
a large environment.

  I (continue to) see mail as the #1 reason people connect
to the internet. It's fast and reliable. If your provider
has only one link out and it's down, you can still get/deliver
your mail (assuming they don't have a poorly designed network)
and it will reach its destination. This is also why people complain
more about the ads they receive as compared to the ones that they
view on websites. They understand the difference between making
the outbound request for info and expecting to get some noise
as compared to saying "give me the messages directed at me". They
don't want the noise in their personal messages but in
the public space they are less sensitive.

  - Jared

Scott Granados <scott@graphidelix.net> writes:

No I think your message illustrates things pretty well. I guess the
fundimental differenc here is not only does it cost usually very little
to receive these messages it costs even less infact dramatically to send
spam. It seems there is no real reason for the spammer to be concerned
with whether the mail is properly targeted or not so a full on flood is
possible and the leads generated by this flood percentage wise have to
be many factors less than the percentage of success in snailmail.

It does not cost "very little" to recieve spam. At my real job (ie,
not seastrom.com), we're running a very nice (but expensive)
commercial product to filter this stuff, and in a given time quantum
during which we processed 1.9 million messages, spam and virii
accounted for about 600k (32% was the last number I saw from our stats
script). It's reasonable to assume, since some unwanted messages slip
through, that we're over a third of all email being UCE.

So we have a choice: pay for the (very nice but expensive) commercial
product, or add forty percent to our mail spool disk farm and extra
cpus and ram in the mail server farm to deal with the additional
influx. In the numbers we're talking about, bandwidth costs become
measurable too.

Spam is theft, plain and simple.

                                        ---Rob

It does not cost "very little" to recieve spam.

It costs the end-user very little to recieve spam.

At my real job (ie,
not seastrom.com), we're running a very nice (but expensive)
commercial product to filter this stuff, and in a given time quantum
during which we processed 1.9 million messages, spam and virii
accounted for about 600k (32% was the last number I saw from our stats
script). It's reasonable to assume, since some unwanted messages slip
through, that we're over a third of all email being UCE.

So we have a choice: pay for the (very nice but expensive) commercial
product, or add forty percent to our mail spool disk farm and extra
cpus and ram in the mail server farm to deal with the additional
influx. In the numbers we're talking about, bandwidth costs become
measurable too.

Whether we like it or not however, this is a cost of doing business now, and
is a normal part of determining your cost of goods sold (at least it *should*
be).

Spam is theft, plain and simple.

Spam is a reality that none of us, either alone or in concert, will ever be
able to eradicate. That makes the general gnashing of teeth == tilting at
windmills. Our time is probably the most expensive part of an ISPs "spam
cleanups" budget - automating a filter system (for those who specifically ask
for it, of course) via the purchase of services from Vixie or your favorite
equivalent is likely to be a reasonably inexpensive alternative to having us
spinning our wheels. <asbestos underwear in place ;->

<measl@mfn.org> writes:

> It does not cost "very little" to recieve spam.

It costs the end-user very little to recieve spam.

I'll echo Paul's comments about the cost of my time. In my case, a
half hour a day seems about right (compared to Paul's hour a day). I
suspect you may have a very different perception about the value of
your time than Paul and I have about the value of ours. I am sure
that we have customers whose time is worth a lot and whose time is
worth very little. Over half of our customers, however, are in
countries where there is a per-minute cost to being off-hook on a
dialup. They see a very direct cost to download spam, aside from the
human costs.

Whether we like it or not however, this is a cost of doing business now, and
is a normal part of determining your cost of goods sold (at least it *should*
be).

Counting inventory shrinkage costs as part of the cost of doing
business at a retail establishment does not change the fact that
shoplifting is a crime.

> Spam is theft, plain and simple.

Spam is a reality that none of us, either alone or in concert, will ever be
able to eradicate. That makes the general gnashing of teeth == tilting at
windmills.

Your position is noted.

Our time is probably the most expensive part of an ISPs "spam
cleanups" budget - automating a filter system (for those who specifically ask
for it, of course) via the purchase of services from Vixie or your favorite
equivalent is likely to be a reasonably inexpensive alternative to having us
spinning our wheels. <asbestos underwear in place ;->

You have incomplete information. That's all I'm going to say about it.

                                        ---Rob

Also sprach measl@mfn.org

It does not cost "very little" to recieve spam.

It costs the end-user very little to recieve spam.

[...]

Whether we like it or not however, this is a cost of doing business
now, and is a normal part of determining your cost of goods sold (at
least it *should* be).

COGS gets passed on (eventually) to the end-user, therefore (sorry,
can't make the 3 dots in a triangle symbol with ASCII), it does cost the
end-user to recieve spam. Those costs may not be *monetary* costs, the
industry typical dial-up access price ($19.95) really hasn't changed
over the years, but costs can be measured in other ways...lack of other
services that might have developed had ISPs not had to bear the brunt of
the cost of dealing with spam...for example. Cost (in time) of dealing
with the spam themself, cost of other services that the ISP provides may
have gone up (web hosting, available disk space, etc.). Costs of
development time of ISPs and other developers to develop tools to deal
with spam that might have been otherwise used to develop other cool
tools for the end-user. IgLou, for example, has put a lot of time and
effort into developing a service that we have called "Mailblock" who's
whole purpose is to block spam for customers (user various prepackaged
tools and pre-defined rules to block common spam characteristics, as
well as the ability for the end-user to define their own rules to block
spam that they personally are gettings, etc. all from a nice web-based
front-end). What sort of services would we have had time to develop if
we hadn't had to fart around building Mailblock? Who knows...but the
end-user not having whatever services that we might have come up with is
rightfully considered a cost.

The costs are there, period. They may not be monetary costs, but they
are costs, nonetheless.

Spam is a reality that none of us, either alone or in concert, will
ever be able to eradicate.

No, but, in concert, and in concert with legislative bodies, there is
the possibility that we can eventually put a serious dent into it and
either get the level of spamming back down to a more reasonable level,
or have mechanisms in place to where we can recover some of those costs
that are incurred (both as ISP's and as end-users).

No, we won't ever be able to get rid of all of it, and I wouldn't want
to as the steps that would have to be taken to do so would almost
assuredly result in abridging First Ammendment rights (for us 'murkin's
anyway), but curbing the rampant levels of spam that we're dealing with
now will be a benefit to all...*INCLUDING* legitimate mass mailers (ie,
people that are sending email to legitimate opt-in lists...few and far
between, I know, but they are out there)

automating a filter system (for those who specifically ask for it, of
course) via the purchase of services from Vixie or your favorite
equivalent is likely to be a reasonably inexpensive alternative to
having us spinning our wheels. <asbestos underwear in place ;->

In the short term, yes. And in the short term, ISPs such as us here at
IgLou, use those automated systems (such as our MailBlock) as
differentiation to draw customers to us. Long term, however, that's not
a solution.

<trollishly>

I'd like the costs quantified.. Servers and disks are expensive, but if
they handle a ten million messages during their lifetime, the amortized
cost PER MESSAGE is cheap.

How cheap is it?

I bullshitted about $.00022/message with
         Emails's are 10kb.
         $1/gig (bandwidth) and
         $10/gig (disk capacity, falsly assuming email is never deleted.)
         $0 (for the server, cause I can't guess within an order
             of magnitude.)

I bullshitted about $.00022/spam with
         Spams's are 10kb.
         $1/gig (bandwidth) and
         $10/gig (disk capacity, falsly assuming spam is never deleted.)
         $0 (for the server, cause I can't guess within an order
             of magnitude.)

What do you guess for the amortized cost/spam?

``A modern email infrastructure costing $XXX/day (amortized over 2 years)
can handle YYY messages, thus the average cost/message is $XXX/YYY.''

</trollishly>

I've not seen quantified numbers bandied about in the past NANOG
spam-flamewars, so maybe this isn't beating a dead horse.

I do find it amusing that nobody responded to my more relevant and
intended thrust, about how putting a 'sender pays receiver for email'
could cause a variety of new abuses of the email system.

Scott

Yo Scott!

Correct,

  The people that call in and say "Please delete my mailbox
as i can't download anything from it because my mail client freaks
out". that costs real $$$, since they want an 800# to dial, and
those support costs are not directly tangible to spam but it's
very complicated to add up.

  Most providers needed to build a custom mail system to get
past 30-50k users as you can't run that on one beefy system.

  You need to keep duplicates away, reliable delivery and
good responses for checking your mail.

  Then at this size you need to be integrated into your
billing system otherwise your required resources to manage
your isp grow very quickly.

  the costs of smtp() and pop3() are all related here. If you go
back 10 years ago, you did not need a dedicated abuse/security staff
to police your users. These are all intereleated.

  - jared

<trollishly>

What do you guess for the amortized cost/spam?

</trollishly>

a cost that you are forced to pay in order to enrich somebody else is
theft, no matter how microscopic the payment might be. "we all know what
(they) are, now we're just arguing about the price."

I do find it amusing that nobody responded to my more relevant and
intended thrust, about how putting a 'sender pays receiver for email'
could cause a variety of new abuses of the email system.

on the one hand, you're right that any micropayment system would have
to be very carefully thought out and even more carefully implemented,
lest it open the door to many and varied forms of microabuse.

on the other hand, that doesn't disprove the case, since even in your
example it would merely cause people to become a LOT more careful about
they mail they sent. that CAN'T be a bad thing.

bill washburn's XNS effort, while nowhere near ready for critical review,
shows some of the throught that needs to occur to make micropayments not
be a bad deal for one or both parties. www.xns.org has an overview and
www.onename.com goes so far as to say

  With an OneName solution, you control and manage all relevant
        identity data, with no need to involve a third party in your
        business relationships. You can customize authentication and
        permission structures for every business relationship and automate
        specific types of data exchange, both within and across the
        corporate firewall. These same permission structures provide an
        easy way for customers to provide consent for the usage of their
        personal data.

note that i'm not advocating the approach, but rather, holding it up as
one example of how personal messaging will have to work at "full scale."

*blink*

So far, other than Jared Mauch <jared@puck.Nether.net>'s calculation where
he neither confirmed nor disputed $.02/email, I've yet to see *one*
quantified per-message price bandied about..

Are you also unsure of the per-message costs of email? I'd thought I'd
find *someone* who could quantify a cost.... I certainly don't know and
I want enlightenment too!

I'm surprised you can't quantify the per-message costs either.

> I do find it amusing that nobody responded to my more relevant and
> intended thrust, about how putting a 'sender pays receiver for email'
> could cause a variety of new abuses of the email system.

on the one hand, you're right that any micropayment system would have
to be very carefully thought out and even more carefully implemented,
lest it open the door to many and varied forms of microabuse.

Leading to more subtle abuses...... or benefits?

Will we have arbitrage trading by sending email through an intermediary
for a lower fee.

Say, A charges $.03 email from B..
     A charges $.01 email from C..

C charges B $.025 per email and forwards it A. C spends $.005 in overhead
and keeps the $.010 difference as profit.

on the other hand, that doesn't disprove the case, since even in your
example it would merely cause people to become a LOT more careful about
they mail they sent. that CAN'T be a bad thing.

Apart from the balkanization of the lifeblood of the internet's
communication systes, there's things like viruses, worms, zombie
computers, etc.

There's also the transactional cost.. If a computer gets infected by a
worm, who pays for the email it sends out? Who pays for the argument of
who's responsible for the costs? Who's responsible for the tech support?

What if the user can't pay... Will ISP's have to insure themselves against
email worms? Will people with insecure email clients be subsidized by
those with more secure clients? Is that theft too?

bill washburn's XNS effort, while nowhere near ready for critical review,
shows some of the throught that needs to occur to make micropayments not
be a bad deal for one or both parties. www.xns.org has an overview and
www.onename.com goes so far as to say

Interesting.. Reading it over now. Thanks!

> <trollishly>
>
> What do you guess for the amortized cost/spam?
>
> </trollishly>

a cost that you are forced to pay in order to enrich somebody else is
theft, no matter how microscopic the payment might be. "we all know what
(they) are, now we're just arguing about the price."

Its a cost of doing business. Its like restrooms in restraunts, a
necessary evil. You can try to minimize the costs and stop abuse. But the
only way to avoid it is to leave the business entirely. Will you, like
Donald Knuth, be giving up your email address?

I'm still hoping somone out there can quantify those per-message costs of
email and spam.

Scott

"There will be a day when folks will need to pay to transit email"
(Paul Vixie, 1998).

Still working on that better mouse trap?

--Mitch
NetSide

a cost that you are forced to pay in order to enrich somebody else is
theft

i thought it was called 'taxes' :-)/2

Hello Randy ,

  Theft/Taxes nearly the same . JimL

Really? What's the difference?

Hello J.A. Terranson ,

*blink*

So far, other than Jared Mauch <jared@puck.Nether.net>'s calculation where
he neither confirmed nor disputed $.02/email, I've yet to see *one*
quantified per-message price bandied about..

Are you also unsure of the per-message costs of email? I'd thought I'd
find *someone* who could quantify a cost.... I certainly don't know and
I want enlightenment too!

I'm surprised you can't quantify the per-message costs either.

  Well, my system (puck.nether.net) only gets upgraded
about once every 1.5-2 years. It's not a pure e-mail server,
but let me give you an idea of my costs based on current replacement
cost:

  Operating System: $0
  machine:
    case $65
    disks $150 (aproximite cost today)
      (1x4g ide, 1x45g ide, 1x40g ide[7200rpm])
    cpu $100
    moterboard $100
    memory $250
    video, ethernet, etc.. $150
  --- cost: $815

  Now, i'll take a stab in the dark and say that I could
(if i wanted to) support 5000 users (mail) on this system
with no problems. I've processed 6153 e-mail messages today
with an average size of 5k for my current 186 users. (this
includes sending out mail for lists i host as well as delivery
to mailboxes of nanog and lists they are on).
  
  The system costs me (over 2 years) ~$1.116/day
  To instantly deliver one message would take 40Kb/s at an
estimated 8204 messages/day that doesn't count that much for overall
cost, but it is there. That's .09 msgs/sec average. Be sure to
scale this for your local site of course.

  So, lets scale this up:

  (assume Using 40g of disk for mail)

  So multiply by ~26.88 to take my 186 users up to 5k.

  That takes me to 2.55 messages/sec and 104Kb/s
constant bit rate. 104Kb/s @ $100/Mb= $10.4 in bandwidth costs.
(or ~$0.0000004/msg)

  If on average, my users fetch their mail once every two days
and fetch it all at that point, I'm looking at needing to store
~440k messages on disk, and on backup media also. (I'll leave
that cost out right now).

  Storage cost/msg = ~$0.000005 (system cost per day / 864000)/2.55

  Taking these two into account, it has a low cost/day/msg.

  I don't have any support staff. Add in a few (3) people @
65k/yr to answer phones for my 5k users that increases costs by $534/day
or $0.00242135/msg

  You can see where the real costs come in. By needing someone
to go in and clear out their mailboxes when there are problems, it
increases costs drastically. There are system costs, mine is very
cheap. If I were to price it more realistically with some scsi
disk, controller, etc.. the cost/msg goes up based on that.

  There are some obvious user-number bars that are
created when you require more than one system to handle mail. Assume
1 mail server per 10-15k users (depending on mail load) at
$1500/system (about double my costs, but serving 3x users) and you do
easily see where these costs/msg of the spammer start to hurt you.

>
> > I do find it amusing that nobody responded to my more relevant and
> > intended thrust, about how putting a 'sender pays receiver for email'
> > could cause a variety of new abuses of the email system.
>
> on the one hand, you're right that any micropayment system would have
> to be very carefully thought out and even more carefully implemented,
> lest it open the door to many and varied forms of microabuse.

Leading to more subtle abuses...... or benefits?

Will we have arbitrage trading by sending email through an intermediary
for a lower fee.

Say, A charges $.03 email from B..
     A charges $.01 email from C..

C charges B $.025 per email and forwards it A. C spends $.005 in overhead
and keeps the $.010 difference as profit.

  The billing PIC in your new backbone router? It'll tell the
difference between streaming video udp packets and voice to make
sure the various people get charged the correct long-distance rate
too?

> on the other hand, that doesn't disprove the case, since even in your
> example it would merely cause people to become a LOT more careful about
> they mail they sent. that CAN'T be a bad thing.

Apart from the balkanization of the lifeblood of the internet's
communication systes, there's things like viruses, worms, zombie
computers, etc.

There's also the transactional cost.. If a computer gets infected by a
worm, who pays for the email it sends out? Who pays for the argument of
who's responsible for the costs? Who's responsible for the tech support?

What if the user can't pay... Will ISP's have to insure themselves against
email worms? Will people with insecure email clients be subsidized by
those with more secure clients? Is that theft too?

  Communisim

> > Theft/Taxes nearly the same . JimL
> Really? What's the difference?
  I was giving the thief the benefit of doubt . JimL

http://www.gmu.edu/departments/economics/bcaplan/anarfaq.htm

See the part on "public goods" problem and Pareto optimality

--vadim

Well the costs you mentioned with aol seem high

Not when you consider how much time and money AOL has sunk into the
development of their mail system. They are the only company that has to
scale their operations to the size to which they scale, and I guarantee
you can't do what they do with off-the-shelf software.

Plus, you have to multiply costs out over *mumble* million users.

The case against spam probably should
be decided entirely on economics not on content issues.

Agreed, completely. Start dealing with content and you get into very murky
waters.

"There will be a day when folks will need to pay to transit email"
(Paul Vixie, 1998).

Still working on that better mouse trap?

well, other than that i wish i could charge _you_ for the spam i get
that's due to the several MAILTO:paul@vix.com's on your www.dotcomeon.com
site, no. it's not my mouse of choice.

So far, other than Jared Mauch <jared@puck.Nether.net>'s calculation where
he neither confirmed nor disputed $.02/email, I've yet to see *one*
quantified per-message price bandied about..

I didn't even try. As a matter of principle, I reject the possibility that
others ought to be allowed to shift their "cost of goods sold" to me without
my permission. And as a matter of scale, spam is something that everyone
on the net can't do -- and I'm not interested in learning the equilibrium
where adding one more spammer would not increase the total profitability of
spam because noone anywhere can stand the stench of their own inbox any more.

Are you also unsure of the per-message costs of email? I'd thought I'd
find *someone* who could quantify a cost.... I certainly don't know and
I want enlightenment too!

I'm surprised you can't quantify the per-message costs either.

Because it makes no difference to the argument at hand, I just don't care.
I'll pay whatever it costs to make personal messaging work for me. I will
not sit quietly and have stolen from me what it costs to make spam work for
others. The amount does not matter unless it's provably zero.

> on the other hand, that doesn't disprove the case, since even in your
> example it would merely cause people to become a LOT more careful about
> they mail they sent. that CAN'T be a bad thing.

Apart from the balkanization of the lifeblood of the internet's
communication systes, there's things like viruses, worms, zombie
computers, etc.

Then, folks will be more careful about what mail client they use, right?

There's also the transactional cost.. If a computer gets infected by a
worm, who pays for the email it sends out? Who pays for the argument of
who's responsible for the costs? Who's responsible for the tech support?

Then, folks will be more careful about what mail client they use, right?

What if the user can't pay... Will ISP's have to insure themselves against
email worms? Will people with insecure email clients be subsidized by
those with more secure clients? Is that theft too?

Then, folks will be more careful about what mail client they use, right?

But the only way to avoid it is to leave the business entirely. Will you,
like Donald Knuth, be giving up your email address?

Once there's a way to provably know that the sender agrees to my terms (which
includes forfeiting a guaranteed bond if they send mail in violation of those
terms) then I'll be giving up SMTP as it exists today, yes.

(Sort of like I had to give up TELNET, and for very similar reasons.)

I'm still hoping somone out there can quantify those per-message costs of
email and spam.

Don't hole your breath while you wait, you could turn blue. Because unless
the costs are provably zero or unless you intend to pay those costs for the
rest of us, then the costs only matter when proving damages against spammers
in court. Spam will still be unilateral cost shifting ("theft") no matter
what number you calculate.