Sunday, September 16, 2012

The End of Spam

Somehow, without my being aware of any process by which I had signed for it, I have for over a year been on the receiving end of a deluge of emails on Home Campus from an outfit calling itself “Reader Supported News.”

They fill my world with spam, most of it just links to current events with something desperately provocative in the subject line.  “Read me!” they shout.  But to be honest I don’t have time to deal with the things that actually interest me, let alone random things that some pushy electronic intruder feels I should see.  Life is too short as it is.

So I generally delete them out of hand, unread, along with the pile of email I get from Governor Teabagger’s office (another source of spam that I don’t recall signing up for – perhaps a friend entered my name as a prank?), the updates from a number of organizations I do not belong to and never have and wouldn’t if paid to do so, and anything that happens to be sent from a particular colleague who behaved in a seriously unprofessional and offensive manner toward me last year.  Apparently you cannot block internal email addresses on Home Campus, so I have to delete that last category manually.

I suppose I could block the Reader Supported News, now that I think of it.  And the Governor.  So perhaps the day is not entirely wasted.

From what I have been able to deduce, most of the people on RSN’s spam list are on my side.  I say this because for the last week or so I have been getting a couple of emails a day with a subject line plaintively complaining about how the name of the service has become unintentionally ironic, although they don’t phrase it quite that way.  However they say it, though, it is clear that while they are still repackaging the news and sending it out to the unsuspecting, most of it is not actually being read and still less of it is being supported.

Irony, thy name is spam.  Or vice verse.

I think the point of these recent complaints is that they’re trying to threaten me with a cessation of these emails should my support not be forthcoming.  This is roughly the equivalent of Kim threatening me with a long romantic weekend if I don’t get the basement cleaned.  Trust me – the basement will not be cleaned under those circumstances.  And they can just as well cease sending me those emails for all the good their sad complaints are doing.

Unless they’re threatening to double their output if I don’t donate.  It’s hard to tell, not reading the messages.

I think spam email has run its course.  The really clever cybercriminals and con artists have moved on to other outlets for their efforts, and spam has become the province of the B-team.

I’m still watching the RSN messages come in, though, mostly out of morbid curiosity as to how long it will last before they give up.

You take your entertainment where you can find it these days.


John the Scientist said...

I don't think spam email has run its course because it's now the B team running the show. The B team doesn't have to skills to do anything else, so they'll keep doing things the smae way hoping to get a different result.

I also saw an analysis of why the tactics in spam email have not changed when so many people are on to the scams. The idea is that crudity of the approach is a sort of filter. Anyone bright enough to already know about the scams likely would not be folllow through even on more sophisticated scams because their radar is now primed for touble. It's the inexperienced, gullible and stupid who are wanted by the con artists, and most of those people aren't clued in to even the crude stuff, so the only people who respond to the old school spam are self-selected to be the ideal marks. It's an elegant solution to the filtering problem arrived at by stochastic means.

What I think you'll see is that, though the heyday of spam traffic is past, a certain low number of clueless noobs are added to the Net each day, so we could even calculate the expected rate of spam the same way you calculate steady state salt concetrations in the classic 2-stream input salt tank problems they teach in intro Differential Equations - we will hit some low level steady state of the old school spam, and things will never get below that level.

Eric said...

Regrettably, I don't think the heyday of spam will ever be done. The bottom line is that the cost/return ratio is so absurd, there's no incentive to stop.

Indeed, there's no reason for the A-team to quit. First, because the process can be so extensively automated, there's little to keep the A-team from keeping the spam lines cast while they devote themselves to other outlets if they really want to, and second because the cost/return is so absurd there isn't necessarily a reason to turn their attention to other projects anyway.

What does it cost a Russian spam king to run a spam server? His initial outlays are in the neighborhood of a couple thousand (tops) and then he has a monthly power bill, a few minutes of his time reeling a fish in if it bites. He puts in pennies and one big fish might toss him tens of thousands.

A Nigerian 419er scammer has hardly more trouble. He maybe has a laptop (a couple hundred dollars) and an e-mail list and an "autodialing" program (not sure what those are running, though one hears about the software and e-mail lists periodically showing up for free on hacker sites, assuming the spammer isn't writing his own software); he goes down to a cybercafe and pays for an espresso and possibly the wireless. While the machine does the dirty work in the background, he spends the afternoon doing what a lot of us would consider a Sunday afternoon: coffee and websurfing (poor guy, rough job, that). One person bites and sends him, oh, say five grand before they get wise; hell, they send him a mere hundred before they wake up--how many investments can you think of where you put in the cost of an espresso and get back a hundred bucks?

To paraphrase the old song: that ain't workin', get your money for nothin' and your chicks for free.

I go through all this because, and I hope this doesn't sound harsh, I think the flaw in your analysis, David, and in John's, is that you both overlook just how little effort these guys actually have to put into sending out fifty million e-mails. At which a tenth of a percent response rate is, what, 50,000 replies if I moved the decimal far enough left? And I doubt the numbers are quite that good, but I'm just tossing them out for perspective, right?

The reason you'll see things ebb and flow isn't because the A-team will quit and be replaced by the B-team. You will see ebb and flow because there's an old school Darwinian arms race between spammers on the one side and anti-spammers (IT, law enforcement, etc.) on the other. So your spam filter is going to get better and your spam intake's going to drop to a trickle until some enterprising and clever lad comes up with a surefire workaround and posts it to a message board (or maybe he tries selling for it, which slows down the spread through the criminal community). And then the antispammers have to work up a new and improved filter. Or you get a legal crackdown that takes a bunch of spammers offline for awhile, but they're either replaced or they eventually get out of jail and figure the slim and rare chance of being caught is a small cost compared to the net gains and anyway it's what they know how to do. In any case, it's ultimately a losing battle for the antispam side, I think, because the best cures all tend to kill the patient (e.g. increasingly unreadable captchas, spam filters that make e-mail unusable, etc.).

TimBo said...

The spam sender's need a little bit more sophistication than what Eric represents. Now a days the spammers depend on a bot network to send their e-mails rather than a single server that easy to find and block. It takes a lot of work to setup and more work to shut down the better ones. Nonetheless the return is amazing.

Of course there are more sophisticated scams in the works as well. For instance scams which mirror your bank's log in screen and grab your card and passwords for instance. Ones that try to get your PayPal information are popular. These sorts of things go after more sophisticated internet users.

Dave: Your e-mail program probably allows you to setup filters that would automatically send your evil acquaintance's messages directly to the trash.

Eric said...

Fair enough on my simplification!

David said...

I'm guessing the economic analyses here are on target, but I miss the days when the spammers were really trying.

Somewhere on my computer (what I named it I can't guess, since I can't find it) is a document that I compiled from spammer names, back when they thought they needed to grab your attention that way. It had an onboard dictionary and was programed to insert return address names as [Long Goofy Word] [Middle Initial] [Long Goofy Word].

I loved getting emails from Inoculation P. Phrasing and Dromedary R. Curlicue.


And Tim, my email program won't allow me to filter in-house emails. It assumes that any legitimately registered user of the Home Campus system (which he is) is someone I must hear from. Believe me, I've tried.