North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: MS's new antispam idea

  • From: Richard A Steenbergen
  • Date: Sat Dec 27 14:32:24 2003

On Fri, Dec 26, 2003 at 09:28:38PM -0800, Owen DeLong wrote:
> It's an interesting concept... Now spammers will use a noticeable portion of
> the CPU on the boxes they've hijacked, instead of the currently virtually
> unnoticable portion of the resources, so, in that sense, it might help 
> identify
> the owned boxes to their true owners.

Me thinks you overestimate the coding quality of ANY commonly available
program which deals to millions of sockets, and there is no reason
spammers wouldn't be included. CPU is the only thing bounding the problem
at "bad", instead of "insane".

How much pipe do you think a new high end system can fill by sending out
relatively short messages to millions of sockets, even with halfway decent
code, by the time it finishes doing MX resolutions, the 3-way handshake,
deals with unreachable or otherwise dead or blocked servers which don't
send an RST, and handles all this concurrently? I'd put the number
somewhere around 5Mbps, and this doesn't even touch people throwing
together perl scripts, or who can't write asynchronous code and just throw
threads at the problem.

But to quote a line from the article:

> "One of the fundamental problems with spam is that it costs nothing to 
> send, but has associated costs for the recipient which include loss of 
> bandwidth, problems with usage, and lost productivity," he said. 

This is absolute nonsense. It costs the spammers the sum total of what it
costs all the recipients, and probably more. Yes there are some people who
abuse open relays, a dial account they were already paying for, or a
hacked box, but what percentage of the spams do you think these account

Spamhaus says 10%, though that does sound like a number they just pulled
out of their ass. :)

Spammers pay the same way that receivers do, except without the luxury of 
dealing with only one millionth of the load. These don't apply to every 
situation obviously, but just off the top of my head we have:

* Cost of commercial outbound bandwidth vs residential inbound bandwidth
* Cost of the systems which send the e-mails, be they rented or purchased
* Cost in money and time changing providers constantly
* Cost of paying providers large sums of money far over market rate to stay
* Cost in money and time to obtain e-mail lists
* Cost in money and time to receive and sort bounces, and prune dead emails
* Cost in money and time to continue to operate the site being advertised
* Cost in money and time to deal with thousands of angry calls/emails if
  they try to keep the LOOK of legitimacy by claiming they don't spam

Obviously these are very real costs, of the exact same legitimacy as the
receivers "costs". Yes spam is a cheaper way to reach millions than other 
advertising methods like direct mailing, but that doesn't mean that it is 

The point here is that spam is used, not because it is free, but because
it WORKS as an advertising method. If you sell a $50 product (like say
software, or a subscription to a porn site, or even some $0.10 penis
growth sugar pills), and you spam 100 million email addresses at a cost of
$5000, and if even 0.01% of the people click the link and buy the product,
you've just netted $495,000. As long as it is making people that kind of 
money, there will be sufficient reason to find a way to get around these 
poorly thought out ideas of Microsoft.

P.S. Are there any MTA hacks which keep the socket of messages identified
as spam tied up as long as possible? I haven't seen them, but it seems
like a good idea.

Richard A Steenbergen <[email protected]>
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)