Spamming is based on statistics. At X positive responses per million, an
income of $P per positive response and a reasonably low cost per million
emails sent, their income is effectively based on the number of spams they can
send out (we all know that). The current model of spam-fighting has been
to increase the cost of sending spam. Unfortunately, that's mostly
only increased the fixed costs for sending spam. Since most of the
per-message costs of sending spam come from the cost
of bandwidth, this simply forces spammers to increase their volume of
spam until gross profits exceed fixed costs (i.e. contrary to our
What we need to do now (and what we should have been doing all along)
is raising the cost per email to the spammers by raising the variable cost
of processing the responses
In the last few years, the spamming industry has managed to raise
the signal-to-noise ratio of my email from less than 1% to well over 90%.
This ignores mailing list emails that are easily filterable and leaves
spam competing against the ad-hoc emails that (for me) are generally
among the most valued. This raises the very real risk of throwing out some
of my most valued emails having mistaken them for one of the least-valued.
(Yes, I use spamassassin and Mozilla's mail filters. The 300 spams are
mostly filtered by them, but I still have to worry about false positives).
Spamming is based on statistics. It's workability is also based on
the presumption that was, until recently, valid for email -- that
communications have a good signal-to-noise ratio.
More specifically, spamming is dependent on the presumption that
99.99% of spams that get tossed out are simply
and silently tossed out. However: what would happen if instead of silently
ignoring all of the spam we received, we simply chose a very small
percentage to respond to with red-herring data?
Pretty simple -- they'd have the same problem that SPAM causes with E-Mail ...
a bad signal-to-noise ratio. If the success rate on calls for people
interested in mortage renewals fall below 1%, mortage companies currently
buying from spam clearing houses might as well turn back to cold calling.
Note that I distinguish this from previous suggestions to
DOS spam sources. A DOS (even a small one) is immoral, if not illegal. In most cases it's against your ISP's TOS. Posting random data is more like a registration of disgust. Innocent (or zombified) servers are not burried under a bandwidth, and it's only an inconvenience to someone if thousands of people independently conclude that a piece of email constitutes SPAM.
Current intelligence indicates that most of the spam we receive comes from
a small band of virulent spammers -- perhaps a few hundred of them. If every
member of this community were to respond to one spam per day with
red-herring data, then each spammer would be inundated with thousands
of false responses which they would have to filter for the handful of true
positives. My guess is that spammers would start to drop like flies, and this
would result in a concentration of our daily response on the few remaining spammers.
The number of false positives received by each spammer would quickly rise in an
almost geometric progression. With them would rise the per-spammer costs.
The nice thing about this system is that it feeds off of the intrinsic
power of the Internet. It is entirely distributed, and self-limiting. There
is no AOL administrator randomly determining that your innocent query is
a spam and cutting off your account. There is no spamhaus to DOS into oblivion.
If somebody sends off a legitimate bulk email and accidentally includes me, there's currently
less than a 1% chance that I'll respond with false data. If somebody
sends off a 'legitimate' email to 10 million people without doing due
diligence to ensure that their recipients really are going to
want to hear from them ...... that's their problem.
There's not even the worry that we're becoming spammers ourselves...
Nobody could seriously call following a single link in a recieved email
harassment. On the other hand, there is suddenly a per-spam cost to
email... The spammer with the most outgoing spam is now also going
to get the most incomming garbage.
My last point here is that we must remain diligent. If this process
works, then we must continue it even after SPAM has ceased to be the level
of scourge that it is now. It must continue even when the
level of spam is down to one per day, because -- on that day -- the one
remaining spammer will doggedly send out 10million emails and find himself
filtering through 750,000 false positives.
After that, blessed silence.