Spam: The problems with junk e-mail
We all get junk mail at home. It's an accepted fact of life, at least in the U.S. So why is Unsolicited Commercial Email (UCE) - a/k/a "spam" or "junk email" - a problem?

To understand the problem of UCE, you must first understand what is most often advertised via UCE. There are many places on the Internet where copies of UCE are reposted by recipients and system administrators in order to help notify the Internet community about where UCE is originating. Surveying mailing lists like SPAM-L@EVA.DC.LSOFT.COM and USENET newsgroups in the* hierarchy, you will see that there are very few reputable marketers using UCE to advertise goods and services. To the contrary, the most commonly seen UCEs advertise:

- Chain letters
- Pyramid schemes (including Multilevel Marketing, or MLM)
- Other "Get Rich Quick" or "Make Money Fast" (MMF) schemes
- Offers of phone sex lines and ads for pornographic web sites
- Offers of software for collecting e-mail addresses and sending UCE
- Offers of bulk e-mailing services for sending UCE
- Stock offerings for unknown start-up corporations
- Quack health products and remedies
- Illegally pirated software ("Warez")

So why is this such a problem?

Cost-Shifting. Sending bulk email is amazingly cheap. With a 28.8 dialup connection and a PC, a spammer can send hundreds of thousands of messages per hour. Sounds great, huh? Well, it is for the spammer. However, every person receiving the spam must help pay the costs of dealing with it. And the costs for the recipients are much greater than the costs of the sender.

Some junk emailers say, "Just hit the Delete key!" Unfortunately, the problem is much bigger than the time and effort of one person deleting a couple of emails. There are many different places along the process of transmitting and delivering email where costs are incurred. In the Internet world, "time" equals many different things besides the hourly rate that many people are still charged.

For example, for an Internet Service Provider, "time" includes the load on the processor in their mail servers; "CPU time" is a precious commodity and processor performance is a critical issue for ISPs. When their CPUs are tied up processing spam, it creates a drag on all of the mail in that queue -- wanted and unwanted alike. This is also a problem with "filtering" schemes; filtering email consumes vast amounts of CPU time and is the primary reason most ISPs cannot implement it as a strategy for eliminating junk email.

The problem is also compounded by the fact that ISPs purchase bandwidth -- their connection to the rest of the Internet -- based on their projected usage by their prospective user base. For most small to mid-sized ISPs, bandwidth costs are among one of the greatest portions of their budget and contributes to the reason why many ISPs have a tiny profit margin. Without junk email, greater consumption of bandwidth would normally track with increased numbers of customers. However, when an outside entity (e.g., the junk emailer) begins to consume an ISP's bandwidth, the ISP has few choices: 1) let the paying customers cope with slower internet access, 2) eat the costs of increasing bandwidth, or 3) raise rates. In short, the recipients are still forced to bear costs that the advertiser has avoided.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th