Spammers only make about $200 million a year, yet they cost
everybody else around $20 billion a year, for
an externality cost 100 times spam income.
That turns out to be higher externality than stealing cars.
What can we do about that?
Alexis C. Madrigal wrote for The Atlantic 7 August 2012,
All the Spammers in the World May Only Make $200 Million a Year
Now, in a new paper in the Journal of Economic Perspectives, Justin
Rao of Microsoft and David Reiley of Google (who met working at
Yahoo) have teamed up to estimate the cost of spam to society
relative to its worldwide revenues. The societal price tag comes to
$20 billion. The revenue? A mere $200 million. As they note, that
means that the “‘externality ratio’ of external costs to internal
benefits for spam is around 100:1. Spammers are dumping a lot on
society and reaping fairly little in return.” In case it’s not
clear, this is a suboptimal situation.
Many activities impose costs on society that are not “internalized”
by the firms or individuals. Air and water pollution are the
paradigmatic examples. You get to drive your car around emitting
particulates and various other smog-causing molecules that increase
the cost of treating asthma and other illnesses for other people by
a tiny bit.
Spam has a remarkably high externality ratio, not just relative to
driving an automobile, but stealing one, too. Here’s a chart that
Rao and Reiley include in their paper, which just looks at the
direct costs of spam to end users (which they estimate at $14-$18
The article examines those costs more, and then gets to the point:
So what’s the way forward? The researchers gloss a variety of
techniques like “attention bonds,” in which you’d be paid some tiny
amount (say, $0.05) for reading unsolicited emails, and government
interventions. But their preferred solution is to find ways to raise
the cost of business for spammers, so that their campaigns become
“We advocate supplementing current technological anti-spam efforts
with lower-level economic interventions at key choke points in the
spam supply chain, such as legal intervention in payment processing,
or even spam-the-spammers tactics,” they conclude. “By raising spam
merchants’ operating costs, such countermeasures could cause many
campaigns no longer to be profitable at the current marginal price
of $20-50 per million emails.”
Interesting ideas, but legal intervention requires dealing with
multiple legal regimes throughout the world,
while spammers can shift from a botnet in one regime
to another elsewhere, as just demonstrated by
the Grum botnet takedown
being followed by
a huge surge in spam from Festi botnet
even when one infested organization (TTNET) ejected Festi,
moved to another (KOCNET).
Grum botnet is staging a comeback.
I would argue the first thing to do is to make it more obvious
which organizations are infested by what, when, and where,
as in for example
Reputation alone may then
cause the infested organizations themselves to take action.
At the least, long experience indicates that if nobody knows about such
infestations, the infested organizations will not try to stop
outbound spam, which they also consider an externality.