Using Uncensored Communication Channels to Divert Spam Traffic

Using Uncensoed Communication Channels to Divet Spam Taffic Benjamin Chiao and Jeffey MacKie-Mason 8/31/06 {bchiao, jmm}@umich.edu Abstact We offe a micoeconomic model of the maket fo bulk commecial advetising email (the dominant fom of spam). We adopt an incentive-centeed design appoach to develop a simple, feasible impovement to the cuent email system: an uncensoed communication channel. Such a channel could be an email folde o account, to which popely tagged commecial solicitations ae outed. We chaacteize the cicumstances unde which spammes would voluntaily move much of thei spam into the open channel, leaving the taditional email channel dominated by peson-to-peson, non-spam mail. Ou method follows fom obseving that thee is a eal demand fo unsolicited commecial email, so that eveyone can be made bette off if a channel is povided fo spammes to meet spam-demandes. As a bonus, the absence of filteing in an open channel estoes to advetises the incentive to make messages tuthful, athe than to disguise them to avoid filtes. We show show that all email ecipients ae bette off when an open channel is intoduced. Only ecipients wanting spam will use the open channel enjoying the less disguised messages, and fo all ecipients the satisfaction associated with desiable mail eceived inceases, and dissatisfaction associated with undesiable eceived and desiable mail filteed out deceases. We appeciate comments fom Nat Bulkley, Nick Economides, Michael Hess, Pete Honeyman, Doug Van Houweling, the membes of the Incentive-Centeed Design Lab (especially Geg Gamette, Lian Jian, Kil-Sang Kim, John Lin, Anya Osepayshvili, Toinu Reeves, Ben Steans, and Rick Wash), and paticipants at the STIET wokshop in May 2006. We gatefully acknowledge financial suppot fom the NET Institute and fom NSF gants IIS-0414710 and IGERT-0114368. School of Infomation, Univ. of Michigan, Ann Abo, MI 48109 Dept. of Economics, and School of Infomation, Univ. of Michigan, Ann Abo, MI 48109 1

1 Intoduction We all eceive spam; we all esent it. Justice Potte Stewat, wee he alive, would know it when he saw it. Nonetheless, it is had to find a consensus definition of spam. Some want to include all unsolicited commecial email; othes include unsolicited bulk email; othes distinguish between deceptive, infomative o malicious email. We should not be supised, then, that it is also had to find systematic analyses of the spam poblem, when thee ae so many notions of what spam is. Ou modest goal is to identify a paticula (but pevalent) subspecies of spam, analyze its ecology, and popose a mechanism that may incease substantially the social welfae by modifying the flows of this type of spam. Ou immodest goal is to lay goundwok fo systematic modeling of spam, and the consequent development of solutions that ae effective because they addess systematic featues of the poblem. We limit ou consideation to spam defined as bulk, unsolicited, commecial email; that is, effectively identical messages sent unsolicited to lage numbes of ecipients with the goal of inducing a willing, mutuallybeneficial puchase by the ecipient. With this definition (we will call it spam fo convenience, but it s meely one subspecies) we ule out malicious bulk unsolicited email (e.g., email caying a vius payload); and we ule out deceptive email (e.g., phishing messages that attempt to tick ecipients into evealing valuable pesonal infomation such as bank passwods). Defined as we have done, commecial spam is an instance of a diffeentlynamed, well-known phenomenon: advetising. Using the less-pejoative monike email advetising might give us a good stat on a thoughtful, systematic consideation; cetainly, it might help us ecognize that at least this type of spam is not pe se evil o moally deficient (though, as with any advetising, some population subgoups might conclude that the poducts advetised might fail that goup s moality test). Nonetheless, we will use commecial spam o just spam fo shot, because we elish the poweful affective esponse the tem eceives, and the oppotunity to punctue the pejoative bubble it engendes. To develop a systematic analysis of (non-deceptive, non-malicious) commecial spam, we need gounding pinciples. We find that supising insights follow fom adopting just two familia, simple economic pinciples: Revealed pefeence Thee is a non-tivial demand fo the eceipt of spam email. Rational choice Spam puveyos will send spam messages to whomeve, 2

wheeve, wheneve, as long as the expected benefits exceed the expected costs. We expect that only the fist pinciple will aise many eyebows at fist, but we find that the second pinciple consistently has been halfignoed in most pio liteatue on the spam poblem. Fist, demand. Spam is not costless to geneate o delive, despite casual claims to the contay. It is tue that eplication and tanspot costs ae extemely low, compaed to non-digital advetising channels. But thee ae a numbe of othe costs: maketing and contacting costs with advetises, content ceation costs, content disguising costs (to get past technological filtes), distibution technology costs (most spam is now sent out by vius-ceated spambots unning on many machines not owned by the spam povide; these botnets need to be continuously egeneated, which equies developing new viuses to distibute, among othe things). Thee may also be the cost of expected legal penalties. Given the non-zeo costs of poviding a spamming sevice, and the fact that we ae limiting ouselves to commecial spam, fom which the benefit to the sende is the inducement of willing puchases by ecipients, we must conclude the following: by evealed pefeence, thee is a nontivial demand fo the eceipt of spam email. Some consenting adults must be puchasing enough fake Viaga and Rolex knock-offs to pay the spamme s costs. Casual evidence is consistent with ou claim that thee is non-tivial demand fo much spam: the lagest faction of spam content is commecial advetising fo poducts had to find though othe advetising channels [Cano and LaMacchia, 1998]. We efe to these as censoed commecial solicitations, though the censoing is not always explicit o govenment-suppoted. Explicitly censoed examples include ads fo non-pesciption povides of egulated dugs, o fo povides of knock-off poducts that intentionally violate copyights o tademaks of well-known bands. An example that, while not govenment censoed, may have eason to avoid othe advetising channels (o may not be accepted by othe channels) is (legal) ponogaphy. Sophos [2005] finds that this patten continues; fo example, in 2005 medication spam constitutes aound 40% of all spam, and adult content fo anothe 10-20%. Evett [2006] estimates that poduct spam constitutes aound 25% of all spam, and adult content fo anothe 19% 1. Recognizing that some ecipients want to ead spam, while many othes evidently do not, we immediately see that one oppotunity fo 1 Evett [2006] compiles the statistics fom souces including Google, Bightmail, Jupite Reseach, emakete, Gatne, MailShell, Hais Inteactive, and Feis Reseach. 3

social welfae impovement is to find a way to match commecial spam to those who want it, and not to those who do not. The latte email eades would benefit, and spam sendes would also benefit by not incuing the costs of sending to people who will not want to puchase. As a coollay, we expect the willing ecipients of commecial spam to benefit as well: if spammes can find a way to send to those who ae inteested in eceiving the advetisements, then they can educe thei costs and incease the infomation content and quality in thei ads, to the benefit of those who want the commecial infomation. Conside: Yellow Pages ae a faily successful bulk advetising medium because its ads ae geneally viewed only by those who want to see them, and the advetises have the incentive to make the ads clea and infomative, giving the viewes the infomation they desie. Spammes in contast incu substantial costs to disguise the infomation in thei ads so that filtes cannot easily emove the ads fom the email steam. But then the eades who do want the infomation so they can make a puchase ae confonted with uninfomative, low-value ads. The second pinciple we offe as a foundation fo systematic analysis of the spam ecology is that spammes ae fo the most pat ational businesspeople, and they will send ads when the net benefit to them exceeds the net cost. What insight do we obtain fom this unsupising obsevation? 2 We answe, fist, indiectly: most othe authos addessing spam have focused on poposals to aise the cost of spamming as a way of educing the amount of spam poduced. This appoach is pincipled, but incomplete. An equivalent eduction in the benefits of spamming should have the same incentive effect. If spam wee flood wates, the existing solutions ae in the spiit of building stonge levees to aise the ive banks, instead of diveting the flood wates using a floodway. We build on these two pinciples to constuct a model fo commecial spam that includes advetises, spam sevice povides, email sevice povides and mail ecipients who have heteogeneous tastes fo eceiving spam. 3 See Figue 1. We then intoduce a simple but novel mechanism motivated by the two pinciples above: an uncensoed communication channel though which commecial spam will be accepted without filteing o othe attempts to block. Such a channel could be as simple as a standadized mail client folde that would accept all appopiately 2 We know, of couse, that not evey decision, in evey cicumstance, satisfies a test fo decision-theoetic ationality. We only equie that costly business decisions in geneal follow fom easonable compaisons of benefits to costs. 3 In ou cuent model we focus on the pefeences and behavios of spammes and ecipients; we use educed-fom, non-adaptive epesentations fo advetises and email sevice povides. 4

Fig.2 Stakeholde in an Email Ecosystem incu c pay p 1 Sendes Email Sevice Povides pass thu pay p 2 fo puchases Good & Sevices Povides Uses Viaga, ebay, IBM Email Clients Seve Filtes make type 1 & 2 eos Client Filtes make type 1 & 2 eos pass thu Figue 1: Stakeholdes in an e-mail ecosystem. labeled messages. See Figue 2. Ou conjectue is that if well-designed, then unde some cicumstances the intoduction of an uncensoed channel could esult in substantial self-segegation by spammes, with email advetisements mostly tageted at spam boxes, and much less at the taditional (censoed) channel. See Figue 3. 4 Thee should be little dispute that if uses could implicitly opt-in fo commecial spam by ceating an open spam box, the spammes would send mail to that channel. But why would they stop sending to the censoed channel? Ou conjectue is that if enough of the latent demand fo puchasing spam-advetised poducts is eached though the uncensoed spam box channel, then the emaining commecial benefits obtainable fom also spamming the taditional censoed channel may fall sufficiently low that they no longe justify the incemental costs. 4 One might ague that the Wold Wide Web is close to an uncensoed channel. If so, why doesn t the Web satisfy the demand fo advetising? One obvious eason is that some o many of the poducts using commecial spam advetising do not want a duable, public pesence. If they ae moving thei web site to new domains fequently, they need a communication channel though which to disseminate each new, tempoay location. Indeed, we obseve cases in which the links fo some domains selling medications expied in Google s index well befoe Google got a chance to enew the links. MessageLabs (2005) shows that about 30% of spam domains expie within 24 hous. Moe geneally, we expect thee to always be significant demand fo push advetising in addition to pull (seach-based) advetising, as evidenced by the multiple media fo advetising that co-exist in equilibium (Yellow Pages, local newspapes, billboads, boadcast TV and adio ads, bulk unsolicited commecial suface mail ads, etc.). 5

Fig.1 A Hypothetical Open Channel Figue 2: An hypothetical open channel. Fig.3 Sepaating the Demand fo and Supply of Censoed Content Sendes Email Sevice Povides Good & Sevices Povides ebay, IBM Seve Filtes Good & Sevices Povides Viaga Uses Uses Client Filtes Email Clients Sendes Email Sevice Povides Figue 3: Sepaating the demand fo and supply of unsolicited commecial advetising. 6

Thee is anothe eason fo spammes to keep sending to the taditional censoed channel: pesuasion. We ae assuming that ecipients know if they want to peiodically puchased based on spam advetisements, and thus can make an ex ante ational choice about which channel to ead. This situation is known in the liteatue as infomative advetising: consumes know they want infomation (pice, location, etc.) about paticula poducts, and seek out infomative advetising to obtain the infomation they need. But thee is anothe categoy: pesuasive advetising, intended to convince consumes to buy poducts they peviously did not ealize they wanted. Since these ads ae aimed at consumes who might geneally opt out of the open channel, it would do little good to send them to the open channel (which these peviously uninteested customes shun), so the pesuasive advetise will geneally go to whee the unpesuaded ae (the censoed channel). Recall also, that if spammes do choose to taget the open channel, then we expect that they will also stop dissipating esouces on unpoductive effots to disguise the infomative content of thei messages. Then those who wish to eceive email advetisements will benefit fom the highe quality (infomativeness). This incease in infomativeness, in tun, likely would induce a lage numbe of consumes to want to eceive commecial spam. We constuct a model so that we may fomally identify conditions unde which the conjectues above hold tue (and conditions unde which they do not). Ou main esults ae to chaacteize the degee to which spam will be shifted to the open channel, and to demonstate that all paties benefit fom the intoduction of an open channel, so that it constitutes a Paeto impovement. 2 Pio appoaches to spam To date, most eseach focuses on educing spam geneally, usually though policy, technical o maket mechanisms that aise the cost of sending spam. Befoe we detail ou model of a mechanism that divets spam to those who want it, and away fom those who don t, we eview othe appoaches. 2.1 Technological Technological solutions have gained some patial success but the esults ae fa fom satisfactoy even though they have been implemented fo some time. The poposals include ule-based, Bayesian, and community ( collaboative ) filteing, disposable identities using extended email addesses [Bleichenbache et al., 1998], DomainKeys Identified Mail [Peez, 2005], Sende ID o Sende Policy Famewok [Cocke, 7

2006] 5, challenge-esponse [Dwok and Nao, 1993, Lauie and Clayton, 2004], whitelists, and blacklists. See Cano and LaMacchia [1998] fo an oveview. Thee is a fundamental poblem with technological systems: they typically ely on the cost to spammes of devising technological wokaounds. If the cost is high enough, the net benefit of spamming will be insufficient and the quantity of successful (deliveed) spam will fall. Howeve, the costs of technological wokaounds falls apidly, as technology becomes exponentially cheape and as algoithmic solutions to had computational poblems apidly impove. Thus, as the wokaound cost falls, the technological baie becomes less effective and spam deliveed inceases. This fundamental cost dynamic ceates a need fo ongoing investment to ceate impoved anti-spam technologies. While an ams ace may not be the fist-best solution, we have not seem feasible methods to avoid this cycle, given the inevitable and apid decline in technology costs. 2.2 Legal Legal ules ae anothe appoach to spam eduction. The U.S. CAN- SPAM act equied a fomal ecommendation fom the Fedeal Tade Commission egading the establishment of a do-not-spam egisty simila in the spiit of the do-not-call and do-not-fax egisties ceated pusuant to the Telephone Consume Potection Act of 1991. Although The FTC ecommended against the ceation of the list, othe CAN-SPAM ules took effect 1 Januay 2004. Howeve, legal solutions alone ae, and likely will emain incomplete. Fist, to avoid pohibiting desiable email communications, legal ules geneally include safe habo povisions guaanteeing the pemissibility of email exhibiting cetain chaacteistics. It is geneally difficult o impossible to pevent spammes fom composing thei messages so that they exhibit these chaacteistics, thus ceating a safe habo fo a lage and pobably gowing quantity of spam. Second, legal juisdiction ove spam-distibuting oganizations is a cucial poblem: spammes can easily change thei locations to othe counties. 2.3 Makets Some poposals based on economic incentives have been gaining attention. These shae an impotant featue with ou appoach to the poblem: they typically ae based on a pesumption that uses have heteogeneous values fo eceiving vaious email messages. In an expeimental investigation of email stamps as a pice fo obtain- 5 As of now, spam-sending domains ae ionically the biggest uses of SPF tags [MXLogic, 2005] 8

ing a ecipient s attention, Kaut et al. [2005] found that chaging causes sendes to be moe selective and to send fewe messages. This method, howeve, equies non-spammes to pay a pice as well. van Zandt [2004] examines the design of an optimal tax that minimizes exploitation of attention though infomation oveload. Vaious email stamp systems have been o ae about to be implemented. 6. Lode et al. [2006] popose an attention-bond mechanism in which a sende deposit a monetay bond to a thid-paty agent, to be eleased only if the eceive tells the agent to do so. Payment systems equie substantial infastuctue fo full implementation. The infastuctue necessay fo widespead micopayment is lacking, and fo successful adoption into a sevice exhibiting netwok effects, such as email, it is likely necessay that thee be ealy widespead, not incemental, adoption, which is difficult to socially enginee. Also, thee is a nom of fee email sevice. Legitimate sendes may esist paying fo outgoing email moe stenuously than is stictly justified if they took into account the system benefits to thei ecipients. 3 Theoy In ou bief eview of othe appoaches to spam we highlighted one common featue: they ae geneally based on aising the costs of spamming, not on educing the benefits. In addition, technological and legal methods (and some maket methods, but less so) implicitly assume that cetain mail (o mail sendes) ae unifomly undesiable; that is, they ignoe heteogeneity in ecipient pefeences. In this section we pesent a model of the two-sided maket fo commecial spam, in which poduct selles pay bulk email sevice povides to delive advetisements to email ecipients, some of whom in tun willingly choose to puchase the advetised poducts. We then analyze the effect of intoducing an open (i.e., uncensoed) channel. The open channel appoach is designed to lowe the benefits to spammes of sending unsolicited mail to all ecipients, and woks only and pecisely because ecipient pefeences ae heteogeneous: viz., some ecipients want to eceive email advetisements. 6 Two of the wold s lagest povides of e-mail accounts, Ameica Online and Yahoo!, announced in ealy 2006 that they would give pefeential teatment to messages fom companies paying fom 1/4 of a cent to a penny each. An email stamp system was aleady implemented in Koea in 2003. Daum Copoation, the lagest potal in Koea, chages about 0.8 cents to the sendes who send moe than 1000 messages pe day. Fees scale downwads if sendes ae anked lowe than the biggest sendes o moe uses ate the emails as useful. Data cited by Kaut et al. [2005] indicate that spam was educed by about 40% fom its peak in a half-yea peiod aound the implementation. 9

3.1 The Recipients Poblem Recipient t is eithe of type (h)igh o (l)ow. The type is the intensity of pefeence fo censoed content. Channel j is eithe (o)pen o (c)ensoed. 7 Sendes ae defined by two attibutes: whethe they send mass o tageted mail, and whethe they send censoed o uncensoed content. 8 The fist attibute is mainly a cost attibute. Specifically, massmail satisfies the following chaacteistics of distibution and infomation costs: Low distibution cost. The population of sendes could in pinciple be distibuted continuously accoding to how efficient they ae in sending mass-mail. Fo simplicity and to a geat extent a desciption of the eal wold, we assume howeve that eithe a sende can o cannot send mass-mail. The ability to send mass-mail efes to the ability to sending tens of thousands of mail pe day. Revenue invaiance to andomization. A mass-mail does not imply that copies ae necessaily identical. In fact, a common stategy is fo a mass-mail sende to andomize some uninfomative text in an othewise identical message to fool content filtes. It is equivalent, fo ou pupose, if a sende andomizes ove infomation content (e.g., sends some medication messages and some motgage loan messages), but obtain the same expected evenue fom each. By both of the above chaacteistics, mass mail always appea in multiple and sometimes almost identical copies in a given ecipient s inbox. This highe substitutability implies that thee is a low type II eo cost associated with mass mail. That is, mass mail wongly filteed will cause much less inconvenience than the countepat of tageted-mail, even fo those ecipients who want mass-mail. The convese is not tue. Some ecipients pefe even to neglect tageted mail fom some people they know. We ae going to assume, howeve, that on aveage thee is a much lowe type II eo cost associated with mass mail. We do not equie that it is possible to identify that mail is sent by a bulk sevice povide. It is easy to fool geneal pupose filtes of the 7 We call the cuently available standad email channel censoed because sevice povide filtes and domain-blocking ules ae ubiquitous. 8 By censoed content we mean content of a type that conventional email sevice povides outinely attempt to filte out of the ecipient s email steam. Such content may o may not be illegal, and the filteing effots geneally will be impefect. Thus, as we make explicit below, some censoed content may be unfilteed, and thus be eceived. 10

identity of the sende, and the ecipient often won t know until afte incuing the cost of viewing the message. In pactice, much spam can be automatically identified as being sent fom a bulk povide, but ou esults ae obust as long as consideable spam cannot. The second sende attibute is whethe it sends content of a type that is censoed (if ecognized) by the email sevice povide (ESP). 9 Content-based filteing can ely on any available infomation heades and body text. Fo example, Gmail, Hotmail and Yahoo! usually filte adult content and all mail fom some blacklisted sendes (usually based on IP addesses). On the othe hand, we assume that sendes can, at a cost, disguise content to some degee. In all, we identify fou types of mail: Censoed-content mass Examples include Viaga and eotic content advetisements. Censoed-content tageted Examples include pesonalized adult mateials, pehaps sent by a pay subsciption sevice. Uncensoed-content mass Examples include advetisements fom conventional bookselles, non-pofit fundaises, and othe legal and less socially objectionable puveyos. Uncensoed-content tageted Examples include pesonal coespondence. Ou design goal was to develop a social welfae-inceasing mechanism that induces censoed-content mass mailes to educe the supply of thei messages deliveed to the cuently standad email channel (the censoed channel). Theefoe, we simplify by assuming that mass mailes send only censoed content, and tageted mailes send only uncensoed content. 10 To model the use poblem we suppose that ecipient chooses which channel(s) to ead in ode to maximize utility, which depends on the quantity of vaious categoies of email: U (desied mail eceived, undesied mail eceived, desied mail not eceived) (1) 9 Recipient censoship (with, fo example, pesonal spam filtes) ae not vey impotant to ou cental esults, as long as the value of spam that evades these filtes is, on aveage, negative to a segment of the population. 10 Thee ae inteesting eseach questions associated with the othe two email types as well, but they fall outside the scope of ou pesent analysis. Adding them to ou model fo the questions we ask in this pape would complicate notation and poofs, but would not change the qualitative esults. 11

The utility function is inceasing in the fist agument, and deceasing in the othes. Befoe explaining the aguments above, we intoduce futhe notation. Assume that fo all ecipients, thee is a (pehaps small) faction ɛ of uncensoed mail that is not desied. We assume that individuals eithe desie (all) censoed-content mail in a given channel o not, and use the indicato φ j t to epesent those pefeences. If a ecipient of type t {h, l} desies censoed-content mail in channel j, then φ j t = 1; othewise φ j t = 0. 11 We assume that only high type ecipients put a positive value on censoed content (φ j l = 0, φ j h = 1). Whethe mail (desied o undesied) is eceived depends on the filteing technology employed by the email sevice povide. We model this below, but fo now simply efe to mail that gets though as unfilteed and mail that does not as filteed. Then the fist agument of the full utility function (1), desied mail eceived, becomes: (1 ɛ) unfilteed uncensoed mail+unfilteed censoed mail φ j t (2) The second agument of utility function (1), undesied mail eceived, becomes: ɛ unfilteed uncensoed mail+unfilteed censoed mail (1 φ j t) (3) The thid agument of the utility function (1), desied mail not eceived, becomes: (1 ɛ) filteed uncensoed mail+filteed censoed mail φ j t (4) In the censoed channel filteing technology is designed to distinguish between censoed and uncensoed content, but it does so impefectly. Each sende knows that the filte has a stength of γ c [1, ) fo censoed content, and stength ˆγ c [1, ) fo uncensoed content, with γ c > ˆγ c. The filte stength is simply the invese of the faction of mail that gets though the filte. By definition thee is no filteing in the open channel, γ o = 1. Sende s can make an effot to disguise its content to educe the filte s success ate. We let sende s choose a disguise level, d j s [ 1, 1], γ j 11 We have an asymmety between the faction of desiable censoed- and uncensoed-content mail in a channel: ecipients may not want 100% of the uncensoed mail sent to them in a channel, but if they want any censoed-content mail, then want all of it. We do this to simplify the algeba, without losing anything qualitatively impotant. In both cases, not all mail is desied: fo uncensoed, each individual may not want some; fo censoed, some individuals don t want any. Thus, thee is the possibility of both Type I and Type II eos fo each. 12

fo mail sent to channel j, whee d j s is a multiplicative facto adjusting filte stength. If d j s = 1, disguising has no impact and the effective filte stength is the technological stength γ j. If d j s = 1/γ j, the effective filte stength is one, which is to say, all content passes though unfilteed. Disguising is costly, so we let d o s = 1 (no effot to disguise in the open channel). We let n denote the volume of censoed-content mail, and ˆn denote the volume of uncensoed-content mail. Then, fo some given censoedcontent mail volume sent to ecipient in the censoed channel, n c, the potion that actually eaches the ecipient is nc, whee d j is the disguise d c γ c level associated with n j. Note that we assume that thee is no need to disguise uncensoed content. In ou infomal specification (1), ecipient utility depends on the undiffeentiated volume of vaious mail categoies. Howeve, by intoducing content disguising, we cannot avoid anothe dimension of quality: the value of a given type of mail to a ecipient will now also depend on how infomative it is, which geneally will be invesely popotional to the amount of disguising the sende does. That is, clutteing a message with extaneous gabage text to get past a filte also makes it difficult fo the ecipient to find the useful infomation. Theefoe, we allow utility to depend on the infomativeness-adjusted volume of email eceived. To adjust fo message infomativeness afte disguising, we intoduce an adjustment function b, which is inceasing in the effot made to disguise censoed-content mail. We define κ j = 1 if ecipient uses channel j, zeo othewise. Now we can fomally expess the utility function (1). The fist agument, which is infomativeness-adjusted desied mail eceived, becomes: u desied eceived = j {o,c} (1 ɛ)κ j ˆn j + ˆγ } {{ j } uncensoed content mail j {o,c} φ j tκ j b(d j )n j d j γ } {{ j } censoed content mail (5) in which the fist tem is (desiable) unfilteed uncensoed-content mail, and the second tem is unfilteed, censoed-content, and disguised mail fo high type ecipients (i.e., those who find it desiable). The second agument of the utility function (1), which is infomativenessadjusted undesied mail eceived, becomes: u Type I eos = j {o,c} ɛκ j ˆn j ˆγ + (1 φ j t)κ j b(d j )n j j (6) d j γ j j {o,c} in which the fist tem is undesiable unfilteed uncensoed mail, and 13

the second tem is unfilteed, censoed-content, disguised mail fo low type ecipients (who give it a negative value). The thid agument of utility function (1), desied mail not eceived, becomes: u Type II eos = j {o,c} (1 ɛ)κ j ˆn j (1 1ˆγj ) + j {o,c} φ j tκ j b(d j )n j (1 1 d j γ j ) (7) whee the fist tem is desied filteed uncensoed mail, and the second tem is filteed censoed-content mail fo high type ecipients. 12 As a special case, we assume that the censoed channel is essential so that evey ecipient uses it: κ c = 1. Then, given the filte stengths, disguise levels, email volume and actions of othe ecipients, ecipient makes a binay choice whethe to ead mail in the open channel, κ o {0, 1}, by maximizing: U (u desied eceived, u Type 1 eos, u Type 2 eos) (8) Poposition 1 If evey ecipient uses the censoed channel and thee is no uncensoed-content mail in the open channel (ˆn o = 0), then ecipients who have a positive value fo censoed contents, and only they, will use also the open channel. Poof. The esult is obtained staightfowadly fom the thee components of (dis)utility, (5) (6). Fist, fo a ecipient who finds censoed content undesiable (φ j l = 0), eading the open channel povides no benefit, but ceates disutility by inceasing the amount of objectionable mail (see the second summand in (6)). Fo a ecipient who values censoed content, eading mail in the open channel inceases the second summand in (5) (desied mail eceived). It has no effect on Type I eos (6). Likewise it has no effect on Type II eos (7) because fo the open channel d j = γ j = 1, so the second summand is zeo when j = o. Thus, if an open channel is intoduced, h-type ecipients will use it to obtain benefit fom desied commecial spam, but l-types, who do not want spam, will not (as long as pesonal sendes do not stat sending (much) to the open channel). We now tun to sendes to find the equilibium behavio of spammes when an open channel is intoduced, afte which we analyze the welfae effects of an open channel. 12 We could elaboate by allowing Type II eos associated with tageted mail to be moe annoying. 14

3.2 The Sende s Poblem We will descibe in detail the cost and evenue functions of the censoedcontent mass-mail sendes only. This is because the focus of the pape is to move the supply of and demand fo censoed-content mass-mail out of the cuent email system. The total cost function fo mass-email sende m, c m (n o m, n c m, d c m), eflects the costs of geneating the email volumes, and of disguising mail sent to the censoed channel. The disguise cost is captued by c m / d j m < 0, and the volume geneating cost by c m / n j m > 0. 13 We allow fo economies of scale in the sense of sub-additivity, c m (n o m, 0, d c m)+ c m (0, n o m, d c m) > c m (n o m, n c m, d c m), and cost complementaity (ie., < 2 c m n j m n i m 0, i j). To be concete, we specify c m (n o m, n c m, d c m) = F C m + g m (d c m) + δn o mn c m + 1 2 (no m) 2 + 1 2 (nc m) 2, in which g m (d c m) = 1 1 14, so that the d c m cost of no disguising (d c m = 1) is g m (1) = 0. Cost complementaity and subadditivity ae both ensued by letting δ < 0. 15 We also assume a egulaity condition of δ 2 < 1. On the evenue side, sendes ae pice takes. Selles of censoed goods o othe legitimate goods pay them fo solicitations. Let p j be the advetising chage pe disguised email ( nj m ) eaching the uses in d j j mγ channel j 16. 13 Rathe than having a zeo maginal cost as commonly asseted, spammes incu cost to enew technologies, which depeciate quickly, to geneate spam. Fo example, zombies (ie. home computes hijacked by cackes) ae consistently destoyed by antivius softwae, so spammes must continuously develop and distibute new viuses to captue new (tempoay) zombies. Zombies ae esponsible fo elaying moe than 60% of the wold s spam (Sophos, 2005). 14 We could have used a deceasing maginal cost function such as g(d c m) = 1 (d 1. c m )2 15 Cost complementaity follows fom δ < 0 because cm n c m δn c m + n o m. Subadditivty does as well because c m (n o m, n c m, d c m) [c m (n o m, 0, d c m) + c m (0, n c m, d c m)] = δn o m + n c m, and cm n o m =F C m + g m (d c m) + δn o mn c m + 1 2 (no m) 2 + 1 2 (nc m) 2 [F C m + 1 2 (no m) 2 + F C m + g m (d c m) + 1 2 (nc m) 2 ] = δn o mn c m F C m < 0. = 16 In pactice, thee is a volume discount (that might o might not due to diminishing likelihood to espond). Fo instance, Send-Safe is a sevice spammes offe to advetises. One picing scheme asks fo US$125 pe 1 million cedits (a poxy of n j m ) when an advetise pays fo 0.4 million cedits. The pice dops monotonically d j j mγ to US$10 pe 1 million cedits when an advetise pays fo 300 million cedits. This picing scheme is available at http://www.send-safe.com/send-safe.html. 15

On a pactical level, the sende chooses whethe to send to the censoed o the open channel (o both). If sending to the open channel, the sende does not disguise content, and adds a tag that indicates the message should be deliveed to the open channel. If sending to the closed channel, the sende does not tag the message, and in fact may expend some effot to disguise the content. We assume that mail send is distibuted unifomly to the ecipients in a given channel. Given the pices and filte stengths, sende m chooses (n o m, n c m, d c m) to maximize: s.t. π m (n o m, n c m, d c m) = p o n o m + pc n c m d c mγ c c m(n o m, n c m, d c m) (9) d c m [ 1, 1]. (10) γc Poposition 2 Conside thee cases. Case (a): p o pc (b): p o pc δ γc (1 δ 2 ) δp c ; case (c): Othewise. If p o = p c = 0, Else, the best esponses of sende m ae: Case (a): Case (b): Case (c): d c m = 1; n o m = 1 1 δ 2 (po δpc γ γc (1 δ 2 ) δγ c δp c ; case d c m = 1; n o m = 0; n c m = 0 (11) c ); n c m = 1 1 δ ( pc 2 γ c δpo ) (12) d c m = 1 γ ; c n o m = 1 1 δ 2 (po δp c ); n c m = 1 1 δ 2 (pc δp o ) (13) d c m = Poof. See Appendix 1. (p c ) 2 (1 δ 2 )(γ c ) 2 + δp o p c γ c ; (14) n o m = p o δ γo p ; c n c m = γc (15) p c Coollay 1 As long as eithe p o o p c is (o both ae) stictly positive, a non-zeo quantity of mass email will be sent to both channels. 16

Poposition 3 When eithe p o o p c is (o both ae) stictly positive, the optimal solutions n o m, n c m and d c m exhibit the following chaacteistics: (1) d c m is i) deceasing in γ c in cases b and c, independent othewise; ii) inceasing in p o and p c in case c, independent othewise; iii) deceasing in δ in case c, independent othewise. (2) n o m and n c m ae i) inceasing in both p o and p c in cases a and b; ii) deceasing in δ in cases a and b; iii) deceasing in γ c in case a, and independent in case b. Fo case (c), n o m is inceasing in p o and deceasing in p c. Fo case (c), n c m is deceasing in p c and is independent of p o. Poof. By diffeentiation of each of the best esponses in Poposition 2. 3.3 Welfae Poposition 4 The welfae of censoed-content mass-mail sendes and all ecipients will be unchanged o inceased when thee is an open channel if the following assumptions hold: (1) thee is no censoed-content tageted-mail; (2) thee is no uncensoed-content mail in the open channel; (3) b(d j ) (d j ) 2 ; (4) the maginal evenue of sending uncensoedcontent mail to the censoed channel does not change with o without the open channel; (5) p o p c.(6) Eithe p o o p c equal to zeo. Poof. See Appendix 6.2 4 Implementation Issues We emphasize that ou poposal is a stating point. Thee ae implementation issues, which ae outside the scope of this eseach, that must be addessed: Will the total tade volume of censoed goods incease? Is it easonable to assume that the open channel simply shifts the supply of such goods fom othe outlets? What is the magnitude of the maginal exposue of ponogaphy fo minos in the open channel? Have they aleady been exposed significantly by websites on the Intenet? Should we add minimal censoship to the open channel by blocking sexually explicit images o equiing cedit cad numbes to access the open channel? O should we block at least some contents with viuses and woms? Will the main agument still hold as long as the open channel is significantly less censoed than othe channels? Moe geneally, what ae the social implications if it is easie to obtain countefeit poducts o piated softwae because of the open channel? 17

The open channel is a typical poblem of two-sided makets, which need both the sides of sendes and ecipients. Is it desiable fo the lage email sevice povides to unilateally opt-in fo all the ecipients (so at least one side of the maket is on boad)? 17 Cuently, Gmail lists side-by-side some advetisements even fo spam messages. Will the possibly inceased email volume (at least email with censoed contents) be sufficient incentives fo the pivate povision of the open channel? How many povides adoptions do we need fo the open channel to be effective? Ae the customes willing to switch to the few adoptes? 5 Conclusions We popose a pincipled appoach to developing and analyzing spam policies. Ou appoach is gounded in an economic, ational choice chaacteization of the choices made by spammes and ecipients. Ou novel insight is to induce the supplies fo and demandes of commecial spam to move out of the cuent email system (a censoed channel), by poviding an open channel in which those who want the advetisements can find them. As a coollay benefit, esouces ae not wasted on unpoductive content disguising, and eades eceive highe quality (moe infomative) ads. Technical filtes and legal ules aise the cost of deliveing spam to eades. Costs ae bone by advetises (who must develop eve-changing techniques fo avoiding filtes, etc.), but also by ecipients, who spend time doing the difficult filteing and eviewing that cannot be automated. Methods that channel communications moe diectly to those who want them would lowe costs on both sides and be welfae impoving. In ou mathematical model, we have shown that all email ecipients ae bette off with the intoduction of such open channel: only ecipients wanting spam will use the open channel enjoying the less disguised messages, and fo all ecipients the satisfaction associated with desiable mail eceived inceases, and dissatisfaction associated with undesiable eceived and desiable mail filteed out deceases. We do not claim that ou idea would povide a complete solution to the cuent spam poblem, but we do offe a novel new tool that, togethe with the othe well-known tools (technical, legal and economic), may contibute to a eduction in the flow of low-infomation, unsolicited bulk email. The ultimate solution, simple economics pedicts, is fo the value of puchasing stimulated by spam to fall sufficiently low that 17 Gmail, Yahoo!, and Hotmail ae thee lagest online email sevice povides, each with a maket shae close to 1/3. 18

it is less than the aleady low cost of sending spam. If we can tempt a substantial numbe of consumes who want to puchase spam-advetised poducts into a sepaate email channel (tempt them with the expectation of highe quality, moe infomative ads to help them find the poducts they want), the puchasing value emaining in the taditional, filteed channel may dop sufficiently to stat discouaging spammes fom using that inceasingly unpoductive channel. In othe wods, we take a staightfowad economic appoach to the question, by ecognizing that thee is not just a supply cuve but also a demand cuve fo spam. We model the incentives, within the ecosystem of existing spam solutions, to induce both supplies and demandes to move out of the cuent censoed channel and into the open channel. If customes who want to puchase will benefit fom moe infomative ads in a sepaate channel, then spam advetises will benefit fom focusing thei advetising spending on that channel. This should not be a vey contovesial idea, but it is, we believe, an idea that has been lagely missing fom the debate. Thee is anothe illuminating economic pespective on ou wok: spam is fundamentally a poblem that aises when disposal is not fee. We know fom the Fist Fundamental Welfae Theoem that unegulated fee makets ae geneally Paeto efficient, but that esult equies fee disposal. Spam is not fee to dispose: it equies time to open and conside. Some types of spam ae malicious and may actually cause ham to one s data files o opeating system befoe we can dispose of it. Ou poposal eceates an efficient fee maket the open channel fo those who do not want to dispose of spam. But we povide those fo whom the disposal costs ae sufficiently high (not fee) the choice to opt out and paticipate only in the censoed channel. Meanwhile, sendes don t intenalize the disposal costs of uninteested ecipients, but the sendes nonetheless choose to send less to the censoed channel because the aveage popensity to buy falls as spam eades move to the open channel. Of couse, not all spam is designed to delive infomative advetising messages to willing customes. A significant potion of spam is intended to deceive eades (e.g., phishing and othe scams), and othe spam messages ae intended to pesuade eades who may not have peviously thought they wanted to puchase a spam-advetised poduct (and thus, who would not ead the messages in the uncensoed advetising channel). We do not suggest that ou poposal will have a diect effect on the quantity of misleading spam email (it might affect pesuasive advetising because a lage faction of those susceptible to this may aleady be inclined to ead the uncensoed and moe infomative advetising 19

channel). An open advetising channel is possible at low cost, and it seems evident would make email uses at least weakly bette off (no wose off) than the status quo. If well-designed, an incentive-compatible advetising channel that hanesses the simultaneous foces of demand and supply could significantly educe the flow of unsolicited bulk commecial email. 6 Appendix 6.1 Poof of Poposition 2 The sende s pofit function is π m (n o m, n c m, d c m) = p o n o m + pc n c m d c mγ c c m(n o m, n c m, d c m), (16) so, the Lagangian is: L = π( ) λ c 1(d c m 1) + λ c 2(d c m 1 γ c ) + µo n o m + µ c n c m (17) whee λ c 1, λ c 2, µ c, µ o 0. The complementay slackness conditions ae: FOCs: λ c 1(d c m 1) = 0 (18) λ c 2(d c m 1 γ c ) = 0 (19) µ o n o m = 0 (20) µ c n c m = 0 (21) p o = c m µ o = δn c n o m + n o m µ o m = n o m = p o δn c m + µ o (22) p c d c mγ = c m µ c = δn o c n c m + n c m µ c m = n c m = pc d c mγ c δno m + µ c (23) p c n c m (d c m) 2 γ c λc 1 + λ c 2 = c m d c m = g m(d c m) = (d c m) 2 1 = pc n c m γ c + (λ c 1 λ c 2)(d c m) 2 (24) = d c m = ( 1 pcnc m γ c ) 1/2, λ c λ c 1 λ c 1 λ c 2 (25) 2 20

Combining (22) and (23): n o m = p o δ( pc d c mγ c δno m + µ c ) + µ o n c m = = 1 1 δ 2 [po δ( pc d c mγ c + µc ) + µ o ] (26) pc d c mγ c δ(po δn c m + µ o ) + µ c = 1 1 δ 2 [ p c d c mγ c δ(po + µ o ) + µ c ] (27) Befoe doing moe substitutions in the above nonlinea equations to solve fo d c m, n o m, n c m moe explicitly, we fist see if we could eliminate some cases below. Case 1: n o m, n c m > 0 = µ o = µ c = 0. Fom (26), n o m = 1 p c 1 δ 2 [po δ( )] (28) d c mγm c Fom (27), Subcase 1: d c m = 1 = λ c 2 = 0 Fom (28), Fom (29), Fom (24), Fom (32), λ c 1 > 0 Fom (32), λ c 1 = 0 n c m = 1 1 δ 2 [ p c d c mγ c δpo ] (29) n o m = 1 1 δ 2 [po δ( pc )] (30) γm c n c m = 1 1 δ 2 [ pc γ c δpo ] (31) λ c 1 = γc p c n c m γ c (32) γ c > p c n c m (33) γ c > pc 1 δ ( pc 2 γ c δpo ) (34) γ c = p c n c m γ c = pc 1 δ ( pc 2 γ c δpo ) 21

Theefoe, subcase 1 is admissible when γ c p c γc (1 δ 2 ). 18 δγ c δp c Subcase 2: d c m = 1 = λ c γ c 1 = 0 Fom (28), Fom (29), Fom (24), pc ( pc δp o ), o equivalently p o 1 δ 2 γ c n o m = 1 1 δ 2 [po δp c ] (35) n c m = 1 1 δ 2 [pc δp o ] (36) Fom (38), λ c 2 > 0 1 = pc n c m λc 2 γ c (γ c ) 2 (37) λ c 2 = γ c p c n c m (γ c ) 2 (38) Fom (38), λ c 2 = 0 γ c p c n c m (γ c ) 2 > 0 (39) p c n c m > γ c (40) p c (p c δp o ) > γ c 1 δ 2 (41) p c n c m = γ c (42) p c (p c δp o ) = γ c 1 δ 2 (43) Theefoe, subcase 2 is admissible when γ c pc 1 δ 2 (p c δp o ) o equivalently p o pc δ γc (1 δ 2 ) δp c. Subcase 3: d c m ( 1, 1) = λ c γ c 1 = λ c 2 = 0. Equation (24) and the pemises fo this subcase imply that: γ c = n c mp c (44) 18 The inequality eveses diection because we multiplied both sides by δ < 0. 22

Substitute (44) into (29) to get 19 : d c m = (p c ) 2 (1 δ 2 )(γ c ) 2 + δp o p c γ c (45) The solution fo n c m is aleady available fom (44) (o can be equivalently obtained by substituting (45) into (29)): Substitute (46) into (22) to get Case 2: n o m > 0, n c m = 0 Fom (23), n c m = γc p c (46) n o m = p o δ γc ) p c (47) n c m = pc d c mγ c δno m + µ c 0 = pc d c mγ c δno m + µ c Since the ight hand side is non-negative, the only pemissible values ae p c = µ c = n o m = 0,which contadicts with n o m > 0. Case 3: n o m = 0, n c m > 0 Fom (22), n o m = p o δn c m + µ o (48) 0 = p o δn c m + µ o (49) Since the ight hand side is non-negative, the only pemissible values ae p o = µ o = n c m = 0,which contadicts with n c m > 0. 19 δp o + (1 δ 2 ) γc p c = pc d c mγ c n c m = 1 1 δ 2 ( p c d c mγ c δpo ) γ c p c = 1 1 δ 2 ( p c d c mγ c δpo ) d c (p c ) 2 m = (1 δ 2 )(γ c ) 2 + δp o p c γ c 23

Case 4: n o m = n c m = 0. Fom (22), n o m = p o δn c m + µ o (50) 0 = p o + µ o (51) Since the ight hand side is non-negative, the only pemissible values ae p o = µ o = 0. Fom (23), n c m = pc d c mγ c δno m + µ c (52) 0 = pc d c mγ c + µc (53) Since the ight hand side is non-negative, the only pemissible values ae p c = µ c = 0. n c m = 0 implies that (25) gives: d c 1 m = ( ) 1/2 (54) λ c 1 λ c 2 Subcase 1: If λ c 1 = 0 and λ c 2 = 0, (24) implies a contadiction because: p c n c m γ c = 1 (55) n c m = γc p c 0 (56) Subcase 2: If λ c 1 = 0 and λ c 2 > 0, it gives a contadiction of d c m being negative by (54). Subcase 3: If λ c 1 > 0 = d c m = 1 (see (18)). Theefoe, case 4 is admissible when d c m = 1; p o = p c = 0 (57) 6.2 Poof of the Welfae Gain of the Recipients Assume the intechangeability of the limit signs fo U : lim U (u γ o,ˆγ o desied eceived, u Type 1 eos, u Type 2 eos) (58) = U ( lim lim γ o,ˆγ o u desied eceived, γ o,ˆγ o u Type 1 eos, γ o,ˆγ o u Type 2 eos) lim (59) 24

whee (use as a supescipt to denote the best esponses of the sendes when γ o, ˆγ o ): lim γ o,ˆγ o u desied eceived = (1 ɛ) κc ˆn c, ˆγ c + φc tκ c b(d c, )n c, (60) d c, γ c lim γ o,ˆγ o u Type 1 eos = ɛ κc ˆn c, ˆγ c + (1 φc t)κ c b(d c, )n c, (61) d c, γ c lim γ o,ˆγ o u Type 2 eos (62) = (1 ɛ)κ c ˆn c, (1 1ˆγ ) + c φc tκ c b(d c, )n c, (1 1 d c, γ ) (63) c Since U lim γ o,ˆγ o U 0 if (a) u desied eceived lim γ o,ˆγ o u desied eceived,(b) u Type 1 eos lim γ o,ˆγ o u Type 1 eos, and (c) u Type 2 eos lim γ o,ˆγ o u Type 2 eos, we ae going to pove each of these inequalitities in thee pats. (i) Inequality (a) is u desied eceived lim γ o,ˆγ o u desied eceived, o equivalently: j {o,c} (1 ɛ)κ j (1 ɛ) κc ˆn c, ˆγ c ˆn j ˆγ + j j {o,c} φ j tκ j b(d j )n j d j γ j + φc tκ c b(d c, )n c, (64) d c, γ c As in Poposition 1, if we assume that thee is no uncensoed-content mail in the open channel (implying (1 ɛ)κ o ˆn o = 0), then it implies that ˆγ o the sendes of such mail aleady find it pofit maximizing by sending only to the censoed channel. Since the maginal cost function has not changed, as long as the maginal evenue of sending uncensoed-content mail to the censoed channel does not change with o without the open channel, such sendes will not change the values of decision vaiables chosen even when the open channel disappeas because the fist ode condition of equations of equating maginal evenue and maginal cost do not change. This implies that (1 ɛ)κ c ˆn c = (1 ɛ) κc ˆγ c ˆnc,. Then it is ˆγ c equivalent to poving that: φ c tκ o n o γ o φc tκ c b(d c, )n c, (65) d c, γ c 25

The above is tue fo φ o t = 0 because both sides ae zeo. Fo φ o t = 1, because κ o = κ c = 1 by Poposition 1 and γs o = 1, it is sufficient to pove that n o n c, whee is a high type ecipient because: n o b(dc, )n c, (66) d c, γ c n o n c, because d c, γ c 1 and b(d c, ) 1 (67) To pove that n o n c,. Let s fist look at the censoed-content massmail sende s poblem. Fo n o m, the maginal evenue is p o and the maginal cost is cm = δn c m + n o m. Fo n c, m, the maginal evenue is p c d c, n o m and the maginal cost is n c, m γ c m (set δ = 0 in cm = δn o n c m + n c m). m Pofit maximization implies that each censoed-content mass-mail sende equates maginal evenue with maginal cost: and p o = δn c m + n o m (68) p c d c, m γ = c nc, m (69) Since we have aleady assumed that p o p c and d c, γ c 1, we have p o pc d c, γ c (70) Substitute the value of the above inequalities fom the two pofit maximization conditions above, we have: δn c m + n o m n c, m (71) n o m n c, m because δ < 0 = (72) ctt o n o m ctt c n c, m if ctt o ctt c 0 = (73) n o n c, (74) The last inequality holds because of the following. We aleady assumed that the volume of censoed-content tageted-mail is negligible 20. Then we could intepet the constants ctt o and ctt c as the ecipocals of the 20 Altenatively, by popely defining the costs function of the censoed-content tageted-mail sendes, we could assume a weake condition that the atio of the volume of mail sent by censoed-content tageted- ove mass-mail sendes in the open channel is geate o equal to the coesponding atio in the censoed channel. 26

numbe of ecipients of censoed-content mass-mail in the open channel and censoed channels, espectively. But by definition the censoed channel is essential, thee must be at least o geate numbe of ecipients in the censoed channel. So ctt o ctt c. Since mass-mail will be distibuted evenly, we have ctt o n o m = n o, and ctt c n c, m n o n c,. = n c,. Hence (ii) Inequality (b) is u Type 1 eos lim γ o,ˆγ o u Type 1 eos, o equivalently: j {o,c} ɛκ j ɛ κc ˆn c, ˆγ c ˆn j ˆγ + j j {o,c} (1 φ j t)κ j b(d j )n j d j γ j + (1 φc t)κ c b(d c, )n c, (75) d c, γ c Similaly, by the implication of the assumption of no uncensoed mail in the open channel, we have ɛ κc ˆn c = ɛ κc ˆγ c ˆn c,, and ɛ κo ˆγ c ˆn o = 0. It is equivalent ˆγ o to poving that: j {o,c} (1 φ j t)κ j b(d j )n j d j γ j (1 φc t)κ c b(d c, )n c, (76) d c, γ c The above is tue fo φ o t = 1 because both sides ae zeo. Fo φ o t = 0, because κ c = 1 and κ o = 0 by Poposition 1, it is equivalent to poving that: To pove that b(dc )n c d c that: b(d c )n c d c b(dc, )n c, (77) d c, b(dc, )n c,, as befoe, pofit maximization implies d c, p c d c, m γm c p c = n c, m (78) = n c d c mγm c m (79) Togethe we have: n c, m d c, m = n c md c m (80) Again assuming that the volume of censoed-content tageted-mail is negligible, the above equation implies: n c, s d c, = n c sd c (81) n c, d c, = n c d c by even distibution of mass mail (82) 27

Now substitute n c, = n c d c /d c, into b(dc )n c d c b(dc, )n c, : d c, b(d c ) (d c ) 2 b(dc, ) (d c, ) 2 (83) This inequality is guaanteed because: (1) we aleady assumed that b(d j ) (d j ) 2 (in fact, we need a weake condition that b( ) is inceasing at a smalle (o equal) ate than that of the ecipocal of the squae of its aguments. (2) d c d c,. To pove d c d c,, note that in Poposition 2, the disguise level is a constant in cases (a) and (b), so d c = d c,. In case (c), d c (p m = c ) 2. We will just ename d c (1 δ 2 )(γ c ) 2 +δp o p c γ c m = d c because thee is no censoed-content tageted-mail by assumption. We can obtain d c, = (pc ) 2 by setting δ = 0 in d c (γ c ) s. So d c 2 s d c, if and only if (p c ) 2 (1 δ 2 )(γ c ) 2 + δp o p c γ (pc ) 2 (84) c (γ c ) 2 (γ c ) 2 (1 δ 2 )(γ c ) 2 + δp o p c γ c (85) δ 2 (γ c ) 2 δp o p c γ c (86) The last inequality is tue because δ < 0. (iii) Inequality (c) is u Type 2 eos lim γ o,ˆγ o u Type 2 eos, o equivalently: j {o,c} (1 ɛ)κ j ˆn j (1 1ˆγj ) + j {o,c} φ j tκ j b(d j )n j (1 1 d j γ j ) (1 ɛ)κ c ˆn c, (1 1ˆγ ) + c φc tκ c b(d c, )n c, (1 1 d c, γ ) (87) c Similaly, by the pofit-maximizing implication of the assumption that thee is no uncensoed-content mail in the open channel, we have (1 ɛ)κ c ˆn c (1 1ˆγ ) = (1 ɛ)κ c ˆn c, c (1 1ˆγ ), and since (1 ɛ)κ o ˆn o (1 1ˆγ ) = 0 c o because ˆγ o = 1. It is equivalent to poving that: j {o,c} φ j tκ j b(d j )n j (1 1 d j γ j ) φc tκ c b(d c, )n c, (1 1 d c, γ c ) (88) The above is tue fo φ o t = 0 because both sides ae zeo. Fo φ o t = 1, because κ c = 1 and κ o = 1 by Poposition 1, it is equivalent to poving that: j=o,c b(d j s)n j (1 1 d j γ j ) b(dc, )n c, (1 1 d c, γ c ) (89) 28

But thee is no type 2 eos with censoed-content mail in the open channel because γ o = 1 (implying d o = b(d o ) = 1), so it is equivalent to poving that: Substitute n c, b(d c )n c (1 1 d c γ c ) b(dc, )n c, (1 1 d c, γ c ) (90) = n c d c s/d c, and cancelling n c on both sides: b(d c )d c, (1 1 d c γ c ) b(dc, )d c (1 1 d c, γ c ) (91) As a special case, substitute b(d j ) (d j ) 2 : (d c ) 2 d c, (1 1 d c γ ) c (dc, ) 2 d c s(1 1 ) d c, γc (92) d c (1 1 d c γ ) c dc, (1 1 ) d c, γc (93) d c d c, (94) To show that d c d c,, we actually need to show d c = d c, because we aleady know that d c d c, in ode to satisfy inequality (b). Now aleady know fom the poof of inequality (b) that d c = d c, in cases (a) and (b) in Poposition 2, and fo case (c) d c d c, if δ 2 (γ c ) 2 δp o p c γ c o eithe p o o p c equal to zeo. Q.E.D. 29

Refeences D. Bleichenbache, E. Gabbe, M. Jakobsson, Y. Matias, and A. Maye. Cubing junk e-mail via secue classification. In Poc. of the 2nd Intenational Confeence on Financial Cyptogaphy, pages 198 213, 1998. Loie Faith Cano and Bian A. LaMacchia. Spam! Communications of the ACM, 41(8):74 83, 1998. Dave Cocke. Challenges in anti-spam effots. The Intenet Potocol Jounal, 8(4), 2006. Cynthia Dwok and Moni Nao. Picing via pocessing o combatting junk mail. In Advances in Cyptology-CRYPTO 1992, 1993. Spinge- Velag, 1993, numbe 740 in Lectue Notes in Compute Science, pp. 139-147. Don Evett. Spam statistics 2006, 2006. Available fom http: //spam-filte-eview.topteneviews.com/spam-statistics. html. Robet Kaut, Shyam Sunde, Rahul Telang, and James Mois. Picing electonic mail to solve the poblem of spam. Human-Compute Inteaction, 20(1-2):195 223, 2005. Ben Lauie and Richad Clayton. Poof-of-wok poves not to wok. In Wokshop on Economics and Infomation Secuity 2004, 2004. Available fom http://www.dtc.umn.edu/weis2004/clayton.pdf. Thede Lode, Mashall Van Alstyne, and Rick Wash. An economic esponse to unsolicited communication. Advances in Economic Analysis and Policy, 6(1), 2006. Aticle 2. MXLogic. Mxlogic epots spam accounts fo 67 pecent of all email in 2005. Pess Release, 22 Septembe 2005. Available fom http://www.mxlogic.com/news_events/pess_eleases/09_ 22_05_SpamStats.html. Juan Calos Peez. Yahoo and cisco to submit e-mail ID spec to IETF. NetwokWold, 11 July 2005. Available fom http://www. netwokwold.com/news/2005/071105-yahoo-cisco.html. Sophos. Sophos Secuity Theat Management Repot. 2005. Timothy van Zandt. Infomation oveload in a netwok of tageted communication. RAND Jounal of Economics, 35(3):542 560, 2004. 30