On my first day working for an Internet service provider, no one mentioned spam. That was in late 1995, and although we knew it was possible to send unsolicited email for commercial reasons, hardly anyone ever did so. Nine years later, 70 per cent of the traffic through mail servers is spam. The volume and the tactics have changed, but the underlying motivations are the same – and we are re no closer to a solution.

Most people think of email spam as an annoyance and source of unintentional mirth or occasional disgust. Most people will simply delete emails they don't want. A few will set up a filter and much of their spam will disappear, along with a bit of their desired email -- misses and false positives are inevitable. But only a tiny minority of email users will ponder the total cost of spam, or consider who pays that cost.

The Radicati Group, a market research firm in Palo Alto, estimated that spam will cost $41.6 billion last year, in terms of lost productivity from corporate workers alone. But the real cost is much higher. Internet Service Providers run most of the large and powerful email gateways, and they also deal with the most spam. It would seem that if 50% of your inbox is unwanted, then ISPs are being forced to build servers twice as big as would be necessary in a spam-free utopia. So it would seem.

But spammers launch their campaigns in automated blizzards of email, sending literally thousands of emails per second, so in order to continue serving their regular customers during this onslaught, ISPs overspend dramatically on mail service. During my years with a national ISP, the company was forced to spend more and more to keep up, eventually building systems around twenty times as powerful as would be needed for regular customer email. As a result, millions of dollars in hardware costs were passed on to the consumer. ISPs also buy or create specialized software and databases to allow them to recognize spam and refuse it, adding to the complexity and cost of handling email.

And that's why the "free speech" arguments around spam never impressed me much. Advertisers regard email as just another medium like television or radio or the postal service. Spam is protected free speech, and just as natural as receiving a print advertisement by mail. But with postal ads, the advertiser pays the production and distribution costs, whereas the costs of spam are incurred by internet companies and passed on to the consumer. Spam doesn't just waste our time -- it also costs us money.

That's only half of the equation, though. We all pay for it, but spam must also be making money for someone. Marketers measure the effectiveness of their tools with a 'hit rate' – the proportion of people who saw a TV ad, or received a spam email, who actually bought a product. An advertiser paying a few cents per viewer will measure that cost against the profit per sale and calculate if the medium and the ad are worthwhile. Ideally you want a satisfying hit rate, like maybe 1 per cent, indicating one in a hundred viewers of the ad bought something. But what if the advertising is vanishingly cheap? Through the shadowy networks of email marketing companies and their subcontractors, sending spam to millions of people can cost just a few hundred dollars. Even if the hit rate is just a few people in a million, the advertiser will still make money on the deal. There doesn't need to be “a sucker born every minute” because one in a million will be enough to pay for the whole transaction.

So despite a terribly low hit rate, spam is cheap for the sender, and internet users collectively end up paying the bill. So why don't we find a way to stop it? There is no silver bullet to kill spam, either legal or technical. Proposed anti-spam measures have often concentrated the control of email in the hands of a few major industry players, and that concentration is dangerous. Despite the high cost of spam, we must find a way to maintain email's decentralized and anarchic character. In just one example, Zimbabwe's government shut down the last remaining privately-owned newspaper in the country a year ago, but the journalists continued to publish using private email distribution. If a few major service providers become a choke point for email, governments, spy agencies, and telecommunications companies will have taken control of one of the last truly free media – perhaps a fate even worse than spam.

Some thought this past year would see the end of spam as we know it in the US. The government passed the “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 200”, or the CAN-SPAM Act of 2003. Despite the clever name, the law was widely viewed as toothless. It clarifies a spammer's responsibilities -- they must clearly label their email as advertisement, they must describe how a recipient could arrange to be removed from their mailing list -- but the law never gets around to making spam illegal. And it's not clear yet if such a law could withstand constitutional challenges.

Even if there were a clear and accepted law in the U.S. against unsolicited commercial emails, spam would adapt. According to an ongoing survey by Sophos, an Internet security firm, this country currently leads the world in spam production, with about 54% of spam messages being sent from computers in the US. But most of these operations could very easily be run remotely in countries with no anti-spam laws. Spam operations have to be fairly mobile anyway, moving frequently between service providers, since ISPs will often refuse to serve a company once they realize the nature of its business.

As more Americans have moved up to fast, permanent internet connections like DSL service or cable, they have unwittingly joined the spammers' ranks. Cybercrime investigators don't get involved in cases where personal computers are hacked but nothing of value is stolen, so a new spamming tactic, technically illegal, is now common.. Graham Cluley, a consultant at Sophos, writes in their survey that 30 per cent of the world's spam is sent from compromised computers -- regular PCs that have been taken over by a Trojan Horse program that turns the computer into a rabid, remotely-controlled spam broadcaster. A spam marketing contractor is typically in control of a stable of hundreds of these zombie machines, each doing the spammer's bidding. The innocent home computer user notices only that sometimes his computer is really slow and his Internet connection seems really busy. No new law will fix this situation -- it's already quite illegal to break into someone else's computer and subvert it for your own purposes.

So spam is here to stay, at least for a while. Smarter and more focused legislation could force the spam business offshore; technical advances like better filtering and databases of known spammers are already making it harder to spam. But this is an arms race between motivated opponents, and after nine years in the business, I still see continued innovation and escalation on both sides.

Maybe the solution will involve not technology or regulation, but supply and demand. The next time you find a spam subject line intriguing, think hard before you open it. A single sale can motivate (and pay for) for a million unwanted and annoying email messages. Do you want to be the one-in-a-million sucker? Maybe if no one bought magic erection drugs or acne medicine from spamming sellers, maybe if customers asked legitimate marketers to repudiate such wrong-headed tactics, spam might eventually find itself out of a job.