Spam barely pays, says spamalytics

With all that email that piles in for vi*gra and unlucky Nigerian princes, we assume that someone, somewhere, makes tons of money on it all. But some stealthy University of California researchers at Berkeley and San Diego concluded that spammers may be easier to thwart than we thought.

They tell the story in “Spamalytics: An Empirical Analysis of Spam Marketing Conversion,” published about one year ago. (Download the PDF here.)

To gather data, they devised trickery of their own: They infiltrated an existing spam botnet.

By infiltrating the botnet parasitically, we convinced it to modify a subset of the spam it already sends, thereby directing any interested recipients to Web sites under our control.

The team studied three campaigns: one selling pharmaceuticals and two propagating malware. They tracked nearly a half billion spam emails to count successful deliveries to mail servers, successful passes through anti-spam defenses, user visits to advertised sites, and sales and infections. Throughout, researchers were careful to avoid doing any harm; users responding to infiltrated bots could never actually buy drugs or download malware.

In the study’s small sample, only about a quarter of the all spam leaving their cave ever reached a mail server. Only about 16 percent reached users’ inboxes that targeted Hotmail, Gmail, Yahoo, or Barracuda. Only about one in about 12,500,000 users originally targeted ever took the bait — a 0.00001 percent conversation rate.

Researchers extrapolated from their tiny sample — roughly 1.5 percent of all traffic on this network — that the spammers might gross about $3.5 million per year, and higher if users come back for more.

But low conversion is what we’ve always assumed. What’s critical, and tricky, is estimating costs. The researchers figured that even at $80 per million, an average derived from anecdotal evidence, costs would be too great unless the spammers were vertically integrated — the vi*gra and the spam delivery all operates under one roof.

This discovery is “heartening,” says the paper.

“… profitable spam campaigns require organizations that can assemble complete “soup-to-nuts” teams. Put another way, the profit margin for spam (at least for this one pharmacy campaign) may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses.”

Spam may be easier to beat than we thought. Anyone for a “surge”?

Leave a reply

Other recent posts

End of one-size-fits-all data stories

This appeared originally on the TDWI site in September behind a paywall. It’s still there, but today they’ve had the 90 days of exclusive use that I agreed to. Survey after survey reveals that about 80 percent of business users don’t use data analysis—despite all the marketing and “easy to use” tools. As if in… Continue Reading

Qlik finally set to leapfrog Tableau?

Who’s your rival? I carelessly asked a Qlik person at the company’s annual analyst reception Monday night in Miami if she hadn’t once worked for Tableau. Her revulsion was immediate. “No! Never!,” she said. We smiled. There was so much more to talk about. For one thing, how will private equity change things? Qlik wasn’t… Continue Reading

Five Tips for Better Data Stories

Originally published on September 22, 2015 in BI This Week, a TDWI publication. A “data story” sounds like such a great idea. You just mix data with storytelling and you’re done — except that most data storytellers get one thing wrong: they drown out the story with data. Such storytellers, I believe, assume that audiences… Continue Reading

Bohemian Grove a la BI

The Bohemian Grove of the BI industry convenes for the fifteenth time in just three weeks. Naturally, you ask the obvious question: Are you serious? The Grove? A summit? The answer begins with a fond recollection of the Grove. If you’ve never attended the Bohemian Grove yourself — I haven’t, though I live in the… Continue Reading