Spam barely pays, says spamalytics

With all that email that piles in for vi*gra and unlucky Nigerian princes, we assume that someone, somewhere, makes tons of money on it all. But some stealthy University of California researchers at Berkeley and San Diego concluded that spammers may be easier to thwart than we thought.

They tell the story in “Spamalytics: An Empirical Analysis of Spam Marketing Conversion,” published about one year ago. (Download the PDF here.)

To gather data, they devised trickery of their own: They infiltrated an existing spam botnet.

By infiltrating the botnet parasitically, we convinced it to modify a subset of the spam it already sends, thereby directing any interested recipients to Web sites under our control.

The team studied three campaigns: one selling pharmaceuticals and two propagating malware. They tracked nearly a half billion spam emails to count successful deliveries to mail servers, successful passes through anti-spam defenses, user visits to advertised sites, and sales and infections. Throughout, researchers were careful to avoid doing any harm; users responding to infiltrated bots could never actually buy drugs or download malware.

In the study’s small sample, only about a quarter of the all spam leaving their cave ever reached a mail server. Only about 16 percent reached users’ inboxes that targeted Hotmail, Gmail, Yahoo, or Barracuda. Only about one in about 12,500,000 users originally targeted ever took the bait — a 0.00001 percent conversation rate.

Researchers extrapolated from their tiny sample — roughly 1.5 percent of all traffic on this network — that the spammers might gross about $3.5 million per year, and higher if users come back for more.

But low conversion is what we’ve always assumed. What’s critical, and tricky, is estimating costs. The researchers figured that even at $80 per million, an average derived from anecdotal evidence, costs would be too great unless the spammers were vertically integrated — the vi*gra and the spam delivery all operates under one roof.

This discovery is “heartening,” says the paper.

“… profitable spam campaigns require organizations that can assemble complete “soup-to-nuts” teams. Put another way, the profit margin for spam (at least for this one pharmacy campaign) may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses.”

Spam may be easier to beat than we thought. Anyone for a “surge”?

The data industry thrives on conversation. Please submit a comment.

Other recent posts

Bohemian Grove a la BI

The Bohemian Grove of the BI industry convenes for the fifteenth time in just three weeks. Naturally, you ask the obvious question: Are you serious? The Grove? A summit? The answer begins with a fond recollection of the Grove. If you’ve never attended the Bohemian Grove yourself — I haven’t, though I live in the… Continue Reading

Favorite Star Trek, a data story

This story shows how elemental data stories really are. Humans come ready to tell and hear them, requiring no plug-ins at all. This young person can do a good job of it. There was a question, followed by data, then questions and answers, and and finally a conclusion. It’s all there. It’s elementary. Sure, this… Continue Reading

Bad stories stop good data at the water cooler

We agree by now that data’s a good compass. One neglected question is tougher: Which map? Everyone’s known the kind of “grouchy guy” TDWI instructor Kellee M. Franklin, Ph.D tells about. This guy knew better than most of his co-workers about how their Washington, D.C. defense agency worked. And he was frustrated. Over the years,… Continue Reading