By John Herrman
Posting in Technology
With appallingly low response rates and high overhead, email spammers are being forced to adapt.
In last month's issue of Wired, the magazine published a tidy little infographic detailing a study conducted by a team of researchers at UC San Diego, which attempted to explain the economics behind email spam:
The team's methods were bold, but harmless. They hacked into an existing spam ring, hijacked its traffic, and redirected victims to a fake payment processing page. The resulting data confirmed what most people already thought they knew about spam networks: their success depends overwhelmingly on scale and high margins, not a high purchase rate, to make money.
A widely cited conclusion of the study was that, scaled to the full size of the spam network the researchers infiltrated, revenues could be as high as $7,000 a day, or $2m a year. Pretty good! But a later passage in the study, which was conducted a few years ago, didn't get quite as much attention:
Anecdotal reports place the retail price of spam delivery at a bit under $80 per million . This cost is an order of magnitude less than what legitimate commercial mailers charge, but is still a signiﬁcant overhead; sending 350M e-mails would cost more than $25,000. Indeed, given the net revenues we estimate, retail spam delivery would only make sense if it were 20 times cheaper still.
And yet, Storm continues to distribute pharmacy spam — suggesting that it is in fact proﬁtable.
This was a bit outside of the scope of the team's study, so they were left to speculate: "One explanation is that Storm’s masters are vertically integrated and the purveyors of Storm’s pharmacy spam are none other than the operators of Storm itself (i.e., that Storm does not deliver these spams for a third-part in exchange for a fee)." It's a reasonable explanation, but leaves open the question of just how profitable spamming is. The assumption that these networks are wildly successful, in other words, might not be correct.
I followed up with one of the contributors to the study, Chris Kanich, to see if he and his colleagues had been able to shed any more light on the overall economics of running a spam enterprise. He will soon be presenting a followup study to the IEEE Symposium on Security and Privacy in May, called Click Trajectories: End-to-End Analysis of the Spam Value Chain. He wasn't able to talk about the paper pre-publication, but confirmed that "the current structure of the market is very much affiliate program oriented," pointing me to a paper published by security firm Sophos.
The paper's conclusion, in short, is that what enables all types of spam to be profitable are tightly knit affiliate programs, in which spammers can pull commissions as large as 40% on sales resulting from their independent promotion. (In Russia, where the most prominent affiliate networks have been able to thrive, these programs are known as "partnerka.") This tight integration is enough to ensure that larger partners make a good deal of money; by taking hefty commissions from sales with huge margins--generic or fake pharmaceuticals, pirated software, etc.--spammers can recoup their costs.
But even with this relatively (albeit synthetically) vertical business plan, email spammers don't fare nearly as well as those who use more modern spamming techniques, such as search engine manipulation:
[E]mail spam has become less popular amongst afﬁliates due to the high risk and steep entry barrier. This has been acknowledged by the afﬁliates themselves on SEO-related forums. But given that we see no shortage in the supply of ‘Canadian Pharmacy’ or ‘fake Rolex’ spam, it’s not going to go away any time soon. It’s just being carried out by a smaller ‘elite’ group of afﬁliates.
Effective spam filters and savvier users have driven the success rate of email spam to rock-bottom levels, so that in order to profit from it, spammers must be able to operate with unusually low overhead. In something an straightforward as email spam, "unusually low overhead" usually translates directly as "massive scale," which means that new and small players are often pushed out--of email spamming, not all spamming.
Web-based spam, propagated with shady SEO methods and browser-hijacking trojans, offers an attractive alternative to new or small partners. For one, it takes almost no investment. Web hosting is extremely cheap, the e-commerce systems used in affiliate programs are free and easy to copy to a new site, and fewer measures need to be taken to avoid prosecution under anti-spam laws, which were written first and foremost to combat email spam. Best of all, if a customer has found his way to your shady pharmaceuticals website via search, chances are better that he's actually in the market for your off-brand Viagra, as opposed to someone who received an unsolicited email.
With that in mind, the answer to the question of how email spammers make their money is this this: outside of a lucky few established players, they might not be. Not to worry, though. They'll be fine.
Mar 25, 2011
Thanks to share these details itâs truly nice. http://www.personalcashadvance.com
No mogul264 a 1 cent tax not going to fly. Think anyone wants to pay to contact their siblings or favorite persons and pay for it again? We already pay to have the IP so go somewhere else with the tax cr p. Spammers will continue but with different methods eventually. Our IP's need to help or there will be no end to the thieving bastards.
How about a one-cent tax on every e-mail address you send e-mail to? This would be small potatoes to most senders, and could be added to the cost of doing business for legitimate businesses. Spammers would be immediately impacted, and would have to tremendously increase business, as most seem to have at least 20 to 30 addressees listed on spam-mail I've received. Legitimate e-mails are generally limited to ten to fifteen addressees, or less. This tax might also tend to reduce the immediate response many do now with their phone apps (maybe not a bad thing?).
(And I disagree with altrong's thumbs-down, above) If ISP's were serious about limiting spam on their networks, they could start charging MORE for addresses that send those millions of emails (easy to find: no one else does that). They already, commonly enough, charge more for more traffic (of whatever kind), and surely packet inspection would be voluntarily winked at by receiving users. Simply make it a heavily-promoted opt-in system, that promises to use group action (the mass of opt-in users) to cut spam on the network over time. Users would understand that the ONLY data those inspections would determine and store, would be the COUNT of emails, and only the HIGHEST of those need to be stored (say over a few hundred per month per user), SO THAT THEY COULD BE CHARGED MORE. Certain Net-Neutrality issues here, but I think the opt-in would address that, as consent of those most affected... AND, it would not take anywhere near complete participation, to make it not worth the spammer's time, if the margin is as thin as this article suggests...
When I saw this article I thought "Wow I have been looking for something like this for the people who ask me why they get Spam. Unfortunately, this was not to be. This article would be impossible for the average user to gain any insight into why spammers do what they do. It suggest that few spammers actually make any money, and then gives absolutely no information on those who do. Thanks, I am sorry you failed to complete your article. RonG
If the percent of responses is about 1%, then blasting out millions of messages will give a good return. The artilcle hinted that increasing costs in setting up a spam campaign helps reduce spam. To overcome costs the spammers go for volume until the needed volume is greater than their ability to finance.