Who Benefits from Spam, Anyway?

Elbowgeek asks: "I've noticed that the vast majority of spam emails I receive are barely literate, to the point that in some cases one can hardly discern the product or service being advertised. Since most people are savvy/jaded enough to detect these entities that are not filtered automatically, just where does the profit motive from these messages come from? Is it simply the theory that if you send enough spam messages you're very likely to hit enough gullible recipients to make an acceptable amount of money? Does anyone have any insight on this dark underbelly of Internet advertising?"

Re:To many stupid greedy people.

[oyenstikker]

Bingo. Nobody actually needs to ever buy the product for spam to be profitable. Thats why it won't go away.

lots of kinds of spam

[bcrowell]

I think there are lots of different kinds of spam, and therefore lots of different answers to the OP's question. Examples:

-A spam that they want you to click on in order to see porn. If you click on it, it really does lead to porn, and they get ad revenue.

-A spam that's trying to find out whether your address actually receives mail. If you click on the opt-out link, they've verified that the address works. They then add your e-mail to a list that they send to other spammers.

-The Nigerian scam. Yes, people really do fall for this. There was a famous case here in Orange County recently where a rich, elderly doctor blew hundreds of thousands of dollars on it.

For a spammer who owns a botnet, the cost of sending a spam is zero. When your product costs zero to produce, you can come up with a lot of ways to sell it, and still make a profit.

Re:My theory

[slackmaster2000]

Does a lot of spam come from zombie machines though? Certainly a lot of spam comes from open relays, and a certain amount comes from inept web hosts (although I've leased servers, and most datacenters get very suspicious when your email traffic picks up). But how much spam comes from infected PCs with so many ISPs now blocking outgoing requests to port 25?

I run a small project web hosting company with about 30 customers. We used to offer outgoing SMTP services, and still do (password required), but the majority of our customers are now unable to use it. We now recommend that everyone use their ISP's outgoing mail server. Another issue we ran into was a whole lot of mail gets rejected if reverse DNS entries aren't configured properly, and this would also be a problem for zombie machines. Perhaps I'm thinking of zombie machines as hijacked PCs and the real problem is hijacked servers.

I would assume, and I recognize that I could be completely incorrect, that most spam today comes from mass mailing companies. These companies of course use devious methods to deliver messages, from targeting open relays to abusing web hosts to running servers in "anything goes" data centers.

The reason I don't think that the motivation is the same as virus writers is that almost all spam, aside from phishing attempts and obvious goofs, has a link to an actual website selling something. If I were a virus writing kind of guy and wanted to send out a zillion junk messages, they wouldn't be advertisements for viagra because I'd want some kind of recognition.

If I had to bet, my money would be on the low percentage success rate. That is, it's cheap to send a million emails, and if only a tiny percent of those messages result in a sale, it's probably worthwhile financially. Spam *must* be a money game. It just doesn't make sense to me otherwise. Consider how the web is also being overrun by "spammers": bogus block sites, bogus search sites, bogus link sites, all designed to make money off a tiny little click through rate.

Wouldn't it be nice if some elite group of movie-style good guy hackers got together to knock the shit out of spammers? I'm not sure if there's any other solution but to knock them out. Legislation is minimal help, but only in certain countries. Anti-spam software is a band-aid and doesn't lessen much the financial burden of spam. Unless everybody in the world all at once decides to switch email protocols, I don't know if this will ever stop. It's obscene.

I don't really even use personal email anymore. I don't care to keep on top of my filters so I just don't bother. I remember a time when I checked my email multiple times every hour. Now I check it once a week to see if something came in from an address that I've got a routing rule for. "Downloading 393 messages....one of which is legit." Fun.

Not true

[NineNine]

That's not true. Spammers are paid a percentage or flat fee based on what is sold with their referrer ID. Nobody is paid just to spam. Google is the last major advertising company/industry on the web that actually pays people just to advertise, with no results. Porn and spam both figured out that per impression or per click or per email doesn't work, and there haven't been any of those programs available in either industry for at least the past 6 years (yes, they figured this out while all of the "straight" people were jerking themselves off during the dot-com bust).

Re:Not true

[MarkusQ]

Spammers are paid a percentage or flat fee based on what is sold with their referrer ID.

I beg to differ. First, such a system would be all but unenforceable, and I can't see the spamers (who are the ones that will be risking prosecution, after all) saying, "Oh sure, you can pay me when you sell something; I can tell you guys are honest." But it also doesn't fit the data. Let's take a look at my in box, shall we?

1. Some folks selling "C-i-a-l-l-i-s" (or trying to). Looking at the raw message, I see one http: link, to a .info domain, with nothing beyond the FQD. They could of course have a separate domain for each spammer they used, but given how specific their domain name is it doesn't seem likely.
2. A blank spam. No subject, no body, no referrer ID.
3. A note from my wife. No referrer ID.
4. A pump and dump stock scam spam, no response info of any kind, and thus untraceable. No web bugs or other place to hide a refere ID.
5. A question from one of my company's laywers. No referrer ID that I can see.
6. A note from a psycho that believes the internet is spying on him. Spam, in a sense, but I think he's trying to warn us out of the goodness of his heart. No ID of any kind, and I suspect that if he knew his emails contain a message ID and a give an idea of the route they followed getting here, he'd faint.
7. Image spam; quite possibly tracable (I don't know what they image is; I don't fetch 'em).
8. Guttenspam. No payload.
9. Another image spam.
10. A note from my boss commenting on one of my earlier /. posts.
11. Another anonymous stock tip.
12. And another.
13. Watch replicas, one link, with only a FQD.

Sorry, I'm just not seeing the referrer IDs you speak of.

--MarkusQ

Re:My theory

[TFGeditor]

"would assume, and I recognize that I could be completely incorrect, that most spam today comes from mass mailing companies. These companies of course use devious methods to deliver messages, from targeting open relays to abusing web hosts to running servers in "anything goes" data centers."

Your are correct that you are incorrect. Simply examine the IP addresses that spam comes from: Comcast, RoadRunner, SBCglobal, Adelphia, ATT, kingwoodcable.com, cebridge.net, Verizon, calpop.com, atmlinkinc.com, Charter, uci.net, ctccom.net, Earthlink, Qwest, suddenlink.net, Sprint, knology.net, insightcom.com, mdm.net, zoominternet.net, mnsi.net, Netzero.

Those are just a few of the sources of spam that was in my spam folder this morning. It does not include andy of the 300 or so that were trapped at the server by an IP filter that blackholes anything sent from a foreign (non-U.S.) IP address.

Why so many different sources and why from consumer IP addresses if these are not zombied machines?

Wired Article

[aquowf]

Interesting article in august's wired magazine: http://www.wired.com/wired/archive/14.08/spamking. html [wired.com] [wired.com] It talks about the life and death of a "russian spam king", discussing the infamy as well as the money that spam brought him.