Spam study – 25 out of every 10 000 spam mails lead to sales

Are you one of the 25 in every 10 000 who actually fall for one of the vast range of offers sent out in the form of spam every day? Hopefully not. But unfortunately, there are still enough people who do so to allow this situation to continue.

In 2011, there are signs that the global spam volume may be about to stabilise. A number of botnets, as they’re known, have been shut down, and this is because of better filters, mainly from the major ISPs (Internet Service Providers). Our own knowledge of what we should delete and what we should keep is also improving, making life harder for professional spammers. However, there are still vast amounts of money to be made in the spam industry, and if you’re one of the people who goes on about how stupid and unprofessional the spammers are, you might have to think again. I’ve tried to calculate how much money is made by the spammers from our stupidity, and if you read on you’ll see that there’s every reason – financially – for spammers to continue to disrupt us with their spam for a long time to come.

Data researchers at UC Berkeley and UC San Diego carried out a unique study of the spam industry in 2008. To measure the effectiveness of spam and the options available for earning money, they launched a fictitious professional spam operation. They set up a fake website selling Viagra and other products to alleviate male impotence. To achieve full effect and force in their study, they infiltrated and used professional spam software, a botnet known as “Storm”.

A view of the unknown “storm” was achieved when 85 000 computers were hijacked. Of these, 35 000 were prepared to send spam. By way of comparison, we can look at a botnet by the name of Srizbi which had 315 000 hijacked computers and the potential to send out 60 billion spam mails per day.

“Storm” is a major botnet which was discovered in early 2007 and has hijacked an unknown number of computers (estimated vary from 20 000 to more than a million) and copied their address books. Researchers were able to get hold of and use a small part of this botnet to spread their fake website.

The researchers on the study used Storm for 26 days and over that period sent out 350 million emails in which they marketed their potency agents and online pharmacy. Of the 350 million emails sent, they were able to remove 82.7 million due to invalid addresses and “blacklists” (email recipients which had blacklisted these senders previously). Spam filters further reduced the number, but exactly how much is difficult to gauge as they don’t send information back. Of the emails that were delivered to people’s Inboxes, 10 522 people clicked on the link and visited the fake pharmacy. Of these, 28 people made purchases amount to $100 on average. At this point, the researchers returned an error message instead of a purchase so that they wouldn’t find out the real addresses and card details of the buyers. All in all, this gave a daily income of $140 for the campaign. As the researchers used only 1.5% of the total Storm network, this can be translated into meaning potential income of $3 500 000 million a year for online pharmacies using Storm as spam marketing.

So what does this mean?

To further describe the entire extent of the spam economy, it is possible to create a calculation example where we know that 183 000 000 000 spams were sent every day in 2010. The research study above shows that 0.008‰ of emails sent resulted in conclusion and purchase. This would mean that around 15 000 spam purchases are made every day. If the average sale is worth $100, as in the researchers’ example, this means that there’s a turnover from spam of $1 500 000 every day. This makes $550 000 000 a year. In this regard, you should also bear in mind that this is worked out from “nice” spam, i.e. excluding what’s known as “phishing” where spammers generally try to find recipients’ account details in order to empty their bank accounts or make purchases, or make deposits using web services where the money can easily be transferred on and withdrawn physically. For the first six months of 2011, phishing accounted for 4% of all spam. How much the average fraud gave here is harder to work out as the banks refuse to talk about it. However, it’s reasonable to assume that an even smaller number of us are actually affected and fall for these phishing attacks, but that the people who are affected lose considerably more than the $100 spent on the average purchase for other spam.

A small number (ten to twenty) professional spam networks in Europe and North America are responsible for around 80% of all the spam in the world (according to ROKSO, the Register Of Known Spam Operations). So it can be estimated that these 100 or so worst spam companies bring in at least 50% of their income and share an estimated $250-300 000 000 (excluding any income from phishing and hire of bots).

So as anticipated, it can be concluded that the companies working with these criminal activities find them very lucrative. It’s unlikely that tax is paid on all the money, and it’s unclear how many companies do actually supply the products and services ordered. I hope this article won’t inspire anyone to move across to the dark side and try to earn money from spam. Instead, I’d like you to carry on reading and find out how we can prevent the problem of spam together, by simple means.

Read my articles In all the world, who sends the most spam? and Spam trends for 2011?, which show how much the industry is estimated to turn over every year and how many of us do actually fall into their traps, and, last but not least, Nine ways to avoid spam.

Here´s a guide on how to stop sending spam in four quick steps

Looking forward to reading your comments – thanks!