^Wrong Type of Spam^

A study carried out in early 2008 by computer scientists from University of California, Berkeley and UC, San Diego (UCSD) reveals that spammers might not be on to such a good thing as was previously imagined. It also suggests that spammers may be vulnerable to attacks that make it more costly to send junk mail.

Despite the above statements it does suggest that a big-enough spamming operation can turn over a multi-million dollar profit nevertheless.

Spoof Spam

The team ran a fake-spamming operation as part of the Storm network, sending their own fake-spam through the tens of thousands of hijacked machines infiltrated by the Storm-worm from a number of proxy-bots that they created to act as conduits between the command and control system for Storm and the infected spam-relays. One of these fake-spam campaigns was a fake-pharmacy site which always returned an error message when potential buyers clicked a button to submit their credit card details, but nevertheless registered the number of hits.

They sent out over 465,000,000 fake-spam emails; most of which contained links to the fake pharmacy site, the others mimicked the storm-worm’s self-spreading tactics.

Result?

"After 26 days, and almost 350 million e-mail messages, only 28 sales resulted," the researchers wrote.

That’s less than a 0.00001% response-rate – Well below the average of 2.15% reported by legitimate direct mail organisations.

"Taken together, these conversions would have resulted in revenues of $2,731.88—a bit over $100 a day for the measurement period," said the researchers.

Scaling this up to the full Storm network the researchers estimate that the controllers of the vast system are netting about $7,000 (£4,430) a day or more than $2m (£1.28m) per year.

Although these are good numbers and a sizable amount, it nevertheless suggests that spammers aren’t making as much capital from their operations as was previously estimated. 

The conclusion that the researchers arrived at was: "The profit margin for spam may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defences."

Challenge

Give me a first: Would any spammers like to break their silence and confirm or deny this? If you’re a genuine spammer you’ll be adept at spoofing your comment source and faking your email address so that you won’t get rumbled. (Pretend spammers need not answer this – even if they can hide their identity.)

What about you non-spammers; do you think the team’s findings are likely to be correct, or do you think that they, by an amazing chance, were left with a spurious result?