A team of computer scientists has published a paper called “Spamalytics,” which they say represents “the first large-scale quantitative study of spam conversion.” The researchers– from the nonprofit International Computer Science Institute in Berkeley, Calif., and the University of California, San Diego–hacked into a botnet and “convinced it to modify a subset of the spam it already sends, thereby directing any interested recipients to servers under our control.” That let them see how often people were responding to the junk e-mail, and to gauge the profitability of spam campaigns.
The paper shows that even a tiny hit rate–responses to spam tracked in the study ran at 0.00001 percent, or one in 12.5 million–can still produce a good return on investment, at least when the e-mail promotes so-called “male enhancement” products. This type of spam appears to be profitable, but only because the operators are vertically integrated: They run both the e-mail marketing operation and the pharmacy fulfillment shop.
The report says this data is “heartening,” as it indicates “the profit margin for spam (at least for this one pharmacy campaign) may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses.” That last line is critical, as it suggests that better defenses can make spam less of a money-maker.
IT plays a role here, as does law enforcement. So it was very good news when the San Jose, Calif.-based Web-hosting service McColo was taken offline in November, after a Washington Post blog showed that it was facilitating over three-quarters of global spam volume. Count on the spammers to return, though, for as long as sexual insecurity and irrational hope remain part of human nature.