Who Benefits from Spam, Anyway?

Elbowgeek asks: "I've noticed that the vast majority of spam emails I receive are barely literate, to the point that in some cases one can hardly discern the product or service being advertised. Since most people are savvy/jaded enough to detect these entities that are not filtered automatically, just where does the profit motive from these messages come from? Is it simply the theory that if you send enough spam messages you're very likely to hit enough gullible recipients to make an acceptable amount of money? Does anyone have any insight on this dark underbelly of Internet advertising?"

To many stupid greedy people.

[jellomizer]

Well you can assume that some of the Spam is static used to detrain spam filters. But for most cases Spammers make money in sending the Spam, Not selling the services that goes with it. So say they charge $10,000 for a Million emails. So unexpecting company or some poor smuck think he is going to get rich quick with this stuff will pay the spamming companies so much to give the link to their website and sell a product. But there is no promise that they will sell the product they only promise to deliver a million emails. So what normally happens the Smuck goes bankrupt and the Spammer gets the money. If the Spammer can get past the Spam filters then they can promise better visibility.
There is basically an endless pot of Smuck who think they can get rich quick by selling sex toys, Investing in stock tips...

Re:To many stupid greedy people.

[oyenstikker]

Bingo. Nobody actually needs to ever buy the product for spam to be profitable. Thats why it won't go away.

Re:To many stupid greedy people.

[John+Hasler]

> Investing in stock tips...

Many of the stock tip spams are attempts to pump a stock. I suspect that they often work.

Re:To many stupid greedy people.

[Pharmboy]

Many of the stock tip spams are attempts to pump a stock.

Although not my experiences are more anecdotal than imperical, I HAVE taken the time over the last year to track at least a couple dozen stocks that I have received spam for, up to a week after I received the spam. (finance.yahoo.com) About half the time, I have seen quick pops followed by quicker declines, indicating enough people purchased to drive the stock up 5%-10% (or a little more), followed by a decline within 24 hours pushing the same stock to the original price or a little lower.

Maybe 30-40% of the time, the price didn't seem to change much (maybe not enough emails were sent) or the fluxuation was inline with the stock's trends, so it couldn't be determined if the spam did anything. The remaining 10%-20 it seems the stock simply slid in price (say, 3-10%) with no rise at all.

So I can see how someone could pump up stocks and on average make money from spamming but it isn't always a sure thing. I have NOT heard of the SEC or any other agency arresting anyone for this, which seems to be clearly illegal, spam or not.

Re:To many stupid greedy people.

[fossa]

If spammers are just scamming their customers with full knowledge that the spam will not increase product sales, then what is the incentive to actually send out the spam messages rather than simply lie to the customer? Can one take a spammer to court and claim "this man promised to send 2 million unsolicited emails on my behalf but failed to do so; I demand a refund!" Seems difficult to proved one way or the other if the spam services are even legal.

Re:To many stupid greedy people.

[bluu]

I did the same thing. I took a spam with a very clear disclaimer (although they used a tiny font):

[...] We have received 250.000 free trading shares from a third party, not an officer, director or affiliate shareholder. We intend to sell all 250.000 shares now, which could cause the stock to go down. This company has : negative cash flow from operations, no revenues in its most recent quarter, an accumulated defecit, a negative net worth, nominal cash, a going concern opinion from its auditor and related party transaction. [...] This is a penny stock and is a high risk security. URGENT: Please, Please Read the Company's SEC filings before you invest.

The stock was ASIQ.OB, before this spam, it was around $0.25
So the 'third party' gave around $62.500 to the spammer in free shares. Few days after, the stock was priced around $0.75
If the spammer sold everything at this price, he actually gain $187.500.

The 'third party' bought probably a million or more of trading shares. Imagine how profitable this operation was for both of them.

The short answer

[jone_stone]

The short answer: yes. Send out a million emails and get a .1% response and it's more than worth it.

So the question really is...

[whoever57]

who benefits from all the badly formatted spam? Wasn't there a story about this a day or 2 ago: someone suggested that it wa an attempt to train baysean filters to accept spam?

Re:So the question really is...

[tomstdenis]

It's entirely possible there are people with fake google accounts marking that as "non-spam" to counter the operation.

It isn't like you need a captcha to report spam.

Tom

Spammers benefit

[nascarguy27]

By doing this
1. Send mass, annoyingly misspelled emails
2. Wait as stupid people wanting (insert lame thing here) open and click on them
3. ??????
4. Profit

Re:Spammers benefit

[generic-man]

3. Collect list of stupid people's e-mail addresses, which you now know are good
3 1/2. Sell list of e-mail addresses to other spammers
4. Profit!

Just a theory.

Not everyone makes a profit...

[Total_Wimp]

It's just like every other business out there. Some people don't know how to run them. Unfortunately, with spam, these idiots are able to make a major anoyance of themselves with their ill-concieved, badly run catastrophies.

Trust me, the illiterate folks really don't make any money. But they're only part of your spam. The one where, you know, you can actually find some information on how to buy a product? They're doing ok.

TW

Don't you read Slashdot?

[tommertron]

http://it.slashdot.org/it/06/08/09/1523207.shtml

Apparently a lot of the 'gibberish' spam not trying to sell you anything is just there to try to untrain the spam filters so the next one that does try to sell you something might slip through. Or it negates the spam filters' effectiveness so much that people have to start looking in their spam filters for actual messages.

Personally, I think there's a lot less of a greed factor right now than there is an 'us vs' them' factor. I really think it's just getting to be an elaborate game for these spammers now - all they're trying to do is thwart the filters, and they've forgotten all about trying to dupe people out their money.

There are two layers at work

[MarkusQ]

There are two layers at work; the spammers and the "vendors" they spam for. The spammers are paid to spam, but they don't really care if the product sells or not. It's just like any advertising--magazines are paid to print your ads, but if they ads don't work, it's not their problem.

If you extrapolate normal advertising out by a few orders of magnitude (dumber, cheaper, wider distribution, etc.) you get spam. If you don't extrapolate out far enough (and find yourself in direct mail or telemarketing), no worries. Just keep going in that general direction a while longer, and eventually you'll come to spam.

--MarkusQ

Re:There are two layers at work

[WedgeTalon]

That's right, to a point. If, however, in your example, none of a product's ads produce sales, they likely won't be advertising in that magazine again. So it is somewhat of a concern to spammers that their clients actually end up getting some sales. Thus why we get the constant war of spammers trying to get past our protection schemes.

Re:There are two layers at work

[MstrFool]

Not so, and he didn't say that none of the adds sold anything, he somply said that the spammer doesn't care if they do or not. Just as there are large numbers of people that do reply to spam, there is also a large enough group of people willing to pay spammers to spam for them. You get $10,000 from one guy and it cost you next to nothing. How long would you be willing to wait for the next sucker to ask you to spam for them? So the first guy got nothing and went broak, a little sweet talking and waving of numbers and you have a new person willing to pay you. Do that 10 times in 1 year and that's a nice $100,000 in your pocket for doing less then a days worth of work all year. In time, people will stopp falling for it, but by then the nest generation of idiots is jumping to pony up the cash. Some times I hate having ethics... I could really use that money my self.

Lots of mistakes

[BrynM]

I've spent an inordinate amount of time fighting spam on my server in the past. My guess is that the completely mussed up ones are a combination of the following:

• Trying to throw off spam filters - The (possibly wrong) idea is the more mail you have to process and the more complicated you make the ruleset (learned or created), the better the chance that one they get paid for will get through. From what I understand, most spammers think of this as a kind of "war" so they have no problem wasting resources "fighting". This is not some grand scheme, but more likely the fragmented effort of various large spammers.
• Bad translations - Spammers are global (a large number in the Pacific Rim). I'm betting that many rely on someone else to translate. Some pure gibberish spams are converted character sets somewhere along the way.
• Stupidity - I've seen plenty of braindead spammer mistakes (sending the recipient list cc instead of bcc, not knowing how to work the software but being willing to "make money at home")

Of those three, only one is intentional. Seeing some large nefarious purpose may be giving the spammers too much credit.

As a side note, some of my favorites are the pharmaceutical spams that say the names of the drugs, but don't offer any means of purchase let alone contact. I often wonder if some madman at GSK or Pfiser is reminding the world that v1a6r@ can be spelled so many different ways.

Which of course brings up the question . . .

[Rachel+Lucid]

Is there any point left in spam but to keep spam-blocking companies in business? After all, Internet Security is quite the nice racket...

Re:Which of course brings up the question . . .

[xxtensen]

No spam: no spam blockers. No drugs: no war on drugs. No terrorism: no war on terrorism...

Re:My theory

[pilkul]

Um.

1. Spam has never been used to advertise respectable products.
2. The motive for virus writing nowadays is profit, same as spam. Viruses let you put up adware and create zombie hordes for spam forwarding or DDoS blackmailing.
3. In the past, the motive for virus writing was not to hurt other people, but simply a kind of power trip or experiment. For proof, look at how very small the proportion of viruses that intentionally delete data is. The psychopathic "hurt as many people as possible" mindset is extremely rare.

I do!

[AriaStar]

I get paid pretty well to deal with this crap and keeping it from getting to our clients. For all the annoyances spammers cause, I'd like to thank them for keeping me employed! And then hit them for even trying to send me spam.

lots of kinds of spam

[bcrowell]

I think there are lots of different kinds of spam, and therefore lots of different answers to the OP's question. Examples:

-A spam that they want you to click on in order to see porn. If you click on it, it really does lead to porn, and they get ad revenue.

-A spam that's trying to find out whether your address actually receives mail. If you click on the opt-out link, they've verified that the address works. They then add your e-mail to a list that they send to other spammers.

-The Nigerian scam. Yes, people really do fall for this. There was a famous case here in Orange County recently where a rich, elderly doctor blew hundreds of thousands of dollars on it.

For a spammer who owns a botnet, the cost of sending a spam is zero. When your product costs zero to produce, you can come up with a lot of ways to sell it, and still make a profit.

Re:My theory

[slackmaster2000]

Does a lot of spam come from zombie machines though? Certainly a lot of spam comes from open relays, and a certain amount comes from inept web hosts (although I've leased servers, and most datacenters get very suspicious when your email traffic picks up). But how much spam comes from infected PCs with so many ISPs now blocking outgoing requests to port 25?

I run a small project web hosting company with about 30 customers. We used to offer outgoing SMTP services, and still do (password required), but the majority of our customers are now unable to use it. We now recommend that everyone use their ISP's outgoing mail server. Another issue we ran into was a whole lot of mail gets rejected if reverse DNS entries aren't configured properly, and this would also be a problem for zombie machines. Perhaps I'm thinking of zombie machines as hijacked PCs and the real problem is hijacked servers.

I would assume, and I recognize that I could be completely incorrect, that most spam today comes from mass mailing companies. These companies of course use devious methods to deliver messages, from targeting open relays to abusing web hosts to running servers in "anything goes" data centers.

The reason I don't think that the motivation is the same as virus writers is that almost all spam, aside from phishing attempts and obvious goofs, has a link to an actual website selling something. If I were a virus writing kind of guy and wanted to send out a zillion junk messages, they wouldn't be advertisements for viagra because I'd want some kind of recognition.

If I had to bet, my money would be on the low percentage success rate. That is, it's cheap to send a million emails, and if only a tiny percent of those messages result in a sale, it's probably worthwhile financially. Spam *must* be a money game. It just doesn't make sense to me otherwise. Consider how the web is also being overrun by "spammers": bogus block sites, bogus search sites, bogus link sites, all designed to make money off a tiny little click through rate.

Wouldn't it be nice if some elite group of movie-style good guy hackers got together to knock the shit out of spammers? I'm not sure if there's any other solution but to knock them out. Legislation is minimal help, but only in certain countries. Anti-spam software is a band-aid and doesn't lessen much the financial burden of spam. Unless everybody in the world all at once decides to switch email protocols, I don't know if this will ever stop. It's obscene.

I don't really even use personal email anymore. I don't care to keep on top of my filters so I just don't bother. I remember a time when I checked my email multiple times every hour. Now I check it once a week to see if something came in from an address that I've got a routing rule for. "Downloading 393 messages....one of which is legit." Fun.

Not true

[NineNine]

That's not true. Spammers are paid a percentage or flat fee based on what is sold with their referrer ID. Nobody is paid just to spam. Google is the last major advertising company/industry on the web that actually pays people just to advertise, with no results. Porn and spam both figured out that per impression or per click or per email doesn't work, and there haven't been any of those programs available in either industry for at least the past 6 years (yes, they figured this out while all of the "straight" people were jerking themselves off during the dot-com bust).

Re:Not true

[MarkusQ]

Spammers are paid a percentage or flat fee based on what is sold with their referrer ID.

I beg to differ. First, such a system would be all but unenforceable, and I can't see the spamers (who are the ones that will be risking prosecution, after all) saying, "Oh sure, you can pay me when you sell something; I can tell you guys are honest." But it also doesn't fit the data. Let's take a look at my in box, shall we?

1. Some folks selling "C-i-a-l-l-i-s" (or trying to). Looking at the raw message, I see one http: link, to a .info domain, with nothing beyond the FQD. They could of course have a separate domain for each spammer they used, but given how specific their domain name is it doesn't seem likely.
2. A blank spam. No subject, no body, no referrer ID.
3. A note from my wife. No referrer ID.
4. A pump and dump stock scam spam, no response info of any kind, and thus untraceable. No web bugs or other place to hide a refere ID.
5. A question from one of my company's laywers. No referrer ID that I can see.
6. A note from a psycho that believes the internet is spying on him. Spam, in a sense, but I think he's trying to warn us out of the goodness of his heart. No ID of any kind, and I suspect that if he knew his emails contain a message ID and a give an idea of the route they followed getting here, he'd faint.
7. Image spam; quite possibly tracable (I don't know what they image is; I don't fetch 'em).
8. Guttenspam. No payload.
9. Another image spam.
10. A note from my boss commenting on one of my earlier /. posts.
11. Another anonymous stock tip.
12. And another.
13. Watch replicas, one link, with only a FQD.

Sorry, I'm just not seeing the referrer IDs you speak of.

--MarkusQ

I get these too.

[TheZorch]

My regular email address gets them from time to time but its my Final Fantasy XI PlayOnline email address that gets them the most.

They are emails with gibberish for subject lines and gibberish for contents. They are sentences which make no sense what so ever, random words put together that have little meaning at all. There's no ad, no link, and the addresses they are sent from are bogus (I know, I tried finding them). A few of these emails have originating address of @ds1.yahoo.com or @server1.paypal.com or @ddl.amazon.com and so on and so forth. The actual address itself is made up of random letters and numbers.

My theory, like those suggested aboove, is that these emails are sent by "Botnets" to random email addresses in order to see which ones don't bounce. This can be in preparation for sending ad-like spam or a prelude to a virus infestation. Or, like someone else suggested it could be a form of coded communication which is widely broadcasted in order to prevent the authorities from find out its true intended destination.

Re:WTF?

[fredklein]

"Yes, Jimmy, people really do buy spam advertised products"

Fine. Some idiots out there buy vi@gr@ from spam. But I'd be willing to be that damn close to 0% of people WHO ACTIVELY FILTER SPAM buy stuff from spam.

So, who do they try so hard to defeat spam blockers?? Think about it- they are working so very hard in order to make their message reach the very people who specifically try to block it.

Why?

Re:Weird one word spam lately...

[beadfulthings]

Eeuwh. Believe it or not, they can cause you many Maalox moments under certain circumstances.

Take a close look at these. If (a) you have a website, and (b) they come in pairs, or especially if they come in threes, they can be a signal that somebody is evaluating you for a bit of cross-site scripting--or worse yet, that they have you. They may look as though the sender has forged and garbled your email address--but then again, they may not look like that. Little spates of one-word messages merit a second glance. They're like the odd little sounds you might hear if someone were trying the doorknobs of your house in the middle of the night.

Re:WTF?

[dimfeld]

You're probably right about zero response from those who actively filter spam. But many people have spam filtered by their ISP or webmail service, and aren't even really aware of it. I think they are the main targets of spam filter evasion.

Re:Microsoft has and would benefit from spam.

[Spiked_Three]

Do you feel there is any connection between Islamic radicals, terrorism and Microsoft? I suppose you would argue that it's not about religion, but more about the attempt to suppress open source?

Re:Microsoft has and would benefit from spam.

[rk]

"So Microsoft intentionally ships crappy software so that spammers will disrupt communication among open source programmers? Did I get that right?"

No, silly! Microsoft intentionally ships crappy software so that spammers will disrupt communication among the Bilderbergers, The Freemasons, The Trilateral Commission, and the Council on Foreign Relations and then Microsoft sets up open source programmers as the bad guys creating the spam so that the Illuminati will hire the Knights Templar to kill off all the open source programmers.

It's brilliant. Really.

Google business plan?

[Bill+Dog]

I'm beginning to think they must be paying Google to never tag their crap as spam.

1) Offer free email with gobs of space to instantly become a major player in that area.
2) Punch blatantly obvious holes in the spam filters for your biggest-budget customers.
3) When people complain, simply remind them that it's still in beta.
4) Profit!

Re:My theory

[TFGeditor]

"would assume, and I recognize that I could be completely incorrect, that most spam today comes from mass mailing companies. These companies of course use devious methods to deliver messages, from targeting open relays to abusing web hosts to running servers in "anything goes" data centers."

Your are correct that you are incorrect. Simply examine the IP addresses that spam comes from: Comcast, RoadRunner, SBCglobal, Adelphia, ATT, kingwoodcable.com, cebridge.net, Verizon, calpop.com, atmlinkinc.com, Charter, uci.net, ctccom.net, Earthlink, Qwest, suddenlink.net, Sprint, knology.net, insightcom.com, mdm.net, zoominternet.net, mnsi.net, Netzero.

Those are just a few of the sources of spam that was in my spam folder this morning. It does not include andy of the 300 or so that were trapped at the server by an IP filter that blackholes anything sent from a foreign (non-U.S.) IP address.

Why so many different sources and why from consumer IP addresses if these are not zombied machines?

Wired Article

[aquowf]

Interesting article in august's wired magazine: http://www.wired.com/wired/archive/14.08/spamking. html [wired.com] It talks about the life and death of a "russian spam king", discussing the infamy as well as the money that spam brought him.