dslreports logo
Spam Success: A 1 In 12.5 Million Shot
Response rate of just 0.00001 per cent still rakes in the dough...

A frequent refrain in our forums whenever spam is mentioned is: "well, who clicks on this garbage, anyway?" According to a new spam study, e-mail spam generally gets 1 response per 12,500,000 emails. The study was conducted by a team of seven computer scientists from University of California, Berkeley and UC, San Diego (UCSD) who infiltrated the Storm botnet network. Using 'proxy bots' the researchers used 75,869 zombie machines to conduct a fake spam campaign. "After 26 days, and almost 350 million email messages, only 28 sales resulted," says the research paper -- a response rate of just 0.00001 per cent - but still hugely profitable.

view:
topics flat nest 

birdfeedr
MVM
join:2001-08-11
Warwick, RI

1 edit

birdfeedr

MVM

better odds than

Power Ball.

Ya gotta play to win.™

BIGMIKE
Q
Premium Member
join:2002-06-07
Gainesville, FL

BIGMIKE

Premium Member

Re: better odds than

Click for full size
stupid people

Radio Active
My pappy's a pistol
Premium Member
join:2003-01-31
Fullerton, CA

Radio Active

Premium Member

Re: better odds than

said by BIGMIKE:

stupid people
I don't click on spam, but I do eat SPAM. I like it. It grills nicely and it tastes good. When utilities are down it's good uncooked. My kids like it, too. Wifeypoo hates it. She might starve.

Smith6612
MVM
join:2008-02-01
North Tonawanda, NY

Smith6612

MVM

Re: better odds than

mmmm... SPAM!

Ytsejamer1
join:2008-01-18
Somersworth, NH

Ytsejamer1

Member

So you're sayin' there's a chance....

thought that dumb and dumber line was appropriate!

On another related note I'm still enjoying the fact that my work gets 90K less spam emails a day with that spam company getting closed down last week.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

1 edit

FFH5

Premium Member

Scientists should be prosecuted for 350 million spam msgs

Using 'proxy bots' the researchers used 75,869 zombie machines to conduct a fake spam campaign. "After 26 days, and almost 350 million email messages, only 28 sales resulted," says the research paper -- a response rate of just 0.00001 per cent - but still hugely profitable.
Did they get law enforcement OK to send out 350 million spam msgs? If not, they should be prosecuted for sending spam email. They could have done their research in other ways than actually sending out 350 million spam emails.

AnonDuffer
@kaballero.com

AnonDuffer

Anon

Re: Scientists should be prosecuted for 350 million spam msgs

Ayup!

Usually when someone publicly admits to a crime some aspiring young prosecutor jumps up to prosecute.

They spammed. They sold. They profited. They admit it.

Easy enough to try this one.
ksuderman
join:2001-10-21
Poughkeepsie, NY

1 recommendation

ksuderman to FFH5

Member

to FFH5
I was wondering the same thing, and not only law enforcement but the university's ok for this. Not only did the researchers send out spam they also committed 76,000 acts of criminal trespass. Most "respectable" universities have ethics guidelines for researchers: first commit no crimes, second don't use humans without their informed consent. I wonder if the researchers got the informed consent of the 76,000 owners of the zombie machines they took over?

LiersAllOfThem
@k12.mi.us

LiersAllOfThem

Anon

Re: Scientists should be prosecuted for 350 million spam msgs

Now see... thats the problem with this country....
Too many Lawyers waiting to sue at the drop of a hat.

Who wants to do research when you have a group
of lawyers leerking overhead waiting for something
to sue about. Get a stinking life!

AnonDuffer
@kaballero.com

AnonDuffer to FFH5

Anon

to FFH5
Ain't the power of censorship a heady brew? Karl?

They sent the spam.
They sold the product.
They profited.
They admit it.

I think prosecution is appropriate, or am I not even allowed to have an opinion?
Expand your moderator at work

birdfeedr
MVM
join:2001-08-11
Warwick, RI

birdfeedr to AnonDuffer

MVM

to AnonDuffer

Re: Scientists should be prosecuted for 350 million spam msgs

said by AnonDuffer :

or am I not even allowed to have an opinion?
You have it, and you told us twice! Impatient much?

Actually, I've gotten stuck in the technology loop too. Called in to a local talk radio show, and it sounded like I was cut off, so I called back, and sounded like I was cut off again. So with the phone still connected I launched into a long, creative string of expletives that would make a sailor blush, then hung up.

Turned on the radio to hear the tail end of the host chastising me for my response. "Tell us what you really think."

Sock Puppet
Premium Member
join:2000-10-09
Parker, CO

1 recommendation

Sock Puppet to AnonDuffer

Premium Member

to AnonDuffer
They never actually sold anything, they stopped short of doing so as the article conviently left that out:

This article has more detail:

»voices.washingtonpost.co ··· _at.html

To this point no one has been successful in stopping spam. It seems like the next logical step is getting in the spamers minds and determining their distribution avenues and success rates. If ultimately their research can be used to help stop spam, I personally do not care that I got one extra spam, with a link that I would have never clicked anyway, going to a site where you actually could not purchase anything.

birdfeedr
MVM
join:2001-08-11
Warwick, RI

birdfeedr

MVM

Re: Scientists should be prosecuted for 350 million spam msgs

said by Sock Puppet:

They never actually sold anything, they stopped short of doing so as the article conviently left that out:

This article has more detail:

»voices.washingtonpost.co ··· _at.html

Thanks for the link. Reading it, it appears that the researchers did not use the botnet to send spams. Instead they hijacked a small enough number of nodes to change the spams that were already going out (under someone else's direction, so charge them with malfeasance, if you can find them). Instead they were re-directed to the researcher's fake pharmaceutical website. The fake pharmaceutical website worked up to the point of checking out, so there were no personal or financial details invloved.

The spams which, when clicked, would have infected the users with malware, redirected the click-ers to a website that merely counted hits.

None of the above by the researchers is actionable. And trying to get a handle on the spam scourge by understanding some of the dynamics is within the realm of ethical.

meh37
@verizon.net

meh37

Anon

Re: Scientists should be prosecuted for 350 million spam msgs

What if the 28 hits were just other researchers researching spammer websites?
moonpuppy (banned)
join:2000-08-21
Glen Burnie, MD

moonpuppy (banned) to FFH5

Member

to FFH5
said by FFH5:

Using 'proxy bots' the researchers used 75,869 zombie machines to conduct a fake spam campaign. "After 26 days, and almost 350 million email messages, only 28 sales resulted," says the research paper -- a response rate of just 0.00001 per cent - but still hugely profitable.
Did they get law enforcement OK to send out 350 million spam msgs? If not, they should be prosecuted for sending spam email. They could have done their research in other ways than actually sending out 350 million spam emails.
It's not like the ISP are going to stop it anytime soon.

meh37
@verizon.net

meh37 to FFH5

Anon

to FFH5
Spam isn't actually illegal, as long as you conform to the "directives" of CAN-SPAM (hence the "I CAN SPAM" moniker), which I would presume they did.

I don't see, though, how "28 sales" indicates to "hugely" profitable. Well, there's a sucker born every minute... or 28 suckers... or anyone who opens junk mail (dumb) & clicks on a link (dumber).

TSI Gabe
Router of Packets
Premium Member
join:2007-01-03
Gatineau, QC

TSI Gabe

Premium Member

Spam?

So they had to send more spam just to figure this out?

Nightfall
My Goal Is To Deny Yours
MVM
join:2001-08-03
Grand Rapids, MI

Nightfall

MVM

Let me calculate this

Cost of buying 350 million email addresses = $15
Cost of sending 350 email messages = $5 (if that)
28 sales returned resulting in a profit of $10 per sale
$280 - $20 = $260 profit for virtually no investment in time.

jmn1207
Premium Member
join:2000-07-19
Sterling, VA

jmn1207

Premium Member

Re: Let me calculate this

said by Nightfall:

Cost of buying 350 million email addresses = $15
Cost of sending 350 email messages = $5 (if that)
28 sales returned resulting in a profit of $10 per sale
$280 - $20 = $260 profit for virtually no investment in time.
Don't forget the satisfaction of making 1 person out of 12.5 million be longer in bed watch 4 zoom! p3n1s ci4liss!!
cornelius785
join:2006-10-26
Worcester, MA

cornelius785 to Nightfall

Member

to Nightfall
i'd say even the $15 on the email addresses is not really needed since, from what i've read, spammers have bots that scour the internet for email addresses. considering that it looks like spamming is moving more towards bot nets, i'd say the cost of the internet connection is probably only ~$50 with a good bot net. you are also assuming the spammers have somewhat legit business offers as in it isn't a scam to get thousands from you and it won't steal your identity. any way you look at it, there are 2 things that are true about spamming, 1) highly profitable for the work you put in and 2) you are of a person.

sure would be funny if the bot found the spammer's email address and start to spam that address too.

Nightfall
My Goal Is To Deny Yours
MVM
join:2001-08-03
Grand Rapids, MI

Nightfall

MVM

Re: Let me calculate this

said by cornelius785:

i'd say even the $15 on the email addresses is not really needed since, from what i've read, spammers have bots that scour the internet for email addresses. considering that it looks like spamming is moving more towards bot nets, i'd say the cost of the internet connection is probably only ~$50 with a good bot net. you are also assuming the spammers have somewhat legit business offers as in it isn't a scam to get thousands from you and it won't steal your identity. any way you look at it, there are 2 things that are true about spamming, 1) highly profitable for the work you put in and 2) you are of a person.

sure would be funny if the bot found the spammer's email address and start to spam that address too.
I was calculating it out as if you bought the email addresses. They sell 500 million addresses on ebay for $10 or so. I have no idea how much it costs to relay that many emails through an open relay, but there has to be software to do that for free. Still, its a huge ROI.

TechyDad
Premium Member
join:2001-07-13
USA

TechyDad

Premium Member

Re: Let me calculate this

Also remember that that e-mail address purchase can be used multiple times. So if you buy 350 million e-mail addresses for $15 and use that list for even 5 spam campaigns, your investment per campaign (for the addresses) drops to $3. Using the rest of your figures, your ROI rises to 3,500% ($280 / ($5 + $3)). Use the list for 15 campaigns and your ROI is 4,667%.
TechyDad

TechyDad to Nightfall

Premium Member

to Nightfall
Yup. It's a 1,400% ROI. It's no wonder that you can't stop spam. With a Rate of Return like that, you will always have someone with a low sense of morals willing to cash in.
ctggzg
Premium Member
join:2005-02-11
USA

ctggzg to Nightfall

Premium Member

to Nightfall
Whew. I thought that was going to be another stupid MasterCard "priceless" joke -- you know, the ones that stopped being funny about 10 years ago and weren't even very funny back then.

woody7
Premium Member
join:2000-10-13
Torrance, CA

woody7

Premium Member

pffttttt........

If they really wanted this to go away, it would. This isn't rocket science.

Just go after the facilitators.
thisisfutile
join:2006-03-11
Newcomerstown, OH

thisisfutile

Member

Whining vs solutions

I see a lot of whining and complaining, but no solutions for a comparable result. I personally was curious about this statistic and now I know. Furthermore, the 28 suckers that were duped would have been duped anyway. I'm sure this sort have thing has been tested before, it's just those people didn't publish it (probably for fear that readers would react like this forum is). I guess now I'm curious if the university gave them their money back with some information about how to avoid spam and the temptations they offer.

Seriously though, what would have been a better approach?

jack b
Gone Fishing
MVM
join:2000-09-08
Cape Cod

jack b

MVM

Re: Whining vs solutions

said by thisisfutile:

Seriously though, what would have been a better approach?
Too bad they couldn't have disinfected the zombies they accessed, that way they would have eliminated 0.00001 per cent of the problem.

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

Metatron2008

Premium Member

Spam award!

So if spam only hits 1 in 12.5 million, what special designation do we give to that 'special' person who is one in 12.5?

morbo
Complete Your Transaction
join:2002-01-22
00000

1 recommendation

morbo

Member

Re: Spam award!

said by Metatron2008:

So if spam only hits 1 in 12.5 million, what special designation do we give to that 'special' person who is one in 12.5?
death

MrMoody
Free range slave
Premium Member
join:2002-09-03
Smithfield, NC

MrMoody to Metatron2008

Premium Member

to Metatron2008
It's always worth doing when there are people like this woman.

gordoco
join:2004-06-05
Boulder, CO

gordoco to Metatron2008

Member

to Metatron2008
said by Metatron2008:

So if spam only hits 1 in 12.5 million, what special designation do we give to that 'special' person who is one in 12.5?
Still small.

shadowshack
strange days
Premium Member
join:2000-09-04
Sewell, NJ

shadowshack to thisisfutile

Premium Member

to thisisfutile
They sent out about one spam per US population. Take away the computers of the 28 idiots that respond to spam, the profit in spamming disappears, and the rest of us are golden.

meh37
@verizon.net

meh37 to thisisfutile

Anon

to thisisfutile
First, define "spam" or "spammer": anyone whom you don't know (and don't want to know) who sends you some message you didn't opt-in for because he/she wants something from you, whether it's your money (commercial/profit or non-profit), your vote (political), or your soul (religious). (The really key word there being 'opt-in'.)

What else?

Suggestion: how about a new email protocol feature, requirement being that all spammers label a message as 'SPAM' to make it easy for every email program/system to filter it out? Spammers will have no problem with that, right? (HO Ho ho)

RARPSL
join:1999-12-08
Suffern, NY

RARPSL

Member

What were they offering?

When I look at the number of "sales" compared with the number of spam-messages/"offers", I wonder what the spam message was offering. Without that information (or a copy of the message text) it is hard to evaluate the response rate. If the offer was something that was not intended to produce a "sale" then a low response rate would be expected. OTOH, if the offer was something believable, than the response rate would be newsworthy.

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

Metatron2008

Premium Member

Re: What were they offering?

Why it's what all spam offers!

Buy a free penis/ get enlarged!
Free money! Just be an idiot who responds!
Free stuff! Be idiot and respond!
CMoore2004
Premium Member
join:2003-02-06
Jonesville, MI

CMoore2004

Premium Member

Serious

Who can take this article seriously? You might get a bigger response selling computers versus selling Cialis or other ED prescription drugs. And what about the pricing? What about the fact many people don't have money to spend on whatever they please to, whereas a year ago the spending trends were much different?

bilge barker
@mcn.org

bilge barker

Anon

hello!

no sales were finalized!

read the damn report!
ksuderman
join:2001-10-21
Poughkeepsie, NY

ksuderman

Member

Re: hello!

No sales were finalized, but the order was recorded; the server simply returned an "error" when the user tried to check out.

All but one order was for male enhancement drugs... that's got to tell you something...
Gogo1
join:2004-05-27
Brooklyn, NY

Gogo1

Member

My spam went down

I was getting a good 30 spams a day until that bust last week. Especially loads from a sender with the name of something like "Sensation News." That has disappeared. The reduction I have had has been dramatic. Must be about 80%. Amazing and pretty sad most of the worlds spam comes from just one or two locations and it cant seem to be stopped. No doubt Ill be seeing them all again soon.

dataice
Premium Member
join:2002-10-27
Crisfield, MD

dataice

Premium Member

Re: My spam went down

Same here. I was averaging about 100 spams in my inbox per day, now I am averaging about 20 per day. However, I know that it will be short lived.

Skyscrapper
@comcast.net

Skyscrapper

Anon

Response rate

If that was the reponse rate for traditional mail marketing, they would be out of business. But since it's so cheap I guess I can see the attraction. But still the response rates seem horrible. Great to see they took down a major spam player in the last week though. But probably still a good idea to keep SpamBully installed still....for now