Experts say spam e-mail grows because it works

Jan 04, 2010 By Tim Barker

It was Ben Franklin who made the famous comment about death and taxes being the only things certain in life.

Of course, old Ben didn't have Internet access. Otherwise, he would have added to the mix.

No matter how many laws or brilliant minds we throw at the scourge of , spam always finds a way.

It finds a way because -- well, it works.

"The things that wind up in your in-box: They are there because people buy them," said Brandon Phillips, chief executive of Lashback, a St. Louis-based firm that monitors and rates bulk e-mailers based on their compliance with federal anti-spam laws.

Strange as it may sound, there are people out there willing to spend money on deals most people consider absurd. More than just a few, actually, according to a study released over the summer by the Messaging Anti-Abuse Working Group, a consortium of Internet and technology providers. The study found that half of Internet users have opened e-mail they thought was spam. Of those, 12 percent did it because they were interested in the product.

Exactly how much spam is out there is a source of some debate. Some studies have suggested it's around 85 percent of all e-mail. Some say it's 90 percent. Microsoft recently pegged it at 97 percent. Pick whichever number you'd like to believe. All that matters is that the vast majority of e-mail coursing through the Internet's veins is worthless, unwanted and sometimes dangerous.

Worse, most experts agree there's little hope you'll ever escape those unsolicited offers of free money, larger male members and secret weight loss techniques. Unless, that is, you unplug yourself from the net.

"People are sort of resigned to the fact they're going to get spam. It's just a question of how much," said Lorrie Cranor, an associate professor of computer science at Carnegie Mellon University in Pittsburgh.

It really comes down to money, and the fact that there is so much of it to be made by spammers, who need only a tiny investment to set up shop.

Generally speaking, all you need is an Internet connection ($20), an e-mail account (free), a list of e-mail addresses (about $50 for a million addresses) and a message to send. It takes just a few successful hits for the spammer to recoup expenses and turn a profit. The good ones can make thousands of dollars a day.

But there's also a more legitimate side of the business. And those are the ones who occupy the minds of the folks at Lashback. Phillips is quick to point out that reputable bulk e-mailers don't particularly like being called spammers.

Often, they're doing marketing work on behalf of companies like NewEgg, Match.com and eHarmony. And they generally adhere to rules set forth in the so-called CAN-SPAM act of 2003.

That's the law that, among other things, requires unsolicited commercial e-mail to include an "unsubscribe" feature that's supposed to take you off the mailing list.

Lashback offers a monitoring service that rates bulk e-mailers based on how well they comply with law. That information helps retailers and service providers decide who to use for their e-mail marketing efforts.

Just how well those unsubscribe buttons work has long been a matter of debate among security experts. Some advise you to never click the unsubscribe link, since it effectively tells the spammer that yours is a valid e-mail address.

"What we found out is that sometimes "unsubscribe" works. And sometimes it gets you on a list to be sent more mail," Phillips said.

Still, of the companies monitored by Lashback, he said the unsubscribe feature works at least 95 percent of the time.

Of course, legions of spammers out there make no effort at legitimacy. They are little more than pirates of the online world, pitching scams and spreading malicious programs.

You might even be helping them.

Much of the truly bad spam is essentially untraceable. Or, at least, it can't be traced back to the real senders, who often hide from authorities by using loose configurations of hijacked computers called "bot nets." It's a bit sobering to think that while you sleep tonight, your computer -- hijacked because it's infected with a virus -- could be sending out hundreds of thousands of spam e-mails.

On any given day, there are some 400,000 active bots in the world, according to Project Honey Pot, a group of developers and IT professionals who track spammer activities. The number has quadrupled every year since 2004.

Naturally, one of the ways spammers gain control of others' computers is through spam. A common ploy is an e-mail warning that a computer has become infected with a virus. The e-mail urges the user to click a link for a quick scan and repair. It fixes nothing, and instead installs a virus allowing the computer to be used as a bot.

"Spammers have gotten really smart. They are very good at social engineering," said Suzanne Magee, chief executive officer of TechGuard Security in Chesterfield, Mo. "They know how to play on your fears."

They are also in a constant state of war with security experts and anti-virus firms who try to block spam before it ever gets to you. A common filtering technique looks for, and blocks, all that appears identical, figuring it must be spam, said Cranor, of Carnegie Mellon.

Spammers counter with programs that insert random spaces or words into the text, making each message slightly different.

"It's sort of an arms race," Cranor said.

Explore further: Digital dilemma: How will US respond to Sony hack?

2.3 /5 (4 votes)
add to favorites email to friend print save as pdf

Related Stories

Image spam grows to 20 percent of spam

Jul 24, 2006

E-mail spam that relies on images to make it difficult to filter now encompasses 21 percent of all spam, said IronPort Systems, a San Bruno, Calif., company.

Spammers take advantage of World Cup

Jun 19, 2006

The World Cup is a field day for beer advertisers, travel agents, and now, it seems, junk e-mailers: soccer spam has popped up in almost every language.

Recommended for you

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Arikin
not rated yet Jan 04, 2010
Only new thing in this article is the percentage of people who actually click. Proves that a sucker is born every minute.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.