It seems amazing that a single firm can be responsible for so much spam traffic. Security researchers have been watching McColo and collecting evidence of wrongdoing for over a year, and they were the ones who eventually brought the evidence to McColo’s ISPs and asked for the shutdown. U.S. law enforcement officials aren’t giving statements about the case or about the potential repercussions for McColo’s spamming actions. After all, firms like McColo provide a service, and they frequently claim ignorance when a client misuses that service, making them tough to blame for annoyances like spam traffic. Shutting them down is frequently difficult, because as frustrating as spam is, it isn’t illegal. In this case, McColo might have broken no laws, and they haven’t been charged with any crime. The spam decrease, however, is a welcome change for the companies and consumers who monitor its traffic. 

Of course, the respite won’t last; experts caution that the slowdown in spam is only temporary because other servers will start taking up the slack. In fact, you might have noticed your spam inbox filling up once again with the usual assortment of ads and scams. But we can take some hope from this case, at least. Everyone from the security professional to the average consumer is fed up with spam, and finally, some steps are being taken to help curtail it. Perhaps more pressure from a frustrated community could help to shut down additional spam servers worldwide, or perhaps a “Do Not Spam” list will eventually be created to spare our accounts from the onslaught. With annoying sales pitches, false advertising and identity-stealing scams peppering our email accounts daily, a change can’t come too soon.  

Sources for this article: The Washington Post. Photo courtesy of freedigitalphotos.net.

The answer is as simple as it is frustrating: Spam works.

Up until recently, the general belief was that spam received low response rates, meaning that a million spam messages sent might result in 10 purchases, tops. But on August 19, the Internet security company Marshal released a study regarding the success of spam email marketing. It found that not only were people reading their spam emails, but that 29% of Internet users surveyed admitted to actually BUYING something from a spam email. Perhaps not surprisingly, the most popular items purchased were sexual-enhancement products, adult material, pirated software and luxury items, many of which are knock-offs.

And before we can assume that “regular” people don’t buy anything from spam, we must remember what the spammers are selling. Marshal’s VP of Products, Bradley Anstis, said, “The Internet provides convenience and a degree of anonymity to people who want to buy illegal or restricted goods. It is a black market and spam has become a conventional means of advertising to a willing audience of millions of people who are purchasing from spam.” Worse, most of those who admitted to buying from spam also admitting to buying multiple times from spam. A similar poll by Forrester Research in 2004 found that fewer people (20%) were buying products from spam emails, which means that, if this recent survey is accurate, the percentage of spam-buyers has gone up significantly in 4 years.

Can this be true? Can almost one-third of Internet users actually be misled enough to buy things advertised in spam? That doesn’t inspire a lot of hope for the fight against unsolicited email marketing. After all, maybe the spammers are actually giving people what they want: an anonymous way to buy questionable stuff they can’t get elsewhere.

Before we get too despondent, it helps to keep in mind that the poll surveyed just 622 people, hardly a representative sample of Internet users. In fact, that’s a less than .0002% sampling of the roughly 360 million people using the Internet (according to Download Squad). Add to this the fact that there is some skepticism regarding the veracity of these numbers because of the small sample and the data gathering method in general (Terry Zink’s anti-spam blog, for example, raises questions about whether so many people would actually make purchases from their spam folders). Even aside from the skepticism, one can find instances of general “who cares?” attitudes about the number of purchases made through spam; as Lee Mathews of Download Squadput it, “People decide to buy things from all kinds of unwanted sources: flyers, stickers, magazine insert cards, bumper stickers, board signs at hockey games. Why is it big news that people buy products advertised in spam?” He’s got a point; we assume spam is widely disdained, but every unsolicited marketing campaign can find a handful of people willing to buy from it. 

Still, spam is annoying to most of us, and in recent years, spam messaging has grown by leaps and bounds; the Marshal TRACE (Threat Research and Content Engineering) team found that global spam volume doubled for the year ending in June 2008, with approximately 150 billion spam messages sent per day. That, according to Marshal, accounts for more than 85 percent of the total emails sent around the world, and because it uses bandwidth and resources (and also because it’s increasingly becoming a means to spread malware), it’s a major problem for Internet security professionals and for the public in general. It’s true that most of the spam ends up filtered, so it’s just a small percentage that makes it into a user’s inbox. But once it gets to the inbox, the response rates go up much higher than the 10-purchases-per-million-messages estimate.

Thanks to the advent of botnets (which infect regular people’s computers and allow criminals to send messages without the need for their own servers) and the sheer cheapness of spam messaging (Marshal estimates the cost can be as low as $5-10 US for a million messages), spam is a very lucrative endeavor for those selling less-than-legitimate products and services. But it wouldn’t be worthwhile at all, of course, if people didn’t buy what the spammers were selling. As the website SpamDontBuyIt.orgpoints out, “if you buy products or services from spam email, you are just as guilty as the spammers for creating the problem.” It’s a simple supply-and-demand equation: if spam didn’t pay, spammers wouldn’t do it. Which means we, as Internet users, must take a little responsibility for the ever-increasing pile of spam emails in our inboxes.

Seems obvious, but up to 29% of Internet users don’t seem to understand. Or maybe they just don’t care. Either way, you can take ownership for your own role in the spam problem: Don’t buy what you see in spam.

Sources for this article: Marshal, SpamDontBuyIt.org, Download Squad, Terry Zink’s anti-spam blog