Why spamming is an easy business – and the problems it causes
Recently, whilst searching for a particular solution on the Internet, I encountered the following post in a forum:
Surely, not the solution I was looking for. However, the post is strange and did catch my attention. Apart from the broken English, the forum post advertises “bp servers” and “mailing servers” from China to be used and abused by any person willing to pay a fee. Also notice that this is a recent post which might indicate that there seem to be new players in the spam market.
Interesting question: is it so simple to send a mass spam campaign? I just needed to contact the promoter of this service to find out. Here’s how it went:
The simple Math behind a spam campaign
This scenario is even more disturbing than I thought because the manufacturers who wish to sell their wares using spam techniques can actually skip the middle man (the spammer) and operate the campaign by themselves. In this case, the manufacturers are those who produce or resell fake medicine, healthcare products and other items that are typically marketed using spam methods. Many times these manufacturers do hire a spammer for a couple of weeks; however, they have to pay the spammer a commission rate for every product sold.
In such a scenario the costs of a spam campaign are the server and the mailing list. The tools to generate the spam messages are freely available and most probably will be included when hiring the spam service.
At 100,000 emails an hour, one can potentially send a total of 72 million emails in one month at a cost of $1,200. Access to a mailing list will cost in the region of $3,000 to $4,000. Let’s consider that 0.005% of those who receive the spam do purchase a $10 product; that would result in an income of $36,000 with a very high margin of profit.
There is a very interesting read which describes the global situation of spam. There is also a list of interesting webcasts with the one from Spammer-X being the most influential. Spammer-X is the nickname of an ex-spammer who retired from his activity and his webcast shows how spammers operate and how much money is involved in spam.
What does “bp servers” mean?
Again, I visit my beloved Google.com and enter “bp servers” as search criteria. I did learn that “bp servers” mean bullet-proof servers but more surprisingly is that many of the Google top results are from organizations promoting their spam services. The following screen shot shows part of first page results:
When analyzing such situations, there is always an Easter egg reserved for the conclusion: one of Google’s sponsored links was an organization promoting their spam solutions! By the way, MailingSolution.net is also registered in China. Some of these organizations are so entangled in the spam market that they are paying Google to have more client exposure.
It is fairly easy to send a spam campaign – it is cheap and the resulting incoming is high when compared to the costs and effort. In previous years, a spammer would have to own his network of servers, botnets and mailing lists. Currently, it seems that there is a shift in the spam market where the spam service is being sold directly to manufacturers and spammers alike.
Without any doubt, China is a key player in the spam problem and unless the authorities of this country start taking concrete measures in the fight against such illegal activity, problems will persist for all the millions of people who use email.
Andrei, great article. But I don’t agree with your conclusion about China. SPAM is in great measure a technical problem, which can be avoided with the right amount of technology. We all need to put our defenses in place, take the SPF initiative for example. Almost no one is placing their SPF records in their DNS, and because of that the ones of us who are using the technology can’t enforce it to bounce servers that fail the SPF check.
It’s a free and easy to set up spam prevention technology, but the vendors never promote them.
On the other hand, we can use public key infrastructure for DNS in the new DNSSEC implementation but we can’t put a trustworthy email exchange system in place?
SPAM is really a bigger problem that it seems and lots of resources and efforts are being spent without seeking a permanent solution.
Hi, Leandro thanks a lot for your valuable feedback. I do agree with your points. I also do agree that the spam problem is not tackled efficiently because we do not implement the protective and preventive measures (such as those you mentioned; SPF and DNSSEC).
Regarding the China comment, in my opinion, there is no will from the Chinese government to halt or counter the spam market. In the past there were other countries such as Pakistan, India and ex-USSR which had the same attitude as China does today. However, even though there is still high activity in these countries, they did move forward to play their part in this global spam problem.