Saturday, November 15, 2008

Why you still get spam: 1 in 12 million is all it takes

If you've ever thought: "Surely no-one buys anything from these stupid spam emails?" you were nearly right but not quite. Turns out less than one in 12 million spam emails results in a sale, according to a study from University of California researchers.

To carry out the study, the researchers took over part of the Storm botnet and sent out almost 350 million emails advertising a dummy pharmacy site. This resulted in 28 sales or a return of less than 0.00001 per cent. (The rate of return from legitimate direct mail organizations is 2.15% according to this BBC report on the story.) Yet even with this incredibly low rate of return, the study estimates that an organization the size of Storm could still generate $2 million/year.

The good news is that returns are so low that spammers are working on much lower margins than previously thought. This suggests that they may be vulnerable to attacks that even slightly tip the scales by adding costs or difficulties to their operations.

