Feeds

Spamming for Dummies

A cautionary tale

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Let's call him Stan. Our entirely fictitious character begins his work day, as many of us do, by opening his email client and checking for new messages. As usual, a few legitimate emails are hidden amongst a deluge of spam, one of which catches his eye.

‘2 Million Email Addresses for $19.95’

Already a keen businessman, Stan doesn't take long to realise that the designer jewellery he's selling from his website could move off the shelves a lot faster if he could reach two million people with each advertisement.

Within half an hour Stan has bought a list of two million unique email addresses, 50 per cent of which are verified live accounts. Accounts that are known to be live are worth more to the soon-to-be spammer as they are known to have a human at the receiving end reading the incoming email. From the same site Stan purchases a piece of software labelled as a powerful bulk email sender with which he can hawk his wares.

While designed with the novice in mind, the spamming software is slightly beyond Stan’s level and it takes some time for him to master. Stan sees this as time well spent of course, but with each mistaken stab, hundreds of blank or malformed emails are sent to unwitting recipients.

Pausing at this late stage to read the help file for his newly-purchased software, Stan realises it will take some time for the software to send two million emails, and the first spam run is best saved for evening when Internet dialup costs are at their lowest.

Spammer in training

By the end of the week Stan is able to assess the success of his first spam run. At this point he does not consider himself a spammer and hasn’t yet considered how his marketing efforts are adding to the spam tsunami.

A quick calculation tells Stan he received a tiny response rate: only 0.03% of the people he emailed actually bought something. But even with such a poor response, he generated a healthy profit. Stan feels very happy with himself and starts researching how best to increase his future spam runs.

In the following weeks Stan’s list of email addresses grows considerably. He now owns software that will search the Web for new addresses, software to sort his lists and eliminate duplicates and software to verify if email accounts are still active.

Unfortunately for our spammer-in-training, it doesn’t take long for his Internet Service Provider to notice the deluge of emails he is sending and they cut him off, politely reminding him that spammers are not allowed on their network.

Luckily for Stan, though, he has got to know some more prolific spammers through the spam-specific chatrooms. They advise him on some of the more spam tolerant ISPs available overseas, some self- proclaimed ‘bullet proof hosting’ companies based in China that will allow him to send spam and which operate software to aid him in his advertising efforts.

Designing a Defense for Mobile Applications

Next page: The Untouchable

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.