Feeds

Spamming for Dummies

A cautionary tale

  • alert
  • submit to reddit

High performance access to file storage

Let's call him Stan. Our entirely fictitious character begins his work day, as many of us do, by opening his email client and checking for new messages. As usual, a few legitimate emails are hidden amongst a deluge of spam, one of which catches his eye.

‘2 Million Email Addresses for $19.95’

Already a keen businessman, Stan doesn't take long to realise that the designer jewellery he's selling from his website could move off the shelves a lot faster if he could reach two million people with each advertisement.

Within half an hour Stan has bought a list of two million unique email addresses, 50 per cent of which are verified live accounts. Accounts that are known to be live are worth more to the soon-to-be spammer as they are known to have a human at the receiving end reading the incoming email. From the same site Stan purchases a piece of software labelled as a powerful bulk email sender with which he can hawk his wares.

While designed with the novice in mind, the spamming software is slightly beyond Stan’s level and it takes some time for him to master. Stan sees this as time well spent of course, but with each mistaken stab, hundreds of blank or malformed emails are sent to unwitting recipients.

Pausing at this late stage to read the help file for his newly-purchased software, Stan realises it will take some time for the software to send two million emails, and the first spam run is best saved for evening when Internet dialup costs are at their lowest.

Spammer in training

By the end of the week Stan is able to assess the success of his first spam run. At this point he does not consider himself a spammer and hasn’t yet considered how his marketing efforts are adding to the spam tsunami.

A quick calculation tells Stan he received a tiny response rate: only 0.03% of the people he emailed actually bought something. But even with such a poor response, he generated a healthy profit. Stan feels very happy with himself and starts researching how best to increase his future spam runs.

In the following weeks Stan’s list of email addresses grows considerably. He now owns software that will search the Web for new addresses, software to sort his lists and eliminate duplicates and software to verify if email accounts are still active.

Unfortunately for our spammer-in-training, it doesn’t take long for his Internet Service Provider to notice the deluge of emails he is sending and they cut him off, politely reminding him that spammers are not allowed on their network.

Luckily for Stan, though, he has got to know some more prolific spammers through the spam-specific chatrooms. They advise him on some of the more spam tolerant ISPs available overseas, some self- proclaimed ‘bullet proof hosting’ companies based in China that will allow him to send spam and which operate software to aid him in his advertising efforts.

High performance access to file storage

Next page: The Untouchable

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.