Feeds

Spamming for Dummies

A cautionary tale

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Let's call him Stan. Our entirely fictitious character begins his work day, as many of us do, by opening his email client and checking for new messages. As usual, a few legitimate emails are hidden amongst a deluge of spam, one of which catches his eye.

‘2 Million Email Addresses for $19.95’

Already a keen businessman, Stan doesn't take long to realise that the designer jewellery he's selling from his website could move off the shelves a lot faster if he could reach two million people with each advertisement.

Within half an hour Stan has bought a list of two million unique email addresses, 50 per cent of which are verified live accounts. Accounts that are known to be live are worth more to the soon-to-be spammer as they are known to have a human at the receiving end reading the incoming email. From the same site Stan purchases a piece of software labelled as a powerful bulk email sender with which he can hawk his wares.

While designed with the novice in mind, the spamming software is slightly beyond Stan’s level and it takes some time for him to master. Stan sees this as time well spent of course, but with each mistaken stab, hundreds of blank or malformed emails are sent to unwitting recipients.

Pausing at this late stage to read the help file for his newly-purchased software, Stan realises it will take some time for the software to send two million emails, and the first spam run is best saved for evening when Internet dialup costs are at their lowest.

Spammer in training

By the end of the week Stan is able to assess the success of his first spam run. At this point he does not consider himself a spammer and hasn’t yet considered how his marketing efforts are adding to the spam tsunami.

A quick calculation tells Stan he received a tiny response rate: only 0.03% of the people he emailed actually bought something. But even with such a poor response, he generated a healthy profit. Stan feels very happy with himself and starts researching how best to increase his future spam runs.

In the following weeks Stan’s list of email addresses grows considerably. He now owns software that will search the Web for new addresses, software to sort his lists and eliminate duplicates and software to verify if email accounts are still active.

Unfortunately for our spammer-in-training, it doesn’t take long for his Internet Service Provider to notice the deluge of emails he is sending and they cut him off, politely reminding him that spammers are not allowed on their network.

Luckily for Stan, though, he has got to know some more prolific spammers through the spam-specific chatrooms. They advise him on some of the more spam tolerant ISPs available overseas, some self- proclaimed ‘bullet proof hosting’ companies based in China that will allow him to send spam and which operate software to aid him in his advertising efforts.

SANS - Survey on application security programs

Next page: The Untouchable

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.