Where the heck is all this spam coming from?
The growth of the spam problem in 2002 has been exponential,writes Kevin Murphy
. Companies that sell spam filtering software say currently the percentage of email that is spam could be 20%, 33%, or even up to 50%, compared to less than 10% a year ago.
While the rise in spam is easy to notice, it is hard to quantify. Spam is by definition "unsolicited commercial email", and often spamees cannot remember signing up to have their email addresses added to lists, or were not aware they were doing so.
BrightMail Inc, the market leader in anti-spam services, says emails sent to its honey-pot email addresses are by definition unsolicited, and that it has seen spam on its customers' networks increase from 8% of mail to 41% of mail in the last 14 months.
Wasting time deleting UCE can be a productivity concern for enterprises. A survey by SurfControl Plc said 25% of enterprise email is spam and that each message costs up to a dollar. CloudMark Inc said 10 spams per day could cost a company $86 per employee per year.
Even if getting spam was free, there's a general consensus it's still annoying enough to want to filter. But why has it become so much of a problem this year? We asked executives from companies that provide anti-spam software and services to explain.
"Now anyone can do it," said Pavni Divanji, CEO of MailFrontier Inc. "The process is so streamlined. You can buy a CD of email addresses, buy mailing software, find an open relay and start doing it. People think it's easy and that they can make a few dollars off it."
The economics of spam are attractive for both the spammers and the companies that pay them to spam, particularly given the macro economy in the US. Email marketing has low response rates, typically less than half a percent, but is very, very cheap.
Growing numbers of e-businesses can't blow $50m of IPO money on TV and direct mail campaigns any more, and all the people they laid off into a depressed job market are looking for new sources of income.
Enrique Salem, CEO of BrightMail, said he talked to a spammer last week who was paid $1,500 to send one million spams. Even with a response rate of just one tenth of a percent, that's 1,000 likely customers reached for $1.50 a head. For the spammer, the cost was negligible.
"A lot of the Chinese, Korean and Latin American spam originates in the US ... People are looking at alternate ways to make money. It's a way to augment their income," said Salem. "Companies are looking at alternative ways to market and reach customers."
It's also exceptionally easy to get started as a spammer. CDs of 150 million email addresses can be bought for as little as $100 online. Web sites maintain lists of open email relays, many in Asia, which can be used to push mail through.
"The social stigma has gone," said MailFrontier's Divanji. "People don't think twice about doing it."
This point is debatable. While spammers think as long as no laws are broken they are not doing anything wrong, recent published interviews with spammers tell stories of harassment from irate spamees, both online and off.
But, just as finding people who respond to spam is a numbers game, finding people who have no ethical qualms with eating the bandwidth of millions of people and giving them headaches every morning should be easy.
"If this trend continues unchecked, it's going to make email unusable," said Salem.
O'Really Merchandise at El Reg
How to trace spammers and deal with them - permanently
Sponsored: Becoming a Pragmatic Security Leader