The team managed to get into the Storm botnet and configured the command and control infrastructure so that results were sent back to them for analysis. The team followed three spam campaigns, involving 469 million pieces of spam, and have published their results.
“Spam-based marketing is a curious beast. We all receive the advertisements—“Excellent hardness is easy!” —but few of us have encountered a person who admits to following through on this offer and making a purchase,” says the report.
“And yet, the relentlessness by which such spam continually clogs Internet inboxes, despite years of energetic deployment of anti-spam technology, provides undeniable testament that spammers find their campaigns profitable. Someone is clearly buying. But how many, how often, and how much?”
The researchers found that after a campaign for pharmaceuticals the spammers were achieving a 0.00001 per cent conversion rate from spam to sale, and that all but one of the sales was for ‘male enhancement’ products.
Nevertheless the low cost of sending out vast amounts of mail (they estimate US$80 per million) meant that the spammers could potentially get revenues of $AU4m million a year from spam, although how much of that is profit is unknown.
The research also revealed some interesting data on the effectiveness of anti-spam systems.
Anti-spam filtering systems were typically cutting out around a quarter of all spam emails, indicating that they are a serious concern to spammers but not widely deployed enough to cut traffic significantly.
Moreover the effectiveness of blacklisting was also called into question, since lists had to be updated every half hour and were frequently ineffective.