Former Spammer Reveals Secrets in New Book

StonyandCher writes "A retired spammer is looking to make money from a tell-all book rather than fleecing people dependent on pharmaceuticals and people with gambling problems. In this Computerworld article 'Ed', a retired spammer, predicts the spam problem will only get worse, aided by consumers with dependencies and faster broadband speeds. From the article: 'He sent spam to recovering gambling addicts enticing them to gambling Web sites. He used e-mail addresses of people known to have bought antianxiety medication or antidepressants and targeted them with pharmaceutical spam. Response rates to spam tend to be a fraction of 1 percent. But Ed said he once got a 30 percent response rate for a campaign. The product? A niche type of adult entertainment: photos of fully clothed women popping balloons ... "Yes, I know I'm going to hell," said Ed."

Paid in CASH?!

[erroneus]

Oh I'm sure the "Department of Homeland Security" with the urging of the IRS will be drafting several letters to get the identity of this guy... paid in cash?! He is bound to be hit up for tax evasion. Yes, indeed he *IS* going to hell, but he won't have to die to get there!

Sod the spammer, how about the sources of his info

[Anonymous Coward]

'He sent spam to recovering gambling addicts enticing them to gambling Web sites. He used e-mail addresses of people known to have bought antianxiety medication or antidepressants and targeted them with pharmaceutical spam. '

Some companies dealing with confidential information clearly have been passing on this information.

This guy should be forced to disclose where he got the information from, so that these companies can be punished for poor data security, or worse, actually selling such sensitive private information on.

I also believe that there are laws against the exploitation of vulnerable people, but they're probably next to useless, and poorly defined (or specifically defined, so won't apply to X because it only mentions Y).

Jeeze! It is too simple

[iminplaya]

As long as there is demand, and the business is profitable, you will have spam. Trying to get rid of spammers will only make it more profitable and worth the risks for those remaining. Wake up! It is no different than anything else. The customer drives this business, not the seller. They(the seller) are simply a response. Talk about passing the buck!

Good news

[fermion]

Under the assumption that no one does nothing for nothing, this is good news as it indicates that the risk benifit curve has shifted so that selling a book is better money than spamming.

It is like those get rich quick schemes on paid TV. If it were so easy, then why is the promoter not making the million dollars a week instead of making cheesy commercials. If I made a million a week for a year, I certainly would not be on TV telling everyone about it, at the risk of reducing my real profit opportuities. I would hiding out in my fortress of richness and enjoying the money.

This also reinforces my assumption that for the most part spamming is just a way to make some easy money without much real work. Most people are not going to get rich off it, but if one is a country where a few thousand a year is good money, then hey, it beats doing honest work. It might even product the 20K a year one needs to live in the US. But like any organized crime, a few get insanely rich, and the rest get knocked off for pocket change.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Rule #1 - spammers lie.

[khasim]

A 30% response rate? Either:

a. That was an EXTREMELY targeted spam run. In which case, WHERE did he get the email addresses?

b. Considering that there are usually a few million emails sent out in a spam run, we're talking about hundreds of thousands of people who responded to that.

Neither one makes much sense to me. Oh, that's right. Rule #1 - spammers lie.

Re:One Percent With No Communication Cost!

[mpapet]

Interesting.

I find it very telling that there's very little of the usual /. moral outrage associated with spam.

It's clearly okay for corporations to collect and maintain detailed records of individual consumer preferences, financial records and medical records. And yet, when identity theft stories appear, there is the usual hue and cry "something must be done!"

It seems to me that few people understand the two go together like beer and potato chips.

It may, but there may be solutions

[Sycraft-fu]

It all comes back to the who risk/reward thing. Lower the ratio enough, and you'll find fewer people willing to do it. So on the one side is increasing the risk. Used to be spam had no risk, other than maybe somebody punching you if they found out what you did for a living. Now there's starting to be some risk as a few spammers are getting prosecuted. So that's the first part of the solution is to grow the risk. Get better at having criminal and civil penalties dropped on spammers.

Then, of course, there's reducing the reward, the amount of people who respond. This is a technical solution in the form of better spam filtering. It's already getting much better. Even just 5 years ago it was still somewhat rare to see ISPs filter their mail, now virtually all of them do. Also the filtering itself is getting better. Rather than just rely on a simple analysis of a given message it is cross checking messages, some of it even across different organizations. By improving this we can drastically drop the number of people they are able to successfully contact and thus lower the reward. If 1 in 100 spams go to someone, you don't need many of those someones to respond to make some money. However if less than 1 in 10,000,000 go through, you need a much higher response rate to make it worth while.

So while there's not a silver bullet it IS something that can be mitigated by going at it from a couple of different ways. If it goes from something you can make hundreds of thousands of dollars a year on with zero risk to something that it's hard to make a couple grand a month on that is likely to put you in prison, the number of spammers will start dropping.

Born Every Minute

[_Sprocket_]

From the article:

The ultimate unsolvable problem is users, who continue to buy products marketed by spam, making the industry possible.

Huh. There's a sucker born every minute. [wikipedia.org] The Interenet hasn't changed human nature - just given the con men more tools.

Re:Sod the spammer, how about the sources of his i

[Intron]

How many people work at credit card and insurance companies doing low-paid data entry? How much more could they make if they were using some of their time to make lists of names and addresses of people with specific ailments or problems and selling them on the black market?

Re:Jeeze! It is too simple

[spun]

Capitalism or any other economic system can in fact be tempered with a sense of justice, fairness, and decency and still function. One way of ensuring that justice, fairness, and decency prevail is to call out the opposite when you see it. Just because something is a certain way doesn't mean it should be. Your wording isn't clear, so let me ask straight up: are you saying we shouldn't criticize people who engage in immoral or unethical behavior but legal behavior?

If a system encourages the exploitation of weakness, is it in the best interest of the weak to support such a system?

Re:Sod the spammer, how about the sources of his i

[middlemen]

What about the possibility of spammers themselves working as data entry employees and then getting first hand access to data themselves and selling it or using it on the spam market ?

making spam less profitable

[cmdr_tofu]

Spammers pay real money for botnets/phishing websites etc, but their return is higher
than their expenses so they continue to plague us. Our spamfiltering solutions may
diminish their return, but apparently not enough.

One interesting approach (from MIT Spam Conference) was these guys (SPAMALOT), who basically interact with the spammer as much as possible.

http://acm.cs.uic.edu/~lszyba1/ [uic.edu]

I really think its a good idea. If a spammer is trying to get a credit card, give them 50000 phonies. Imagine what would happen to spammers if everyone responded to all their spam? The only probem I see is it might make it easy for malicious people to DOS real web stores, by sending out spam for those stores.

Any other ideas?

Re:One Percent With No Communication Cost!

[FireFury03]

Given that each of his communications cost $0.41 I'm assuming he's a snail mailer.

Sorry, I'm failing to see why sending snail mail spam is ok, but email and SMS spam, unsolicited telephone marketting, etc are bad.

Direct sales, no matter what the form, are a Bad Thing - they are an invasion of my privacy and make me go to some effort (whether that effort be answering the phone and telling someone to get lost, deleting spam emails or taking spam snail mail to the recycling bin).

Infact, snail mail spam is also bad since it increases my council tax (which goes towards paying for this stuff to be recycled).

I wonder if any companies involved in direct marketting do any research into how many potential customers they _lose_ - I actively avoid companies who do direct marketting to me in any way.

Re:Rule #1 - spammers lie.

[mollymoo]

Perhaps the mailing list in question consisted of those who responded to one of his previous spamming campaign for a similar niche. In TFA he mentioned repeat customers for meds; I guess the addresses of those who previously responded to spam must be the most valuable of all. You know that spam works on them and you know what they're into.

Re:One Percent With No Communication Cost!

[clodney]

If we ignore the environmental burden caused by printing and delivering snail mail spam, I find it much less obnoxious than email spam for a number of reasons:

1. It comes in once a day, and I can sort it in a few seconds, as opposed to trickling in all day long and distracting me.
2. Since it has significant costs to send, it is almost never as blatantly stupid as most of the spam emails I get.
3. Since the post office does investigate mail fraud (at least in the US), most of the offers may be stupid, but they are usually legitimate.

And really, snail mail spam is an invasion of your privacy? Care to explain that one? If your privacy bar is set so high that a piece of mail dropping in a box counts as a significant imposition how do you handle walking down the street or using public transportation? Wouldn't someone actually being able to see you be far more of an invasion of your privacy?

Re:One Percent With No Communication Cost!

[Proteus]

Sorry, I'm failing to see why sending snail mail spam is ok, but email and SMS spam, unsolicited telephone marketting, etc are bad.

Yes, yes you are. Let me break it down, since you're actually speaking of three things here:

1. With "postal spam", otherwise known as "junk mail":
   1. The sender bears the entire cost
   2. Fraudulent claims in ads are pursued
   3. The Direct Marketing Association will gladly remove you from member mailing lists (stopping about 85% of junk mail, in my experience)
2. With email and SMS spam:
   1. The recipient bears the majority of the cost (actually, the ISP does, in terms of increased bandwidth and storage requirements, but they pass these costs on to subscribers in order to keep making a profit; the distinction is therefor irrelevant).
   2. "E-mail fraud" doesn't have the same problems as mail fraud, and is not readily investigated
   3. There is no large central trade association that manages the majority of e-mail marketing -- you often can't get your name off of anyone's lists
3. With telemarketing:
   1. The caller bears the cost
   2. The recipient has no control over the timing (the phone rings during dinner, e.g.), making it very annoying
   3. There is a do-not-call registry

In short, people put up with junk mail because it doesn't cost them anything, only saps a couple of minutes of time once a day (at most!), and isn't particularly annoying.

People don't like e-mail and SMS spam because it costs them something, is very annoying, is often fradulent, and takes time and effort to deal with almost every time one checks one's mail. Likewise, telemarketing is very annoying.