NEWS FROM THE LAB - Wednesday, November 24, 2004

Spam is profitable Posted by Mikko @ 07:40 GMT

This is the problem: Spamming works. Spammers make good money out of it.

Which mean spammers can invest into their operations - making the problem worse.
Jeremy Janes
One of the few spammers ever sentenced, Mr. Jeremy Jaynes (aka Gaven Stubberfield) is a good example on how well this works. This spammer from North Carolina was making excellent money by sending out up to 20 million spam emails a day. Only few hundred of those would actually lead to a sale (reply rate would be just fractions of a percent). However, even that would be enough to create him an income of up to $750,000 a month.

Eventually, Mr. Jaynes built a fortune worth as much as $24 million - including several cars and several houses, with one mansion having 16 separate T-1 data lines connected to it to provide spamming bandwith.

The good news is Mr. Jaynes was arrested, charged and convicted. He's now serving nine years in a jail, which is in fact a surprisingly long sentence. His defense attorney argued that the prosecutors never proved the e-mail Jaynes sent was unsolicited.

The bad news is that there are hundreds of other spammers more than happy to jump in on this lucrative business.

We here at F-Secure also have evidence which would suggest that some spammers have succesfully recruited individual employees from anti-spam software developers. Which is like a plot from a bad sci-fi movie - 'come to the dark side - we'll double your salary'.

People who design antispam software would be the best experts to figure out how to make spam messages get through antispam filters. Spammers are also known to hire linguistics to assist them in developing spam emails that better evade antispam traps.

Such trends are disturbing, of course. What's next? Virus writers hiring anti-virus researchers?