Whatever the Internet evangelists may preach, it may well be the case that the only real money to be made out on the long tail ends up in the pockets of the most skillful spammers. According to a story on the BBC NEWS Web site this morning, this hypothesis has now been tested by a one month study conducted jointly by University of California campuses in Berkeley and San Diego. Seven computer scientists infiltrated Storm, a key network for spam diffusion and studied the behavior of (harmless) spam campaigns of their own generation. Here is the account of the project and its results:
The team used these [Storm controller] machines to control a total of 75,869 hijacked machines and routed their own fake spam campaigns through them.
Two types of fake spam campaign were run through these machines. One mimicked the way Storm spreads using viruses and the other tried to tempt people to visit a fake pharmacy site and buy a herbal remedy to boost their libido.
The fake pharmacy site was made to resemble those run by Storm's real owners but always returned an error message when potential buyers clicked a button to submit their credit card details.
While running their spam campaigns the researchers sent about 469 million junk e-mail messages. The vast majority of these were for the fake pharmacy campaign.
"After 26 days, and almost 350 million e-mail messages, only 28 sales resulted," wrote the researchers.
The response rate for this campaign was less than 0.00001%. This is far below the average of 2.15% reported by legitimate direct mail organisations.
"Taken together, these conversions would have resulted in revenues of $2,731.88—a bit over $100 a day for the measurement period," said the researchers.
Scaling this up to the full Storm network the researchers estimate that the controllers of the vast system are netting about $7,000 (£4,430) a day or $3.5m (£2.21m) per year.
While this was a good return, said the researchers, it did suggest that spammers were not making the vast sums of money that some people have predicted in the past.
This final proposition is based on Udi Manber's old proposition that spam protection is best viewed as an ongoing arms race, meaning that those trying to make money from spam need to be as vigilant as those trying to avoid it. Under this proposition it is probably not realistic to try to scale daily revenue up to annual revenue. Nevertheless, at a time when many people reading their mail through the Internet are increasingly concerned with making their financial ends meet, there may well be an escalation in the "victim space," at least where scams such as those fake pharmacy sites are involved. We thus face the prospect that spam may continue to be a fundamental technology instrument for spreading the wealth. Unfortunately, the wealth its spreads comes from those who have very little of it in the first place, whose meager (in both numbers and finances) presence is magnified by a long-tail strategy!