A Spammer's Little Black Book

In my last post, Spam – A Lucrative Parallel Economy in Europe, I wrote about the economics of spam according to a study by Prof. Dr. Thorsten Holz of Germany. Today I want to share more details from that study as well as a surprising discovery. When you think of spammer's databases of addresses, you may assume they're predominately populated with Hotmail, Gmail, Yahoo!, or large, European freemail addresses. Surpisingly, it's not that way at all.

In 2010, the closely guarded spam affiliate program Spamit was closed down. The administrators blamed their demise on public scrutiny. Before Spamit’s closure, Prof. Dr. Thorsten Holz, along with his team, were able to obtain a copy of Spamit’s sister site, Spamdox.biz’s forum. The team analyzed Spamdot.biz’s webforum to better understand how spammers network, communicate, and generate profit. Spamdot.biz’s member base of almost 2000 users were almost entirely Russian speaking (91.3%). To join the community, a prospective member must be thoroughly vetted by a process that required at least three referrals from existing members and those referring members were required to either meet a minimum post requirement or be directly referred by so called “Trusted Members." According to their report, the forum was divided into two main categories: Spam Community and Vendor Services.

Considering that a Cutwail client's greatest problem turned out to be invalid addresses (53.3% of Cutwail’s message failure was due to bad addresses) and not spam filters, it’s no surprise that the hottest items for sell were list of email addresses. The cost of the list depended on the validity of the addresses and the type of address. Free-mail addresses like Yahoo!, Hotmail or Gmail were considerably less lucrative. They sold at a rate one-half of other addresses which is a good indicator of the impact of Microsoft's, Yahoo!'s, and Google's anti-spam technologies. The cost for one million addresses could be between $25-$50.

The most successful of Cutwail’s clients had custom lists. From  the report:

“By comparing the email addresses, file names and the vendor who provided the list, we were able to assess their relative effectiveness. More specifically, we found that the most successful clients had custom lists, that contained unique addresses that were not shared by any other clients, and most importantly, the addresses were valid. On the other hand, Client-1 appeared to be using default lists (possibly included for free), on every server. Thus, these lists were lower in quality, and therefore contributed to less effective spam campaigns.”

The general consensus has previously considered large freemail providers as a spammer’s paradise, at least when it comes to harvesting spammable addresses. But Dr. Holz’s analysis of Cutwail’s botnet showed the opposite. When shopping for lists, spammers avoid the large freemail providers and pay good money for high quality list.  For spammers, “high quality” means valid addresses and not Hotmail, Gmail, Yahoo!, or large, European freemail providers. Their spam filters are so good, spammers pay more to avoid them.

List quality and hygiene is one email theme that never gets old. This is probably because list quality remains an issue for legitimate mailers. In April, the Email Marketing Industry Census published by Econsultancy stated that “the quality [or lack of] of email lists databases remains a major barrier to effective marketing campaigns.” The survey reported that only “49% of mailers performed regular list cleansing practices.”

Spammers may be highly suspect when it comes to ethics, but they’re not stupid. As Holz’s investigation of the Spamdot.biz community shows, they know the power of a good list and they have  experience and a community on their side to help them succeed.