Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

How much do spammers actually make?

How much do spammers actually make?

  • Comments 7

Spammer X is an ex-spammer who has written book called "Inside the Spam Cartel: Trade Secrets from the Dark Side."  He's a former spammer who retired in 2004 who has shared many of his tricks of the trade.

He presented at the Spam Symposium in Europe in 2007.  I wasn't there but I did watch the webcast.  He mentions that he retired because of the social overhead of being a spammer.  "You can't go up to a pretty girl in a bar and introduce yourself, and then reveal that you sell porn, pharmaceutical and mortgage spam.  It kills your social life pretty quickly," says Spammer X.

Anyhow, said spammer revealed just how much money he was making during his five years in the business.  Here it is below:

Spam Sent 40 million
Click through ratio 0.12%
Total Click-throughs 48,000
Click-through-to-sales ratio 1/200
Total sales 240
Total sales revenue $37,440.00
Spammer Commission rate 50% (Gah!)
Total spammer income $18,720.00
Weekly costs  
Bulletproof hosting $230
4 days of botnet access $6800
Email addresses $4000
Total Costs $11,030
Net Profit $7690

Let's round it down to $7000 per week, and assume that our spammer takes four weeks of vacation per year.  His net profit for the year?  $336,000. 

That's a pretty good chunk of change, and it's probably more than I'll ever make fighting spam... but the flip side is that I don't have the social overhead of having people punch me in the face when I tell them what I do.  In fact, I must say that in the eyes of many people, I may just be a super hero.

I don't have the power to manipulate space and time like Hiro Nakamura, but stopping a couple billion spam messages per day is nothing to sneeze at.

Leave a Comment
  • Please add 4 and 5 and type the answer here:
  • Post
  • PingBack from http://informationsfunnywallpaper.cn/?p=2845

  • I think that, in many cases, the amount of money is small. HOWEVER--the problem here is that to some 17-year-old Russian kid, making a mere $500 off the commissions in sales from a botnet generated spam sent to 10 million people is like a professional in the U.S. getting an extra $10K bonus. So millions in the US and Europe get spammed... just so one punk Russian kid can make an extra $500 bucks.

    In other cases, phishers have found that paying lackeys to spend 40+ hours a week *manually* sending spams (one-at-a-time) though freemail accounts actually pays off. All it take is one jackpot of several thousand dollars and, to them, that is like tens of thousands of dollars to you and me. And hitting tens of thousands of dollars is like millios to you and me. So, in the case of phishers, working this scheme days, or even weeks, between jackpots is still a very lucrative business.

    And that level of manual touch one-by-one is why phishes are getting so hard to block these days. They can quickly change up a word here and there with each message and then bypass many rules-based filters and clearing house checksum filters. There is no URI for a spam filter to grab onto. And they send from large ISP or freemail ISPs, so the IP address doesn't help much.

    A third one is the "snowshoe spammer", which are sometimes individuals, or unethical ESPs. I think this is where you'll find more Americans at work in the spamming business. That would have to be a profitable business, or else they'd not be doing it. This is the one I understand the least. They should know better and their efforts ought to be more profitable in a more honest venture. (you'd think!)

  • So maybe we should start following all the links in the spam we get so we can increase their click-through rate, and maybe increase their "bulletproof hosting" costs, but definitely reduce their "click-through-to-sales ratio".

    Your first comment on this post is spam.

  • Perhaps there should be "white hat" spammers who re-take control of bots and innoculate the machines against further use by spammers.

  • You can't ever possibly stop the industry of unsolicited bulk mailing. Millions will be made every hour and you and nobody can do anything about it. You might as well join the darkside and retire your family.

  • 17 April 2010 : ukmall.net/blog - World email is spam free now with my SPAM THE SPAMMER crusade. I am grateful to British Prime minister and other governments, EXCEPT INDIA, for responding to my complaints and blessing me with this dream achievement. Last team effort by indian telecom companies to rescue THEIR hard disk harvester is still on. Else he is running short of service providers. Would the world be spam free now, despite LONE spammer being shielded by indian government?. Why is government shielding international terrorist? Is he BSNL chief? Is he a minister's son? Is he TRAI/DOT Chief's kin? EVERY indian telecom company has his form filled up with photograph.

  • Math isn't your strong point, is it.

Page 1 of 1 (7 items)