Why hasn't spam been stamped out yet?

How spam is sent

We've talked about the list makers and the spammers. The final link in the chain is the middlemen – the hosting companies who allow spam to travel through their networks.

Spammers use two broad methods to launch their electronic assault. The first is the use of 'bulletproof' or 'bulk-friendly' hosts. These outfits turn a blind eye to the activities of spammers and, in return, command a premium price.

There's even a phrase describing the amended terms and conditions extended to spammers by such outfits: they're called 'pink contracts' in reference to the fleshy colour of spam. Though many bulletproof hosts are found in China or Russia, where the laws governing junk mail are less stringent, the most famous bulk-friendly host of recent times was McColo – a Californian company.

When it was finally shut down by its own service providers in November 2008, the company was estimated to account for up to 75 per cent of the internet's spam traffic. There was an immediate and sustained dip in global junk mail for several months after McColo was taken offline, but Symantec reports that the levels are now back to their previous peak.

Some of that resurgence is due to the widespread use of botnets for distributing spam. A botnet is a collection of computers controlled remotely by a host. The most insidious aspect of many spam botnets is that they use machines hijacked by malware: a trojan client that can be installed on any PC via an infected website.

Whitelist request

THE WHITELIST: ISPs sometimes blacklist IP addresses by mistake. If that happens to you, you'll need to put in a 'white list' request

In this way, the Srizbi botnet created in March 2007 is able to distribute up to 60 billion spam emails a day. The more recently discovered Rustock botnet accounts for an impressive 28.3 per cent of all spam traffic monitored by Trace Labs at the moment.

Why do they do it?

This might seem an awful lot of labour and subterfuge for what is – as we're sure you'll agree – one of the net's most reviled practices. Why don't spammers just use advertising instead?

The answer is that spamming is cheap. Sending email to lots of addresses doesn't cost any more than sending mail to one address does. With 80 per cent of spam generated by botnets, there's very little overhead to account for anyway.

The majority of spam may end up in junk folders and electronic trash cans, but the truly gobsmacking fact is that – in pure marketing terms – it actually works. As the Messaging Anti-Abuse Working Group recently revealed, 12 per cent of email users have bought stuff that was being touted via unsolicited email.

Considering the negligible cost of distribution to the spammers, that's not a bad conversion rate at all. Perhaps more worrying is the fact that about half of the respondents to the MAAWG's survey had clicked on links in spam messages or had responded to them just as they would to solicited messages.

Outlook plugin

BLOCK IT: Free Outlook plug-in Spamihilator (www.spamihilator.com) compares keyword combinations to filter out most junk mail

In other words, many people treat spam as though it is legitimate email marketing. Despite all the efforts made on our behalf by the law enforcement agencies, it's here that the real problem lies.

As long as the population of the net make it pay, spammers have an incentive to continue their dodgy trade. Perhaps the real solution lies in simply making people more aware of the dangers of spam.


First published in PC Plus Issue 287

Liked this? Then check out 10 easy ways to boost your online security

Sign up for TechRadar's free Weird Week in Tech newsletter
Get the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register

Follow TechRadar on Twitter