iMedia Connection: Dissecting a Week's Worth of Spam

Home › Marketing Channels › Email

Published: January 15, 2007

Dissecting a Week's Worth of Spam

PRINT EMAIL

BrightWave Marketing's principal analyzed a week's worth of spam to see what spammers are up to, and compare their tactics to best practices.

Spam is one of the biggest blights that exist in today's wired world of Web 2.0. This is a problem for consumers, companies and legitimate marketers who utilize permission-based email marketing to communicate with their customers and prospects. Of course, ensuring your permission-based message gets recognized as a relevant email requires marketers to be aware of what spammers are doing and to avoid falling in the same traps that spammers set. After all, we don't want our messages to be seen in the same light as spam. Right?

So what does spam look like these days? To paraphrase Supreme Court Justice Potter Stewart's take on pornography, "I know it when I see it." Well, spam thankfully is regulated but still most of us can recognize it when it lands in our inbox.

The FTC defines spam as "unsolicited commercial email." The CAN-SPAM Act further defines ands clarifies what makes an email illegal (although some spam is technically not illegal-- if you are unsure of the CAN-SPAM Act and what makes spam illegal, please be sure to visit and review and practice the FTC's rules).

Spammers have grown more sophisticated, just like permission email marketers, and have incorporated many new tricks into their dark bag of tricks. Spam has also taken on new appearances and ambitions.

Taking a closer look
As my wife was cleaning out her inbox one recent day, she asked me what the purpose of some of the spam that had bombarded her was. Upon a deeper look, I was somewhat puzzled myself. Some of the spam did not have any links, or any promises to increase vitality or even to triple her income from home. Many appeared to be odd prose that made no sense nor had any product to sell.

So we decided to catalog and analyze a week's worth of spam to see what spammers were really doing and trying to achieve. We evaluated spam that came into our work, Hotmail, Yahoo! and Gmail accounts. What we found won't eliminate spam but it is interesting when comparing it to best practices that we preach to clients and practitioners of opt-in email marketing.

Some spams were seemingly of the one-to-one variety (the "Dear Sir-- I need your help with a transaction" types) while others were large volume spam messages pushing some kind of product. Yet, many were of the aforementioned flavor, the nonsensical ramblings that had no links and seemingly no purpose. Some emails consisted of an offer (golf or pharmaceutical product) and then the second half would feature dark and often disturbing prose as if written by a Thirteenth Century serial killer. Many also inserted brief snippets of current and accurate news stories into the body of the emails.

I wanted to find out more so I chatted with Dmitri Alperovitch, principal research scientist at Secure Computing, an enterprise gateway security company. Here is his take on what spammers are doing these days and why:

"The goal of the spammers has not changed much over the years-- they have remained determined as ever to make money. They do so by peddling products (drugs, fake university diplomas, pornography, or other dubious products); promoting stock of companies with absolutely no future; or by outright defrauding people by sending out emails that phish for bank account and credit card numbers or other information that can be used to perpetrate identity fraud.

"The methods that they use to market those products and lure people to visit their sites or buy their stock have evolved drastically over the years in order to optimize their chances of bypassing almost universally deployed anti-spam filtering systems. Rarely do you now see a spam with straightforward text-based marketing material sent from a single mail server from a clear and traceable sender. Nowadays, most spam is sent from armies of zombies, millions of innocent PCs around the globe taken over and controlled by organized criminal enterprises completely unbeknownst to their owners.

"The spam that is sent usually contains a lot of random gibberish text that is used in attempts to defeat signature, or fingerprinting-based approaches, techniques that are designed to catch emails based on their similarity to other previously seen spam-- by making each message as unique as possible through the use of randomizations, the spammers are able to get around a great deal of those technologies. The advertisement itself -- the marketing message they are trying to promote -- is frequently encoded and displayed entirely as an image (or sets of multiple images that are joined together to appear when the email is displayed) in order to defeat technologies that analyze the text-based content of the message."

Wow. Spammers sure have come a long way!

Next: Analyzing the spam

More Email

Today's News