|The most appealing spamming incentives are offered by online gambling and adult-entertainment sites, which pay $40 or $50 for each new sign-up -- and sometimes include revenue sharing of whatever that customer spends.|
``Spammers have gone professional,'' said Steve Linford, a British computer programmer who operates an online database of the world's most active spammers. ``They've formed gangs and spawned a whole industry.''
As much as 40 percent of all commercial e-mail today is spam.
The term spam comes from a 1970 Monty Python skit in which conversation is drowned out by rowdy diners who sing about SPAM, the canned meat. The metaphor applies to junk e-mails crowding in-boxes.
Based on interviews with more than three dozen people familiar with how spam works, including current and former spammers, here is what's behind the recent surge in junk e-mail:
• Spammers typically get paid only when they refer new customers, prompting them to surreptitiously collect e-mail addresses where they target millions of messages. Online gambling sites pay up to $50 per new sign-up.
• The most notorious spammers employ the latest technologies to operate global networks and evade detection in cat-and-mouse games with authorities and anti-spam crusaders.
• It's a cheap way to make an advertising pitch. An e-mail message costs as little as 13 cents, compared with $1.50 for a marketing piece delivered via the U.S. mail. Spammers spend even less; they don't worry about getting recipients' permission or honoring stop-mail requests.
Often, e-mail marketing, now a $1 billion-plus-a-year industry, is done legitimately. Even so, Jupiter Media Metrix predicts that by 2006, the average e-mail user each year will get nearly 1,500 pieces of spam, more than double what clogs in-boxes now.
But attempts at federal regulation that would limit spam remain stalled because marketers and anti-spam advocates have been at loggerheads over crafting a legal definition of spam. Twenty states, including California, have laws aimed at curbing spam, but for the most part they only ban e-mailers from faking their identities and refusing stop-mail requests.
San Jose Mercury News researchers found out how spammers get your e-mail address and how they make money:
Dictionary attacks -- Spammers launch attacks with software that creates millions of possible e-mails from combinations of letters and numbers, such as bob@yourisp or mary@bigcorporation, hoping to hit valid ones.
Spiders -- Also known as robots or scrapers, these software programs crawl the Web and online discussion groups, grabbing e-mail addresses and domain names. Online directories and popular sites, such as AOL and eBay, are favorite targets.
Deceptive Web sites -- Spammers induce Web users to enter contests or receive free products in exchange for accepting marketing e-mail. But disclosure is rare that that the e-mail address likely will be resold multiple times, and the recipient is deluged with unsolicited offers.
Unsubscribe lists -- Despite posting 'remove' mechanisms in their messages, spammers often ignore requests to drop e-mail addresses. Sometimes the lists of those requesting removal are used to send more spam.
List reselling -- Once harvested, spammers buy and resell millions of e-mail addresses for a few cents a name.
Bulk e-mailing -- Software can turn an ordinary personal computer into a powerful mail server, sending up to 250,000 e-mails per hour. Spammers sometimes specialize, targeting users of news groups, instant messaging or wireless devices.
'Cloaking and spoofing' -- Spammers survive by evading detection. Among their tricks: stripping off sender information that might identify them; forging 'to' and 'from' fields so messages appear to come from legitimate companies or work colleagues; randomly altering subject lines to sneak past anti-spam filters.
Finding a friendly host -- Spammers set up accounts with Internet service providers and Web hosting companies known for slow or no response to spamming complaints. Once caught, they change their identities and move to the next ISP or host.
Hijacking -- Using scanning software, spammers search globally for unprotected computer networks whose systems can be taken over and used to send spam. About 70 percent of spam sent to U.S. addresses comes via overseas connections.
Affiliate marketing programs -- Businesses offer cash to Web site operators and legitimate e-mail marketers who deliver paying customers. Such incentives also encourage spammers to send unsolicited e-mails in bulk to boost commissions.
Revenue sharing -- Sweetening the pot, operators of pornography and gambling sites typically offer the highest payouts, up to $50 for a new customer as well as a cut of ongoing revenues from the customer.
Spamware sales -- Veteran spammers sell 'spamware' to amateurs, ranging from e-mail addresses to Internet connectivity. They sell their wares on websites and in bulk e-mailer chatrooms.
As volume grows, so does the cost of dealing with spam.
Ferris Research, a San Francisco e-mail consultant, says the time lost to deleting spam already costs the average business about $200 per in-box a year, and will go higher.
Gartner Group analysts have estimated that Internet service providers lose $1 million for every 7 million members, mostly because spam drives customers away.
E-mail addresses are ripe for the picking: America Online, Hotmail and Yahoo alone have 100 million registered e-mail users, many of whom have agreed to list their addresses in easily accessible online directories.
``When you post your e-mail address anywhere on the Web, it's like putting your phone number on the telephone pole in the center of town,'' said Nicholas Graham, a spokesman for America Online.