Why is there so much spam?

Even though most of us might never fall for it the reason there's so much spam is quite simple: spam works.

//

In between bouts of frustration with my inbox, I’ve been reading your various articles on spam. I think I’m slowly getting a handle on it all, but it sure seems crazy. And it really got me to wondering… why is there so much spam in the first place?

I feel your pain.

I recently did some research for another project of mine, Taming Email, and looked at all my email for last year. Not only do I get a lot of email, but my calculations show that 87% of it was junk. Wow.

Why is there so much spam?

It’s very simple, really.

Spam works.

I’ll define spam as “unsolicited email” – email you did not ask for.

There are, naturally, different types of spam, but in almost every case, sending spam is so cheap, that it doesn’t take much for a spammer to declare that a spam campaign (spampaign?) is a rousing success.

For example, say a spammer sends out 1,000,000 emails pushing a knock-off of the latest wonder drug. If only a tiny percent, perhaps even just one of the recipients purchases the drug through him, the spammer has made a profit. It doesn’t matter if it’s fake watches, body-part enhancement aids or cheap computer software … if only the tiniest percentage of spam mails result in a sale, then that spam was successful, and you can bet it will continue.

But wait! There’s more!

Then there are scams…


…it doesn’t take much for a spammer to declare that a spam campaign is a rousing success.
The most famous of these scams is the Nigerian scam, where you receive an email, “in confidence”, from some supposed high ranking official attempting to move large amounts of money out of their country. They need your help, and in return they promise you a significant portion of those funds. Once you engage, they then use various techniques to scam money from you until, at some point,
you realize you’ve been had.

That’s common knowledge right? Nobody falls for that any more, right?

I thought so too, but it turns out you and I are dead wrong. I checked with my friends at ScamBusters.org and would you believe that $100 to $200 million are lost to these scammers every year!? People continue to fall for it at an alarming rate.

So you can see why variants of it are so incredibly popular right now. As I write this I’m getting notified several times a day of various lotteries I’ve won overseas. I still get variations on the Nigerian scam where the names and countries have been changed. There’s even a variant that has a religious theme now.

And they, too, all exist because they work. They don’t need to work often, but even the occasional success on the scammer/spammer’s part is enough.

But we’re not done yet! There’s still more…

No SPAM!One of the more recent entries into the scam and spam arena is “phishing”. That’s email that looks like it came from a legitimate source, like eBay, or your bank, or whatever, and it asks you to visit some site to confirm or update some information. When you get to that site, which again, looks legitimate, you’re asked to provide personal information like your credit card number.

The problem, of course, is that the sites weren’t legitimate, and you’ve just given your personal information to a scammer, who’s probably using, or selling, your information within minutes.

These are perhaps the most understandable traps to fall into. They’re new, and some are very well crafted. (Some aren’t, but that’s a different story, and people fall for those too.)

So why is there so much spam? Because it works. It’s dirt cheap to send out a ton of spam, and as long as even just a few people respond to spam, spammers see it as a success and will continue to find ways to get their junk into our inboxes.

So what about those few people? Are they ignorant? Naive? Uninformed? Desperate? Perhaps even, dare I say it, stupid?

Yes. No. All of the above. Maybe. Sometimes.

There’s no one answer to be drawn. Definitely many people aren’t as educated about scams as they should be, but that, like the Nigerian scam even, predates email and the internet. The promise of something for next to nothing is simply too much for some people, and thus they become direct victims.

And the rest of us become indirect victims as we wade through the sea of spam.

There are 30 comments:

  1. Andrew Denny Reply

    For me the problem isn’t that the spam’s unsolicited, but that it’s poor quality, illiterate, incoherent.

    I don’t like to frighten you all, but there’s a gap a million miles wide for intelligent, literate, sophisticated and, above all, entertaing spam. When the villains latch on to this, they’ll *really* clean up! People will always forgive someone who’s entertaining.

  2. Alan R Parsons Reply

    In my experience, the reasons that there is so much SPAM are:
    1. Legislation is required to prevent unsolicited e-mail.
    2. Current Anti-Spam software is 90% useless.

  3. Gordon Mitchell Reply

    I believe that there are so many people on the internet who are looking for ways to promote their business or program, that they sign up to the so called free website submission programs where they give their own email address to join. Then there are thousands of money hungry people who will then send emails to them, most of which are junk.

  4. Bunny got Blog Reply

    I am so frustrated with getting comments from spammers that scraped an article I wrote.

    My boyfriend says I should let it bother me coz no one will see it and it is a back link.This confuses me.

    I don’t want to be linked with the type of blog that has spam,scraped and sponged me.

    I have set the comments to moderation and still find this week a daily comment from the same domain with a different IP address.

    Do you have any suggestions for me.Just what is the purpose of hitting a blog site with spam comments?

    Thank you
    Bunny

  5. Greg Bulmash Reply

    Bunny, the reason for spam comments on your blog is simple: to get a backlink to their spammy site which Google may use as a positive factor in calculating the worth of their site. That’s also why they may scrape your site, steal paragraphs of your content, and link to you in the hopes of a pingback link. It’s all in their attempts to fool Google and other search engines into believing their site has something worthwhile on it.

  6. Tim Hohs Reply

    Since I started using Gmail I hardly ever get spam. Maybe once or twice a month one will get through, and for some reason it’s usually an obvious one, like a Nigerian style scam. I check the spam folder but haven’t had any real mail dumped there yet. Why does Gmail’s spam filter work so well?

  7. fred Reply

    I’d take it as a godd sign. It means you’re getting traffic.

    Spam is a way of life. In fact, over 85% of user submissions are spam. It’s a force, a phenomenon, that will never go away.

    I have a site, a personal aside, that encourages it- part joke, part experiment.

    You can leave your mark here

    My unsolicited advice: get over it!

  8. Bill Chubb Reply

    Why aren’t Yahoo!; Hotmail; Gmail; AOL and other similar web mail providers more circumspect with e-mail account registrations?

    When I have time I forward scam messages, complete with headers, to the provider concerned and in their defence they usually close the offending account immediately. The scammer/spammer, however, simply registers another and off they go again.

    What I find quite extraordinary is the so obviously forged names which these providers permit, presumably by use of an automated registration processes.

    As another correspondent has so aptly put it…
    we simply have to get over it!

    Actually most email services have stopped automated account creation completely using techniques such as Captchas and rate limiting account creation. What spammers are now doing is hiring cheap labor to quite literally create these accounts by hand.

    Leo
    09-Dec-2009

  9. Linda Reply

    Leo,

    Thanks for the newsletter, it’s great!

    Idea – computer manufacturers could include a start up screen that would activate when you set up a new computer that outlines spam, scams, phishing, hacking email addresses, strong and to change passwords, etc. Yeah, I know, alot of people would just skip it (especially if it’s not their first computer), but if it saves some new computer people, it would be worth it.

    I’m not a programmer, don’t know how much work it would be for the company to do an info page like that, but it would only need to be programmed once – that component could be added to each subsequent start up program, right?

    I wish that ISP’s would limit their users to their respective country – if you’re not in the US you can’t sign up on yahoo.com, etc – it would have to be yahoo.(your country). Then ISP’s give their customers the option to “opt out” of certain country “codes” – never receiving those emails.

    I don’t know if that would work completely – they always find a way around it. If these people worked half as hard at “real” problems/jobs, they wouldn’t have to work as hard. ;)

    That startup screen would be easy, BUT – NO ONE would read it. It’d be an annoyance and a waste of time. Consider how much information there already is on the subject that most people pay little or no attention to even after having been told again and again. I like the sentiment expressed by the idea, but IMO it has zero chance of any significant success.

    Leo
    19-Apr-2011
  10. Linda Reply

    Some people do read the info – I know someone that I had to call for my business, through general conversation, she had just bought her first computer in her 60′s. I let her know about the spam, scams, etc and directed her to your newsletter for more info – she emailed me later and said how much she learned just from our conversation and your info, and had much more to read. :)

  11. Dan Reply

    To the gent that hardly ever gets spam on Google – Check your spam folder, it is there. along with e-mail that you might want to get. Same with Yahoo mail.

  12. NL_Derek Reply

    @Dan,
    Gmail’s spam filter is IMHO sub-optimal. My wife received a mail from a nephew and forwarded it to my computer — not a Nigerian in sight — and Gmail stopped it as spam.

  13. Tony Reply

    After a few months training, Gmail is now 99.9% effective for me. I get over 400 spam emails a month and only occasionally does one slip through the spam filters, so spam has become a non-problem for me. I suspect many are unwilling to invest the little time that is required to do the training.

  14. Matt Vancouver Reply

    In an ironic twist, Mozilla Thunderbird always thinks Ask Leo is a threat. I have to tell it to ignore the warning every time I open the newsletter. I can’t seem to train it to know the Ask Leo and The Straight Dope newsletters are legit. I’ve added them to my personal email address list but no joy. I can only assume it’s due to the HTML embedded.

  15. Rick Sos Reply

    I love those ones that say they want to bring money into my country. When I have the time I string them along as if I fell for their BS. They spend days convincing me they are on the up and up. I keep asking stupid questions just to make them work for it then when it comes time for me to pay I say no and they spend a bunch more time trying to convince me. Some of them get real mad. lol.

  16. snert Reply

    I’m with Rick. I love stringing these jerks along. I’m not working and I have time to waste, so why not? I figure if they’re spending time on me they’re not bugging somebody else. I make up idiotic scenarios about why I can’t send money at that moment – “My wife’s getting married and I have to disinter the groom.”, or “My mother needed $1,252.59 for treatment for her acute dromadrosis.” I had one going for almost a month. I had a blast but I think he got a tad PO’d.

  17. Robin Clay Reply

    I would have thought that the ISPs themselves a) resent so much of their traffic being spam, and b) could stop it at once. How? Simply by restricting all subscribers’ input to the Internet, either
    a) by number of addressees per e-mail (say 20?); or
    b) by number of messages per day (say 50?); or c) by a combination – or something similar.

    You, Leo, would obviously register for more than the “standard” allowance – but you would have to satisfy the ISP w.r.t. your bona fides.

  18. Roy Reply

    The bulk of the spam I get is from myself.
    Or appears to be.
    I have receives thousands of returned emails as undeliverable in the last 8 months.
    Spammers have adopted my domain as a return address.
    Those thousands I receive can only be the tip of the iceberg. They have had to have sent out millions.
    Do you think it would be wise of me to delete the domain? I have several web pages attached as well as email accounts set up under it.
    It would mean starting over on everything.
    Since I have stopped developing my pages as a result of this perhaps it is a non issue.

  19. connie Reply

    @Roy,
    This is “from spoofing.” It’s not coming from your domain and no need to close down because of it. The spammers send out emails using a program that makes the from the same as the to. So I would get the very same email but to me – and from me.

    In other words, nobody else is getting this spam from your site (unless, of course, your email has been hacked and that’s another story!)

    Here’s an article from Leo on from spoofing:
    Why am I getting spam from myself?

  20. Texas Mike Reply

    The most puzzling aspect of SPAM is when there is nothing but silly phrases that are meaningless. At first, I was concerned that it was code to insert malware into my computer. But with up-to-date processes to monitor it, along with UAC, and weekly application of total system scans, I’m not seeing any malware takeover. I could be mistaken, but after 30 years of computer usage, I’m not seeing any unusual behavior in my system, nor has any personal or business information become problematic.

    The other question is why GMail can do such an excellent job of separating SPAM (for FREE!) while ISPs, either, cannot or want $7 a month to do so.

  21. Pat Reply

    When I get spam in my inbox I put a checkmark and mark it as spam. I look through the pages in my spam folder to make sure there’s nothing from people I want to get email from and I delete it all. I never open spam because I don’t know what’s in there.

  22. Tom Reply

    After 30 years you’d think the ISP’s would have developed a Pay for Email system – If only $0.001 – a tenth of a penny per email, people would be careful to cull their Reply All tendencies and spammers would be hit hard.

  23. Avinash Gokhale Reply

    I participated in a software testing assignment few years back. We wanted valid email IDs and used to give friends’ names such as John@xyz.com, Bill@abc.com. One reason for spam could be such testing going on world over.

  24. Nick Reply

    I don’t get much spam, and most of what I do get is automatically filtered to my Spam folder. One way I achieve this is to minimise use of my “official” email address. Instead I mainly use Yahoo disposable addresses (like I do with you Leo) and if spam starts coming to one I simply bin it and create another one (renewing any subscriptions or whatever I want to associate it with.

    A couple of times with phishing I have visited a website and put “spoof” info in, false name and card number etc. It might be a good idea if lots of people would do that in order to waste the “phishers” time and put rubbish into their databases. Might be dangerous though, what do you think Leo?

  25. Mark J Reply

    @Nick
    There was a time when I did things like. Now, I’d be more careful, considering that some sites can inject malware into your system simply when you visit them. The risk of clicking on unknown links is too great to take a chance with.

  26. david Reply

    ”Why is there so much spam? It’s very simple, really. …” [ ... next bit not re-quoted so please refer to original comment!]

    For goodness’ sake, Leo! Don’t broadcast it!!

  27. Smeerb Reply

    A simple (HA) way to stop spam: Add a small fee (say a tenth of a cent) for every email that goes out, waived if the total is smaller than what would be incurred by any non-spammer — say

  28. Dave Amerine Reply

    It would be great if they came out with a “DO NOT SEND ME SPAM” program, kinda like the DO NOT CALL LIST for phone calls. We never know, this day in age, anything is possible.

    • Lester Reply

      The problem is most spam comes from countries, or at least through servers in countries, where measures like this aren’t enforced. Until we can persuade the rogue countries in this world to take a common position on this problem, it won’t go away.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise an comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.