|< Day Day Up >|| |
Let me give you a real-time scenario of how I (and others) generated and sent spam.
Let’s use a hypothetical scenario. Right now, I have two million e-mail addresses that I bought for $100.00 from another spammer. He tells me they are mostly from pornographic sites and have been verified as working. This list was cheap; a decent list like this usually sells for up to $1,000.00 per one million e-mails. Luckily for me, I am on good terms with this spammer; we are friends and I have helped him with other things, so the details only cost me a mere $100.00. Spammers are social people. We often get together to share tricks, talk about new products and ideas, and share success stories among ourselves. No one but a spammer understands or likes a spammer, so we often try to stick together.
Many different types of people play a role in the spam game. Some roles are bigger than others, but generally everyone involved gets a cut of the action. The only way spam can work well is if multiple people work together, since many skills are required. Some spam groups exist. These groups focus on ways to maximize profit from spam, and most are self-made millionaires. The groups usually consist of up to three or four members. At least one member has the task of hacking other sites to obtain new contact lists to spam. Hackers have a pivotal role in the group, since without them there would be no contacts to send spam to.
Next, there is often someone with a product or site they wish to have promoted. Whether it’s pornography or Viagra, this person allows the spammers to promote their site as long as they get an additional cut. Not only do they make money from the signup to their own site, but they also take 20 to 30 percent of any profit the spam makes. Their site may have the strongest anti-spam rules in the world, but most people are willing to turn a blind eye if there is money to be made.
Then there is the head of the group. This person usually focuses on sending the spam through whatever method they can muster. The head spammer is usually responsible for receiving and splitting the profits among the other members of the team. Each member receives their share into a PayPal or other online account, or if the amount is significant, the money is wired directly to them using a Western Union money transfer.
|Notes from the Underground…|| |
Trust Amongst Spammers
I have worked for many people, from ISP’s to book publishers to small corporations, and at least ten people in the spam industry.
I have been ripped off, paid late, or simply been refused payment. Surprisingly, all of these people were in my professional life and had nothing to do with spam. Media stereotypes would make you believe spammers (and all involved in spam) are low life’s; people who try to rip you off whenever they can. Surprisingly enough, that has rarely happened to me. I am almost always paid on time and at times have even been given extra for my efforts.
Once, when a Webmaster friend of mine found out it was my birthday, he sent my PayPal account $100.00 as a birthday present, I had previously been promoting his site and probably made him $10,000.00 in the process. This attitude is very common in the spam world; friends helping friends get rich. No one gets anywhere by ripping people off.
Spammers are some of the most trustworthy people I have ever met. It’s the corporations I’ve had to be careful of.
Finding a product or service to sell is the first step—home loans, t-shirts, software, pornography, drugs—it can be anything that has demand. Because pornography is big on the Internet and easy to sell, I will use it in my example. E-mails originating from pornographic sites should yield a decent return since my user base contains targeted e-mails—I know these people like pornography.
A Google search for “Webmasters Cash Porn” shows just how big the online pornographic industry is. Most of the sites listed here are billing sites for multiple pornographic sites. You drive customers to any of their sites and they pay you a percentage of any signup. They are everywhere. If you visit any billing site and see what sites they offer you to promote, there will be between 5 and 20 different niche pornographic sites. You do the math and see why pornography is the biggest business online. Forbes estimates users spent over five billion dollars last year alone on online pornographic material.
For this example I need to find a billing site that doesn’t look like it will get too angry if I am caught spamming, although every company in their “Terms and Conditions” will say “No Spam.” From personal experience, I have found only the larger, more respected companies actually terminate your account or in more extreme cases threaten legal action. The smaller, less profitable companies secretly welcome spam. They are happy for any business. If a spammer wants to make them rich, why should they stop them? Remember, pornographic companies are hardly the most ethical people in the world.
I will be using “adultsupercash.com.” adultsupercash.com offers me 40 percent of any trial signup and 50 percent of any full subscription, paid in full on the last day of every month either by wire, check, or debit card. For those who do not frequent pornographic sites, a trial signup is a one-time payment, usually between $2.00 and $10.00 and lasts under a week. A full signup is around $40.00, billed monthly, which usually gives access to more content or better features than the trial signup.
On a side note, there is an interesting hitch in the terms and conditions of a trial signup. After your time period has expired, you will be billed the full rate unless you explicitly cancel your subscription. Very sneaky; many people wouldn’t think this would happen. This equates to at least 50 percent of my trial signups becoming full signups for a month. The customers then notice the bill on their credit card and cancel their subscription. This is good news for me, however, because I’ll get 50 percent of that full signup and any other reoccurring cost.
Creating an account is easy. The only information needed is an address to send the check to and a name to print on it. I use a local P.O. box for all my spam mail. Oddly enough, that P.O. box is sent a lot of spam, around five fliers a day, offering discounts on pizza and cheap videos.
Adultsupercash.com’s terms and conditions state that “Mail can only be sent to opt-in lists; no spamming or unsolicited e-mail.” An opt-in list is a newsletter or mailing list that I personally own. Subscribers explicitly say they want to receive e-mails from me in a bulk mail fashion. It’s close enough to what I’m doing. I bought this list and it would be hard for someone to prove that they did not give me permission, and I have little to lose if the account is closed. It takes around 10 seconds and I am fully set up as a “pornography reseller.”
I quickly check out the sales and statistics page at adultsupercash.com and find it to be impressive and that a fair amount of work has gone into the design. It is fully set up for spammers and Webmasters, giving a nice breakdown of week-by-week and daily sales, and total profits (see Figure 2.1).
Figure 2.1: The Reseller Main Page (This Picture has been Edited to Protect the Real Site)
This company offers refunds. In the pornographic business, credit card fraud is rife and customers often request a refund for a subscription they claim they did not purchase. This is bad, because I do not get any cash from a refund, not one cent.
The site I have signed up to offers 16 different pornographic sites to promote. Each site offers the same payout percentage, but have very different content (lesbians, mature women, fetish, gay male).
My sales are tracked and monitored by a “referral” ID. This is a tag that is appended to the Uniform Resource Locator (URL) and records anyone who visits the site from my spam. My referral ID is www.pornsite.com/?rfid=piu1200. Any customer that starts on that URL will show up in my statistics page, and I will receive a percentage of anything they sign up for.
Now that I have something to sell, I need to write an enticing e-mail, something that will make curious people notice and hopefully buy my pornography. Of course, many factors come into this (explained in more detail later in the book), but for now I will use a standard Web page with my referral ID as the link.
<html> <head> <title> Jacob cunnings didn’t shy away from this </title> <body> <img src=http://22.214.171.124/picture.jpg> <a href=http://www.pornsite.com/?rfid=piu1200> Bet your wife cant do this. </a> </body> </html>
The picture is of a woman in her late twenties. She has a cheeky grin on her face, cheeky enough to make you wonder what she was thinking about when the photo was taken. I use a young woman’s image to aim for the most potential buyers. Statistically, older men buy pornography more than younger men, probably because older men have more money to spend. By targeting an older generation, I hope to maximize my return. You can never really tell, though. Sometimes it works, sometimes it doesn’t.
The spam is sent using Dark Mailer, which is a commercial bulk e-mail product that specializes in getting around spam filters and sending spam quickly (the exact techniques are covered later in this book). For this example, I send out 10,000 e-mails using eight insecure proxy servers. I obtained these proxy servers from an anonymous Web site, each proxy checked against a real-time blacklist (RBL) before use. As you can see, even on my 128kbps DSL, 10,000 e-mails do not take long to send, only 17 minutes (see Figure 2.2).
Figure 2.2: Dark Mailer in Action: Watch that Spam Fly
Twelve hours later, everyone has had chance to check their e-mail and we see some results, as shown in Figure 2.3.
Figure 2.3: The Results of 10,000 Spam After 12 Hours
This is very interesting. The first highlighted row is the site I am promoting. It received 1846 raw clicks to the URL from 967 different people, as seen in the Raw and Uni (unique) columns. It shows that the average user clicked to the site and then clicked one other page within it.
The site offers a very limited “tour” consisting of one page, which a lot of people explored, however, no one bought a subscription to the site. Most people browsed the other sites provided and someone bought a subscription to a different site. So, it seems that the content we were pushing did not work. These people were interested in pornography and clicked on the site, but when they got there they became less interested and didn’t like the site enough to pay $40.00 for a subscription. It’s possible that the tour was not enticing enough or that the price was too high.
However, we can find out more about the habits of our clients by reading the referrer’s values in the Hypertext Transfer Protocol (HTTP), which is the address that referred them to the link. We can tell if they clicked on the link from an e-mail or a Web site. Using the URL string they came from, we can tell what folder the mail came from.
http://us.f604.mail.yahoo.com/ym/ShowLetter?box=%40B%40Bulk&MsgId=8909_4 44192_22_1483_716_0_452_1223_3794971119&Idx=0&Search=&ShowImages=1&YY=77 695&order=down&sort=date&pos=0&view=a&head=b
This was a yahoo.com user. When they received the spam e-mail, it was detected as spam and moved into their “Bulk E-mail” folder. However, they went into this folder, opened up the e-mail, and clicked on the link. As a spammer, I find this very interesting. They knew that the e-mail was spam but still opened it. Once greeted with our inviting message and pornographic picture, they clicked on it and were taken to the pornographic site. This shows that they wanted to look at pornography and found nothing offensive in its content. This also verifies that the users of this e-mail list are pornographic regulars.
Out of 10,000 e-mails sent, I only received one signup, but there is a chance that over the next week I will receive more, since it can take people that long to check their e-mail. I would expect at least 4,000 clicks by the end of the week, so statistically I should receive another signup (given 1 in 2,000 clicks results in a signup).
If we take this 10,000 as the average, it does not work out that badly. Even though only one person subscribed, we possibly have 200 signups in the full two million-e-mail address list, given the same ratio. This yields a gross profit of $2,990.00 (200 14.95) for a net profit of $2,890.00. I have worked for maybe 30 minutes, so as you can see sending spam is not hard and can be financially rewarding. It’s all a game of numbers and percentages; even the smallest number can give a large return.
After 24 hours, we see that another 263 people checked their e-mail and clicked on the link, and again the average user clicked two pages when inside the site. Most people also explored the other pornographic sites this provider offers, but, alas, no new signups. Figure 2.4 shows the results of the spam run after 24 hours.
Figure 2.4: 24 Hours Later
Figure 2.5 shows the results three days after the spam was sent. We see that 1,469 people (out of 10,000) clicked on the link (14 percent is not a bad click rate). One signup is a bit light, but that’s life.
Figure 2.5: 72 Hours Later: The Final Statistics
I think the main problem with this spam was the site I was promoting. To start with, their sign-up cost is high and they don’t offer much content on the front page. It lacks anything to really draw customers into buying an account. What you need is a site that really sucks you in, something that tempts you to buy a subscription. The most successful pornographic sites are designed to make sure you have to turn down many attractive women before you can get out of the site, as you quickly find yourself trapped inside a maze of pop-ups. It’s a really successful technique; the majority of people seem to give in and just buy an account.
On the upside, adultsupercash.com did not close my referral account for spamming. If I had promoted a larger, more attractive site, the chances of my account being terminated would be much higher. Although 14 percent of people clicked on the link for my site, up to 1 percent sent an e-mail to the pornographic site I am promoting, telling them that I sent them spam and how offended they were to receive it. That means that between 10 and 100 e-mails were sent. Just think of the numbers if I had sent two million spam messages. It takes a very unscrupulous company to ignore that much mail, but the more unscrupulous the company the better it is for me.
This particular company has ignored all complaint e-mails and I have not received any communication from them saying they are otherwise unhappy with my marketing efforts. This is not always the case. I have had occasions where the amount of complaint mail sent about my spam has caused the promoting site to shut down my reseller account, forfeiting all sales.
|Notes from the Underground…|| |
One particular time involved over 1,000 complaint e-mails. The company was concerned that some users would pursue legal action. The 29 signups I had driven to their site were forfeited by me, therefore breaching their terms and conditions. Even though I still made the pornographic site a large amount of money, they now had the right to refuse to pay me my share (around $600.00). I found this very convenient for them and I often wonder if many sites use the spaming excuse simply to make extra money by not paying the spammers.
However, I still consider this a successful marketing campaign, and I will spam the rest of the two million contacts later in the week, possibly promoting a different pornographic site. Had this been a real spam run, by the end of the month, I would have had the balance wired to an offshore bank account in a tax-free country, and be on my way.
|< Day Day Up >|| |