research-article

Spamalytics: an empirical analysis of spam marketing conversion

Authors:

Christian Kreibich,

Kirill Levchenko,

Brandon Enright,

Geoffrey M. Voelker,

Stefan SavageAuthors Info & Claims

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 3 - 14

https://doi.org/10.1145/1455770.1455774

Published: 27 October 2008 Publication History

Abstract

The "conversion rate" of spam--the probability that an unsolicited e-mail will ultimately elicit a "sale"--underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. In this paper we present a methodology for measuring the conversion rate of spam. Using a parasitic infiltration of an existing botnet's infrastructure, we analyze two spam campaigns: one designed to propagate a malware Trojan, the other marketing on-line pharmaceuticals. For nearly a half billion spam e-mails we identify the number that are successfully delivered, the number that pass through popular anti-spam filters, the number that elicit user visits to the advertised sites, and the number of "sales" and "infections" produced.

References

[1]

Composite Blocking List (CBL). http://cbl.abuseat.org/, March 2008.

[2]

C. Akass. Storm worm 'making millions a day'. http://www.pcw.co.uk/personal-computer-world/news/2209293/strom-worm-making-millions-day, February 2008.

[3]

D.S. Anderson, C. Fleizach, S. Savage, and G.M. Voelker. Spamscatter: Characterizing Internet Scam Hosting Infrastructure. In Proceedings of the USENIX Security Symposium, Boston, MA, Aug. 2007.

Digital Library

[4]

J. Angwin. Elusive Spammer Sends EarthLink on Long Chase. http://online.wsj.com/article_email/SB105225593382372600.html, May 2003.

[5]

D.M. Association. DMA Releases 5th Annual 'Response Rate Trends Report'. http://www.the--dma.org/cgi/disppressrelease?article=1008, October 2007.

[6]

J. Aycock and N. Friess. Spam Zombies from Outer Space, January 2006.

[7]

R. Boehme and T. Ho. The Effect of Stock Spam on Financial Markets. In Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS), June 2006.

[8]

L. Frieder and J. Zittrain. Spam Works: Evidence from Stock Touts and Corresponding Market Activity. Berkman Center Research Publication, 2006.

[9]

J. Goodman and R. Rounthwaite. Stopping Outgoing Spam. Proceedings of the 5th ACM conference on Electronic commerce, pages 30--39, 2004.

Digital Library

[10]

M. Hanke and F. Hauser. On the Effects of Stock Spam E-mails. Journal of Financial Markets, 11(1):57--83, 2008.

[11]

Ironport. 2008 Internet Security Trends. http://www.ironport.com/securitytrends/, 2008.

[12]

C. Kanich, K. Levchenko, B. Enright, G.M. Voelker, and S. Savage. The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff. In First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08), April 2008.

Digital Library

[13]

D. Khong. An Economic Analysis of Spam Law. Erasmus Law and Economics Review, 1(1), 2004.

[14]

J. Kirk. Former spammer: 'I know I'm going to hell'. http://www.macworld.com/article/58997/2007/07/spammer.html, July 2007.

[15]

C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G.M. Voelker, V. Paxson, and S. Savage. On the Spam Campaign Trail. In First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08), April 2008.

Digital Library

[16]

P. Maymounkov and D. Mazières. Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. First International Workshop on Peer-To-Peer Systems (IPTPS), Cambridge, MA, USA, March 2002.

Digital Library

[17]

W.Y.P. Judge, D. Alperovitch. Understanding and Reversing the Profit Model of Spam. In Workshop on Economics of Information Security 2005. (WEIS 2005), Boston, MA, USA, June 2005.

[18]

A. Ramachandran, N. Feamster, and D. Dagon. Revealing Botnet Membership using DNSBL Counter-Intelligence. In USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI '06), July 2006.

Digital Library

[19]

A. Serjantov and R. Clayton. Modeling Incentives for Email Blocking Strategies. Workshop on the Economics of Information Security (WEIS05), 2005.

[20]

Y. Wang, M. Ma, Y. Niu, and H. Chen. Spam Double-Funnel: Connecting Web Spammers with Advertisers. Proceedings of the 16th international conference on World Wide Web, pages 291--300, 2007.

Digital Library

[21]

D. Watson. All Spammers Go to Hell (posting to funsec list). http://www.mail-archive.com/funsec%40linuxbox.org/msg03346.html, July 2007.

[22]

T. Wilson. Competition May be Driving Surge in Botnets, Spam. http://www.darkreading.com/document.asp?doc_id=142690, 2008.

Cited By

Stevens KErdemir MZhang HKim TPearce P(2024)BluePrint: Automatic Malware Signature Generation for Internet ScanningProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678923(197-214)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678923
Zha MLin ZTang SLiao XNan YWang XLuo BLiao XXu JKirda ELie D(2024)Understanding Cross-Platform Referral Traffic for Illicit Drug PromotionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670383(2132-2146)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670383
Liu EKappos GMugnier EInvernizzi LSavage STao DThomas KVoelker GMeiklejohn SVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Give and Take: An End-To-End Investigation of Giveaway Scam Conversion RatesProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689005(704-712)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689005
Show More Cited By

Index Terms

Spamalytics: an empirical analysis of spam marketing conversion
1. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Spamalytics: an empirical analysis of spam marketing conversion
The Status of the P versus NP Problem

Spam-based marketing is a curious beast. We all receive the advertisements---"Excellent hardness is easy!"---but few of us have encountered a person who admits to following through on this offer and making a purchase. And yet, the relentlessness by ...
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
Using header session messages to anti-spamming

The Internet is popular, with email use functioning as the major Internet activity. However, spam has recently become a major problem impeding the use of email. Many spam filtering techniques have been implemented so far. Most current anti-spamming ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

590 pages

ISBN:9781595938107

DOI:10.1145/1455770

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27 - 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

206
Total Citations
View Citations
1,984
Total Downloads

Downloads (Last 12 months)74
Downloads (Last 6 weeks)19

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Stevens KErdemir MZhang HKim TPearce P(2024)BluePrint: Automatic Malware Signature Generation for Internet ScanningProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678923(197-214)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678923
Zha MLin ZTang SLiao XNan YWang XLuo BLiao XXu JKirda ELie D(2024)Understanding Cross-Platform Referral Traffic for Illicit Drug PromotionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670383(2132-2146)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670383
Liu EKappos GMugnier EInvernizzi LSavage STao DThomas KVoelker GMeiklejohn SVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Give and Take: An End-To-End Investigation of Giveaway Scam Conversion RatesProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689005(704-712)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689005
Wang CJia ZBenkraouda HZevnik CHeuermann NFoulger RHandler JWang G(2024)VeriSMS: A Message Verification System for Inclusive Patient Outreach against Phishing AttacksProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642027(1-17)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642027
Hanley HKumar DDurumeric Z(2024)Specious Sites: Tracking the Spread and Sway of Spurious News Stories at Scale2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00171(1609-1627)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00171
Al-Eiadeh MAbdallah M(2024)GeniGraph: A genetic-based novel security defense resource allocation method for interdependent systems modeled by attack graphsComputers & Security10.1016/j.cose.2024.103927144(103927)Online publication date: Sep-2024
https://doi.org/10.1016/j.cose.2024.103927
Al-Eiadeh MAbdallah M(2024)PR-DRA: PageRank-based defense resource allocation methods for securing interdependent systems modeled by attack graphsInternational Journal of Information Security10.1007/s10207-024-00964-324:1Online publication date: 23-Dec-2024
https://doi.org/10.1007/s10207-024-00964-3
Sempelidou LAvlogiaris GAntoniadis I(2024)Factors Affecting the Effectiveness of Email MarketingApplied Economic Research and Trends10.1007/978-3-031-49105-4_59(1035-1050)Online publication date: 4-Jul-2024
https://doi.org/10.1007/978-3-031-49105-4_59
Ali MGoetzen AMislove ARedmiles ESapiezynski PCalandrino JTroncoso C(2023)Problematic advertising and its disparate exposure on facebookProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620554(5665-5682)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620554
Avgetidis AAlrawi OValakuzhy KLever CBurbage PKeromytis AMonrose FAntonakakis MCalandrino JTroncoso C(2023)Beyond the gatesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620534(5307-5324)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620534
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents