Spam watchers say a handful of high-profile arrests at the end of 2010 put a dent in the business, but there may be a bigger issue: E-mail spamming, at least in its traditional form, may not be as profitable as it once was.
"You don't see a lot of new blood coming to the table," said Joe Stewart, a researcher with Dell's SecureWorks group. Every year or two Stewart takes a look at the top spamming botnets on the Internet. He analyzes spam messages and tracks down the networks of hacked computers responsible for sending them out.
This year, the news was that there was no news. Stewart didn't find any new spam botnets. "Everything that is spamming today is pretty much what was spamming two years ago," he said in February when he released his latest report.
There was a brief, halcyon day when the Internet, or rather its precursor, the Arpanet, was spam-free. But then a Digital Equipment Corporation marketer named Gary Thuerk decided to let a few hundred Arpanet users know about his new DecSystem-20 mainframes, and it was downhill from there. When consumers flocked to the Internet in the mid 1990s -- Soloway's glory days -- the open online culture provided a breeding ground for fraudsters, and soon the vast majority of all messages on the Internet was unsolicited commercial email.
Until recently, spammers were in an ugly war of attrition. As spam filters got better and better, spammers bumped up the volume of messages they pumped out. If a fraction of one percent of a million messages get through, that's not profitable. Make that a billion messages and the money starts to add up. But it now seems as though this war of escalation has subsided; not because the spammers have given up, but because the game is changing.
U.S.-based spammers have all but disappeared, scared off by prison sentences handed down to the likes of Soloway under the 2004 CAN Spam act. Even overseas there has been progress. In the past year a series of spam-spewing botnets -- Waledac, Pushdo, and most recently Rustock -- have been taken offline thanks to the efforts of law enforcement and private security researchers. And in October 2010, an affiliate marketing website called Spammit closed its doors. It was used by spammers pushing online pharmaceuticals, and was a major source of income for many spammers.
That's taken a big dent out of spam, but the nature of the business has evolved. Once a source of irritating commercial marketing messages, unsolicited mass emails are increasingly being used by scammers and criminal hackers to ply their trade.
Sign up for Computerworld eNewsletters.