A Generous Supply of Spam

 By Shamus Nov 14, 2006 9 comments

This week’s spam harvest is particularly bountiful. I guess the spammers are gearing up for the holiday rush. It’s mostly the same few messages over and over, but once in a while I see something new when I clean out the nets. Today’s catch was a rare fresh-water jumbo spam, which weighed in at an amazing 45 kilobytes! That is a gigantic comment.

Akismet has caught just shy of 24,000 spam since I installed it. Perhaps one in a thousand slips through the net and must be dealt with directly. None of those couple dozen “lucky” ones really got away – I just killed them manually. None of them has survived long enough to be of any use, much less catch the roving eye of the Googlebot. It’s rather amazing. I see a lot of blogs, and I never see successful comment spam.

I can only assume that other people have similar results. I can’t imagine why the spammers keep at it. Perhaps there are lots of abandoned blogs running old blog software that the spamutator can penetrate. Even so, how much of a boost to your page rank can something like that yield? The success rate for comment spam has to be a good deal less than 1 in 10,000. It’s probably closer to 1 in 100,000, and those that do get through are on obscure pages that nobody reads or links, and that Google rates very low. So, 100,000 spams for 1 pointless link? That doesn’t seem like a worthwhile tradeoff.

It actually feels like comment spam is a winnable war. Trackbacks are all but lost, and they more or less own email at this point. But comment spam is manageable. It seems like the low rate of return ought to encourage them to move on to easier targets. The 45 kilobye one seems really crazy. The chances of that making it through are astronomical, and it’s actually large enough that the size will chew through a lot of bandwidth if you’re trying to send a lot. (Which they would have to be.)

What makes the whole thing even more insane is that so many of these pages are so transient. I don’t click the links, but occasionally I’ll ping one of them or do a whois on the domain. Usually by the time I look their site is down.

So, to sum up:

  1. A spammer must have some sortware for crawling the blogosphere, finding comment links, and posting comments.
  2. He must infect some PC’s or otherwise swipe some bandwidth for sending these spams If he had to pay for bandwidth – particularly copious upstream bandwidth -the whole thing would be a net loss.
  3. He must send many, many thousands of spams before one slips through the net and reaches a real blog.
  4. When it does, the blog is probably old and abandoned. His spam will sit alongside thousands of other unrelated links, on a low-ranked page that no human ever reads or links.
  5. Perhaps he will enjoy a little boost. Maybe the Googlebot will spot his link and his spam site pagerank will go up a tiny bit.
  6. By the time that happens and someone actually tries to visit the page, he’s been forced out, shut down, blacklisted, or otherwise chased away.

Even assuming he steals the bandwidth and gets his spamifier software for free, it doesn’t seem like it would be worth the effort. You can’t possibly make decent money like this. Not enough to justfy the hassle of running a nomadic website and maintaining the whole operation. That can’t possibly be more profitable than just getting a regular job.

Clearly I must be missing something. People wouldn’t be doing it if they were losing money. I’d love to know how this continues to work for them.

9Nine comments.


  1. *** Dave says:

    Hmmm. One part of this may be that the spammer (the person doing the dirty deed) and the spammer’s customer (the person ostensibly benefitting from it) are different people. The customer may not be thinking through the actual effectiveness of the campaign, or may be being deceived by the spammer (hard as that is to believe) — “See, I’ve sent out X-thousand e-mails, gotten Y-thousand comments posted at blogs, etc.”

    I haven’t given up on trackbacks yet. Way too useful (internally, if not often externally), so worth the struggle.

    And, honestly, I’ve learned to live with e-mail spam — the tools I have keep the numbers manageable, so the signal to noise ratio stays workable.

  2. It doesn’t “continue to work” for them. It’s a whole series of new people who believe the hype and give it a try.

  3. Cineris says:

    Akismet is a real godsend, though I am getting to the point where I feel somewhat frustrated even browsing through the comments Akismet has moderated looking for false positives. One of the things I’ve seen and considered using is an IP-based Akismet hack to preemptively disallow IPs being used to send spam comments.

    I’ve also though about changing the name of the comments page internally, which I’ve heard is very effective for preventing spam comments from ever being made (though I’m reluctant to do this unless things get really bad).

  4. Pixy Misa says:

    I had what I can only assume was a referrer-spammer download 50GB from one of my blogs the other day. In three hours.

    One must assume that they are not paying for their own bandwidth.

  5. BeckoningChasm says:

    You can always turn spam into cartoons, if nothing else:

    http://spamusement.com

    I’ve got work of my own in the forums…

  6. Much of it is Chinese, and much of it hits built in forums and guestbooks that were delivered with web hosting packages. You can never actually link to, or use your guestbook and it will accumulate incredible amounts of spam.

    The one on my site that I disabled gets over a thousand hits a week on the .cgi that is supposed to generate new entries — and it was deleted, there is no link to it.

  7. [...] In the comments of this post, BeckoningChasm points us to Spamusement, a webcomic that takes the titles of email spam and turns them into amusing cartoons. We’ve all seen emails with stupid titles like “It’s cheating, but it works!“, or “Your Life Ins. Company PRAYS you will NEVER SEE this“ [...]

  8. Teague says:

    Perhaps some of these spammers are themselves victims of a sort. I’m thinking of the old work from home stuffing envelopes scams that have evolved into the work from home on your computer scams. And the buy my system of buying and selling real estate which used to be books and tapes but is now on CD-ROM for the computer.

One Trackback

  1. By Twenty Sided ? Blog Archive » Spamusement on November 21, 2006 at 2:55 am

    [...] In the comments of this post, BeckoningChasm points us to Spamusement, a webcomic that takes the titles of email spam and turns them into amusing cartoons. We’ve all seen emails with stupid titles like “It’s cheating, but it works!“, or “Your Life Ins. Company PRAYS you will NEVER SEE this“ [...]

Leave a Reply

Comments are moderated and may not be posted immediately. Required fields are marked *

*
*

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun.

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!