Several years ago, getting into the spam business used to involve the process of harvesting emails, figuring out ways to segment the database, localize the spam campaign by using a free translation service eventually ruining the social engineering effect, creating your very own botnet and coming up with creative ways to bypass anti-spam filters, ensuring the botnet remains operational, coming up with ways to obtain access to IPs with clean reputation, with little or no campaign effectiveness measurement at all..
These relatively higher market entry barriers are long gone. Today, every single step in the spamming process is managed and can be outsourced in a cost-effective manner to the point where the one-stop-shop spam vendors have vertically integrated and occupied every single market segment possible in order to increase the “lifetime value” of their potential customers.
When do you know that it’s going to get uglier in the long term? It’s that very special moment in time when the backend for such a managed spam system utilizing malware infected hosts and legitimate servers for achieving its objectives, goes mainstream and its authors remove the “proprietary, high-profit margin revenues earning business model” label from it.
And with this particular moment in time already a fact since the middle of 2008 (Spamming vendor launches managed spamming service), yet another new market entrant is pitching its managed spam service with the ambition to monetize his access to a particular botnet, and break-even from the investment made in the backend system.
With 9 different campaigns already finished (see the top screenshot) and another one currently in progress spamming out 3215 emails using 1672 infected hosts based on a harvested email database consisting of 306204 emails (notice the percentage of non-existent emails potentially spam-poison traps), his business model is up and running.
Further developments and new features within the service would remain under close monitoring in the future as well. In particular, the original vendor’s updates which would ultimately affect all of his “value-added partners” improved managed spamming capabilities.