12% of email recipients respond to spam

Twitter and some of the other delivery blogs are all abuzz today talking about the consumer survey released by MAAWG (pdf link, large file) looking at end user knowledge and awareness of email security practices.
The survey has a lot of good data and I strongly encourage people to look at the full report. There are a couple of results that are generating most of the buzz, including the fact that nearly half of the respondents have clicked on a link or replied to a spam email. Additionally, 17% of respondents said they made a mistake when they clicked on the link.
The magic statistic, though, is that 12% of the respondents said that they responded to spam because they were interested in the products or services offered in the spam. This, right there, is one of the major reasons why spam continues and is a growing problem. Out of 800 people surveyed, almost 100 of them were interested enough in the products sold by spam to respond positively. There are roughly 1.6 billion people on the Internet, which gives spammers a market of 200 million people for their spam.
Other studies have seen similar responses, that is consumers do respond to spam. Most surveys don’t define spam, however, and given a lot of consumers call “mail I don’t like” or “all commercial email” as spam it’s hard to know what the respondents are responding too. In some studies, some respondents even defined mail from companies that they had given their email address to, but had not explicitly asked for email from as spam.  In this study MAAWG did request how the respondent defined spam. Of the respondents, 60% say spam is mail they did not solicit, and 41% say spam is mail that ends up in the spam folder. Given that 60% of respondents define spam as “unsolicited email” it is possible that some people are responding to mail they never requested.
Sad news for those of us who were hoping that lack of consumer response would make spamming unprofitable enough that spammers would stop.
The crosstab between “how do you define spam” and “how do you react to spam” may be an interesting data set to see.

Related Posts

Live from MAAWG!

OK, so I’m not at MAAWG any longer and I can’t blog about what happens there even if I was. However, there is an article at PC World about the conference.
I’ve been going to MAAWG conferences for many years now. Not every one, being a small company means that I can’t just take off for a week, particularly overseas where phones don’t work (something solved by an iPhone 3G). But I’ve been to quite a few of them.
I have to say the last few conferences have really impressed me. The quality of discussions and the training sessions have been full of useful information. Even for someone who has been around as long as I have, there is always something new to learn. I strongly encourage people who want to stop abuse in the messaging sphere to consider joining. Everyone is hurt by messaging abuse: end-users, senders and receivers. We all have a role to play in stopping abuse, and MAAWG is one way to learn about what you can do.
On a more personal note it was great to meet new folks and to see familiar faces. And a big thanks to all of you who took the time to tell me you liked this blog. Thank you for reading!
EDIT: Another press article about the conference.

Read More

Fake privacy policies

I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.

Read More

Introducing the "No email 'till Monday"

Ever have that day? That day full of delivery problems, ISP problems, headaches and turmoil? That week where you want to just forget email ever existed? Ever have that day extend for a week?
So have we all. In honor of that kind of day, we introduce the “No email ’till Monday”.
Fill a shaker with ice. Then add:
6 fl ounces light rum
4 fl ounces pineapple juice
2 fl ounces cointreau
heavy dash blood orange bitters.
Shake. Pour into 2 cocktail glasses and garnish with a pineapple slice.
Serves 2 (or one if it’s been a really *really* bad week)
The "No email 'till Monday"
We have made this with both light rum and pineapple flavored rum. The pineapple lends a sweeter taste to the drink, but there is a nice burnt sugar edge to the drink with the straight light rum.
I’m headed out on Monday to Amsterdam for a family wedding and MAAWG so blogging will be light for the next 2 weeks. I have some posts stacked up and the people I meet and talk with at MAAWG always trigger new thoughts about email, delivery and spam so do check back while I’m gone.
Those of you who are going to be at MAAWG be sure to stop by my session on Wednesday afternoon and add your perspective to the discussion.

Read More