Spamalytics: A methodology for measuring the conversion rate of spam. Coined from “spam” and “analytics.”
From a New York Times article by John Markoff (“Study Sees Way to Win Spam Fight”), published May 20, 2011:
For years, a team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, the billions of unwanted e-mail messages generated by networks of zombie computers controlled by the rogue programs called botnets. They even coined a term, “spamalytics,” to describe their work.
That coinage appeared in a 2008 paper, “Spamalytics: An Empirical Analysis of Spam Marketing Conversion,” by Chris Kanich, Christian Kreibich, et al. The introduction sets the tone, which is atypically zippy for an academic paper:
Spam-based marketing is a curious beast. We all receive the advertisements—“Excellent hardness is easy!” —but few of us have encountered a person who admits to following through on this offer and making a purchase. And yet, the relentlessness by which such spam continually clogs Internet inboxes, despite years of energetic deployment of anti-spam technology, provides undeniable testament that spammers find their campaigns profitable. Someone is clearly buying. But how many, how often, and how much?
After taking over part of an existing botnet, the Berkeley team waged its own spam campaign, sending out almost 350 million pieces of junk e-mail over 26 days. By the end of their trial, they had netted a whopping 28 sales. That’s about one response for every 12.5 million e-mails sent, a conversion rate of less than 0.00001 percent.
In a new paper, to be presented tomorrow at the IEEE Symposium on Security and Privacy in Oakland, California, the team reveals that “95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies” (Markoff’s summary). The paper itself concludes:
[I]f U.S. issuing banks (i.e., banks that provide credit cards to U.S. consumers) were to refuse to settle certain transactions (e.g., card-not-present transactions for a subset of Merchant Category Codes) with the banks identiﬁed as supporting spam-advertised goods, then the underlying enterprise would be dramatically demonetized. Furthermore, it appears plausible that such a “ﬁnancial blacklist” could be updated very quickly (driven by modest numbers of undercover buys, as in our study) and far more rapidly than the turn-around time to acquire new banking resources—a rare asymmetry favoring the anti-spam community.