The average network manager struggling with the burdens spam imposes probably wonders aloud "Who buys this stuff anyhow?" once or twice a week. A study says the answer to that question might be found in a neighboring cube.
Analyst firm Radicati and e-mail server/security vendor Mirapoint plan to release a study on Monday that indicates end-users aren't doing much to aid admins in the war on spam, and some of them are actively, if unwittingly, aiding and abetting the enemy. Ahead of the study's release, Radicati issued a summary of some of its highlights.
Bad user behaviors cataloged by Radicati and Mirapoint and covered in the summary included obviously risky or problematic behaviors, such as following the links in a spam message, which the firms report 31 percent of their respondents admitted to; and behavior that ardent spam opponents know to avoid, such as using the unsubscribe address in a spam, which 18 percent admitted to.
As the firms note, both those behaviors are problematic because they tip spammers off to the validity of a given address and encourage more sophisticated and abusive spam campaigns, including recently reported directory harvest attacks, which flood enterprise mail servers with spams mailed to every conceivable addressee with a common name.
Worse than either of those offenses, however, is rate at which survey respondents admitted to purchasing items offered in a spam message: Ten percent admitted to that behavior. Based on the study's findings, that ten percent response rate indicates that spam might even do better than the average, legitimate e-mail campaign, which the Direct Marketing Association reported had a response rate of 1.88 percent in a 2003 study. CipherTrust, which produces the IronMail e-mail appliance, claims spammers need only a response rate of 1 in 50,000 for a spam campaign to be profitable.
"This preliminary data is surprising and somewhat shocking to us," said Radicati market analyst Marcel Nienhuis in a statement. "It explains why email security threats including spam, viruses and phishing scams continue to proliferate. Major advancements in technology approaches that routinely achieve 90% plus catch-rates are becoming widely available, yet no technology in the world can protect an organization if users'[sic] exercise bad email behavior."