Does Sending Mass Emails (Spam) Work for Grey-Area Online Entrepreneurs?

So the other day I got an email. After giving it a thorough 3-second examination, it went straight to my spam folder. Then after a couple of hours, I went back to see it again as it actually was one of the most out of place spam emails I received in a while.

It was trying to sound like it was a personally crafted email by a real human who actually visited my site and then wrote the thing. But in the end, it was a lame attempt, mainly because of the topic of the email, which made it clear that the person was just sending mass emails. See for yourself:


Just to be clear, even though you surely know this, I don’t have anything about IP video surveillance practice published on my site. Well, at least until today I didn’t.

Anyway, it got me thinking. How effective can email spam actually be? I mean, since there’s so much stuff circulating around then maybe it is profitable for those with thick enough skin to push the send button every day?

These are the things I wanted to find out so I did some sniffing around, also known as researching. Here’s what I found:

(Disclaimer. I’m not encouraging you to spam in any way. I’m just telling you what the reality is and reporting about the numbers I’ve found. You’re a responsible human being so you can surely do the right thing with this information.)

Problem no. 1 – new stats on sending mass emails are hard to come by


Although there’s much stuff about the volume of spam circulating on the web in general, there’s not nearly as much about the results that spam brings to the ones sending it out.

Spam has become a real no-no topic and it’s probably not politically correct to talk about its effectiveness. Well, I don’t care about being politically correct… So here goes.

The data I found came from the year 2006 up to today. I do realize that a lot could have changed along the way, but I believe that the general principles are still the same. This is purely because people don’t evolve that much over a 7 year period, so most basic impulses should still be there.

Starting with:

Click-through rates are surprisingly high

Sort of…

Before I reveal the market that scores the biggest click-through rates (CTR), let me talk some raw numbers:

  • The no. 1 market scores up to 5.6% CTR.
  • The no. 2 market scores only 0.02% CTR.
  • The no. 3 market is at mere 0.0075% CTR.

It’s clear that the winner outperforms all the others by a long shot. As it turns out, not every market/topic or type of product is good for sending mass emails.

So…who’s the leader in spam? No real surprise here, it’s porn. No. 2 is pharmaceutical spam, no. 3 is advertising Rolex watches.

As explained by Francis de Souza:

Successful spam is about impulse purchases. Things like home mortgages have a lower success rate than things you’d buy on impulse. Things like Viagra, porn.

Conversion rates are predictably low

While CTRs were somewhat of a surprise to me, the story levels out with conversion rates.

To say it simply, there’s on average just 1 sale for every 12.5 million (!) spam emails sent.

This is not just an estimated number. In 2008, a team of researchers from the University of California took control over a spam network of hijacked computers and decided to use them to send their own fake spam and see what results it will produce.

After 26 days of the experiment and nearly 350 million emails sent out, they only got 28 sales. These were sales for a fictitious herbal remedy to increase one’s sex drive (seems the researchers knew what markets work for sending mass emails).

If you ask me, the small number of 28 doesn’t really make the results statistically significant. A lot can be attributed to pure chance with the numbers so low. But it’s still worth noting down that the actual conversions are surely not impressive.

Here’s the kicker, though:

Spam is still extremely profitable


Despite the fact that there’s one sale in 12.5 million emails, it still represents revenues of around $100 per day – as reported by the researchers.However, the thing with spam is that some “pros” scale it to bigger volumes and send tens of millions of such email a day. The researchers estimated that with the simple setup they had, they could make $7,000 per day if they kicked it up a notch.

The technical setup needed to send spam on a large scale is not that expensive, so it turns out that the ROI should be quite high for spammers. Basically, spammers use zombie-computers with infected software for sending out emails. The owners of those computers don’t even know that they’re sending anything. In other words, spammers use other people’s machines, bandwidth, electricity and whatnot to send the emails.

Most active spam markets


The markets most active in the spam space are:

  1. Sex/dating – 42.51% of all spam.
  2. Pharmaceutical – 32.61%.
  3. Watches – 8.55%.
  4. Jobs – 6.85%.
  5. Software – 5.86%.
  6. Casino – 1.60%.
  7. Weight loss – 0.11%.

As you can see, the list tightly follows the things that spam is proven to be most effective for – mentioned earlier in this post.

For me, the only surprise is a relatively low position of weight loss on the list. It might seem that weight loss is something that a lot of people are interested in, yet it’s not that popular when it comes to the overall spam volume.

Spam is not only email

Email is the oldest type of computer-based spam, but these days we also witness Twitter spam (both via @mentions and DMs), social media spam in general, search engine spam (hey, if a site has nothing on it yet it ranks for a popular keyword then it’s still spam), YouTube spam (videos optimized for certain keywords, with only a picture throughout the whole video and a link to a spam page), and more.

The social media spam space gets a bit ridiculous if you ask me. For example, there are 3.5 billion (that’s billion) spam tweets posted on Twitter every day. A staggering 40% of social media accounts are spam accounts, and 8% of all social media posts are spam (and if you add all of people’s pictures of their children and their pets this will probably make it more like 60%).


In the end, sending mass emails and spam in general is huge on the web. It’s the new black. Scratch that; it has always been the new black. And it’s not going anywhere.

But again, I am not writing this to encourage you to join the spam-world. I’m just reporting on the reality that we have to face when working on the web. It’s always better to know this stuff than to believe in a fairy tale that spammers are just stupid. They’re not. They make a ton of money off our frustration.

If you like the stuff, just enter your name and email below to sign up to my newsletter,
where you’ll get more resources just like this one.

Does Sending Mass Emails (Spam) Work for Grey-Area Online Entrepreneurs? |

Once Upon a Time … There’s Some Malware on Your Site

malwareThis isn’t actually funny at all.

I don’t know if you noticed this, but my site got infected with some malware about a week ago.

The malware was not a result of my reckless behavior or anything. Just some malicious Apache module sitting on the server at my web host (cheers, WPWebHost, we’re probably not going to do business any more).

First of all, here’s how it all started.

One day I received a friendly email from Google:

Dear site owner or webmaster of,

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on


We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed.


Google Search Quality Team

Now, the tone is very friendly, yet what it actually means is this:

Your site is infected. We’re banning it from the search engine results. Get it fixed now!

And this is something my SEOmoz monitor confirmed a while after. Here are the rankings for my main keywords:


Nice, huh?

And of course, whenever there’s malware on any site, every major browser starts to display a warning message when someone tries to visit it. Which means that what followed shortly afterwards was a decline in traffic.


Well, it was about time to do something.

So I started digging and found that the malware was only visible on which was funny because the template file responsible for this URL is archive.php – and this is a file that also runs my date archives and category archives. Besides, there are also tens of other tags on the site, yet only this one was infected.

This was clearly not a problem with any of the template files. The problem was sitting somewhere deeper.

Since I’m an engineer and have a Master’s Degree in computer science I have to say that this malware was a nice piece of coding.

It didn’t come up during every scanning attempt (it only presented itself once every X times), it banned the most often used IPs (so whenever someone tried to visit the page more than X times the malware was no longer active), and as I said before it didn’t put any suspicious code inside any of the WordPress files.

While doing my research I stumbled upon this great post: Malicious Apache Module Injects Iframes.

It describes the exact problem I was experiencing. Here’s a screenshot from one of my Sucuri scans:


There’s an iframe located outside of the visible area. The URLs and the method is the exact same one as described in the article.

Hosting problems

Now the best part.

The support team at WPWebHost is crap.

Here’s the usual scenario when you contact them:

Me: hey, there’s a problem with my site.

Them: no, there’s not.

Me: yeah, there is, {explanation}.

Them: no, we did one single test, there’s not.

Me: there is; here’s {evidence #1}, {evidence #2}, and {evidence #3}.

Them: okay, there is, I’m transferring your ticket to our upper level support.

Them (upper level): hey, we did one single test, there’s no problem.

What. The. Hell?!

Anyway, after going back and forth a number of times they were finally able to fix it. Without even explaining what happened. And without saying anything about what I can do to prevent similar situations in the future.

But that’s not the end of the story.

Here’s my downtime graph:


The red spots indicate the downtime.

Oh, and there’s also one more problem about my emails not reaching their destinations…

Long story short… Sorry guys, but it’s time for me to move on. And make sure that this post ranks well for phrases like “is WPWebHost any good” or something similar.

The current situation

Well, everything’s fixed. I’m in the middle of transferring my account to HostGator, and hoping that my rankings will return soon.

There’s no longer any malware on my site and I hope it stays this way.


As it turns out, Google works quite quickly to recognize every change. What this means is that my site is back in the ranking, which is great. Check this updated graph by SEOmoz:


Once Upon a Time … There’s Some Malware on Your Site |