I understand that spam is a lucrative market, I don’t understand why it is a lucrative market, but it is—somehow.

I realize that this post may seem like ranting—and it is—but I have some questions for all you smart people out there. Read on.

We all know that there are lots of kinds of spam, most familiar is the kind that comes in email—cash our totally legitimate check and send us only 10% of the money and you can keep the rest!—but in starting this blog I’ve been introduced to a new kind of spam. Comment spamming.

Now, I know that some people will abuse anything they can to make money or mess with people, sadly it’s just a fact of nature, and I knew that this blog would potentially become a target for such spam, but I still don’t understand spam in the slightest. (By the way, I really like the Akismet plugin, 300 pieces of spam blocked in less than six months.)

Bruce, you know who you are, you probably don’t really read this blog but I’m going to write you anyway. You repeated someone else’ comments as your own in order to propagate your site. At first I thought your comments were legitimate, they did seem familiar, but legitimate. Shame on you.

Okay, rant over. Here are my questions: I really just don’t understand spam and I’m hoping someone out there can explain it to me. We know it works or no one would send it. So why, when everyone hates it, is it successful? Also, who actually believes spam and sends people they don’t know cash, or goes to their site, or sends them passwords?

This baffles me beyond words.

I think one thing to remember is that while the internet made spam easy, it existed before... there were still chain letters, and people calling you for your bank or credit card number who were fraudulent, and junk mail. So I think the question of "why spam" existed before the internet did. That said, I think spam like you describe in your post is insane (and the height of disrespect).
Cindy on 2010-05-23 13:08:26.0
Two things. 1) Comment spamming has "Black Hat SEO" written all over it. You see, two of the criteria of Google's ranking algorithm are incoming links, and outgoing links. Let's say you write a blog post reviewing a product or application. You obviously want your readers to be able to find said product/application, so you include a link in your post. Google awards the product/application site a gold star for that incoming link. Then, let's say the product/application site reads your review, and includes it in a second post acknowledging all the reviews of said product/application. Gold star to you. Then, Google sees that two sites writing about similar things are linking to each other, and they award each of you another Gold star for the reciprocal links. This should happen all organically. Enter Comment spammers. They basically want to replicate the process, but artificially. They'll scan articles about certain topics, nab a comment, then post it another site, replacing the links. Bruce, in this case, just re-commented. He's obviously broken. Consider it a compliment that you are getting comment spam. You now have somewhat of a presence in search results. Congratulations. 2) Phishing attacks. Facebook emails you saying that you have to reset your password. You look at the sender's email address, and it checks out. You look at the link, and it looks legit. You click on the link, log in, and get an error. Password incorrect. You log in again, and it works. What has happened, is that the spammer has replicated everything about Facebook's process, except they replaced the target URL (hidden behind the link) with their own URL or IP Address. It looks like Facebook, so you try to log in, the Phishing site captures your username and password, then sends you on to the real Facebook, which gives you an error. You log in again, this time it works, and you have no idea that you are a victim of a phishing attack. Then, two days later, every one of your Facebook friends get direct messages from you trying to sell them something. The solution? When you get a message prompting you to log in, do not click on the link. Visit the site directly. Then forward the email to the phishing department of the legitimate site (like phishing@facebook.com).
Devin on 2010-05-24 11:21:37.0