Why Do Spammers Spam? The Business Behind Your Junk Folder
If you have ever wondered why your inbox is full of emails about discount pharmaceuticals, urgent wire transfers from foreign princes, and products you would never buy in a million years, you are asking the right question. The answer is deceptively simple: spam exists because it makes money.
Not a little money. Not pocket change. The global spam industry generates billions of dollars annually, and it persists because the economics are overwhelmingly in the spammer’s favor.
The Three Business Models of Spam
Every spam email you receive falls into one of three categories, and each one has a different business model behind it.
1. Direct Sales
The most straightforward model. Spammers advertise products — typically pharmaceuticals, counterfeit goods, dietary supplements, adult content, or software — and make money when recipients buy. The products are usually counterfeit, unregulated, or both.
The economics are staggering. Sending a million emails through a botnet of compromised computers costs roughly $25 to $50. If even 0.001% of recipients make a purchase (that is 10 people out of a million), and the average order is $50, the spammer makes $500 on a $50 investment. Scale that to a billion emails per day and the numbers become serious.
A 2008 study by researchers at UC San Diego infiltrated a real spam botnet and found that a pharmaceutical spam campaign had a conversion rate of approximately 0.00001% — one buyer per 12.5 million emails sent. Even at that microscopic rate, the operation generated an estimated $7,000 per day because the sending costs were effectively zero.
2. Advance Fee Fraud
The “Nigerian prince” email is the most famous example, but advance fee fraud takes hundreds of forms: lottery winnings, inheritance notifications, business partnership proposals, romance scams, and government grant offers.
The model is simple: convince the victim that a large sum of money is coming their way, then extract increasingly larger “fees” for taxes, legal costs, transfer charges, or bribes before the money can be released. The money, of course, never arrives.
Despite being widely mocked, advance fee fraud remains enormously profitable. The FBI’s Internet Crime Complaint Center (IC3) reports billions in losses annually from these scams. A 2006 UK study estimated that British victims alone lost 150 million pounds per year, with the average victim losing 31,000 pounds.
The scams work because they target vulnerability, not stupidity. People who are financially stressed, lonely, grieving, or simply unfamiliar with internet scams are disproportionately targeted. Spammers deliberately use poor grammar and implausible scenarios as a filtering mechanism — anyone who responds despite the obvious red flags is more likely to follow through with payments.
3. Identity Theft and Phishing
Phishing is the most dangerous form of spam because it does not require the victim to send money directly. Instead, the spammer impersonates a trusted entity — a bank, a tech company, a government agency, an employer — and tricks the victim into revealing login credentials, financial information, or personal data.
Once a spammer has access to a victim’s email or bank account, they can steal funds directly, use the account to send more spam (making detection harder), or sell the credentials on dark web marketplaces. Stolen email account credentials sell for $1 to $15 depending on the provider and account age. Stolen bank credentials sell for significantly more.
Business email compromise (BEC) is the most lucrative variant. Attackers compromise or impersonate a company executive’s email account and use it to authorize fraudulent wire transfers. The FBI estimates that BEC scams cost businesses over $50 billion between 2013 and 2023, making it the single most expensive category of cybercrime.
Why the Economics Always Favor the Spammer
The fundamental problem is cost asymmetry. Sending email is essentially free for spammers, but every spam email imposes costs on everyone else — bandwidth, storage, filtering infrastructure, lost productivity, and financial losses from successful scams.
Here is what the math looks like for a typical spam operation:
- Sending infrastructure: Botnets of compromised computers send the email at zero marginal cost. The botnet itself is either built through malware distribution or rented for $50 to $200 per day.
- Email lists: Harvested from website scraping, data breaches, or purchased in bulk. A million email addresses costs $50 to $100 on underground markets.
- Content creation: Templates are reused, randomized, and automated. Minimal human effort required.
- Success threshold: At one response per million emails, the operation is profitable. At one per hundred thousand, it is highly profitable.
For context, legitimate email marketing campaigns typically see open rates of 15-25% and click rates of 2-5%. Spammers operate at conversion rates millions of times lower and still make money because their costs are millions of times lower too.
Why Spam Persists Despite Filters
Modern spam filters are remarkably effective. Gmail, Outlook, and other major providers block over 99% of spam before it reaches your inbox. Google alone blocks approximately 15 billion spam emails per day.
But spam persists for several reasons:
Volume overwhelms filtering. When hundreds of billions of spam emails are sent daily, even 99.9% filtering effectiveness means hundreds of millions still get through globally.
Spammers adapt. The spam war is an arms race. When filters learn to detect a pattern, spammers change their approach. They rotate domains, use compromised legitimate accounts, embed text in images, exploit zero-day vulnerabilities, and constantly test their messages against popular filters before sending.
International enforcement gaps. Most spam originates from countries where enforcement is difficult or nonexistent. Criminal networks operate across multiple jurisdictions, use cryptocurrency for payments, and hide behind layers of anonymity. The CAN-SPAM Act, GDPR, and similar laws deter legitimate businesses but have limited effect on organized criminal spammers.
The incentive structure is broken. As long as sending spam costs nothing and even a microscopic response rate generates profit, the economic incentive to spam will exist. No amount of filtering or legislation changes this fundamental equation.
What This Means for Email Marketers
The spam problem directly affects legitimate email marketers in several ways:
- Deliverability challenges. Aggressive spam filtering means that even legitimate marketing emails can end up in spam folders. Maintaining good sender reputation and following authentication best practices (SPF, DKIM, DMARC) are essential.
- Trust deficit. Decades of spam have made people skeptical of commercial email. Legitimate marketers must work harder to earn trust and demonstrate value.
- Regulatory burden. Laws designed to combat spam (CAN-SPAM, GDPR, CASL) impose compliance requirements on all commercial email senders, including legitimate businesses.
Our Spam Word Checker can help you avoid trigger words that cause your legitimate emails to be flagged by spam filters. And our Deliverability Score tool checks whether your domain’s authentication is properly configured to stay out of spam folders.
The spam problem is not going away. Understanding why it exists — and how it works — is the first step toward protecting both yourself and your email marketing program from its effects.
Frequently Asked Questions
Why do people still fall for spam emails?
Spam tactics have evolved significantly. Modern phishing emails closely mimic legitimate businesses with professional design, accurate logos, and convincing language. Spammers also exploit urgency, fear, and curiosity — psychological triggers that can override critical thinking even in tech-savvy recipients. The elderly, newly online users, and people under stress are disproportionately targeted.
How much money do spammers actually make?
Revenue varies enormously. A 2008 UC San Diego study found that a pharmaceutical spam operation generated roughly $7,000 per day from a botnet sending hundreds of millions of messages. Top-tier operations running business email compromise (BEC) scams have stolen hundreds of millions from individual companies. The FBI estimates BEC scams alone cost businesses over $50 billion between 2013 and 2023.
Is sending spam illegal?
Yes, in most countries. The US CAN-SPAM Act (2003), Canada's CASL (2014), and the EU's GDPR (2018) all regulate or prohibit unsolicited commercial email. However, enforcement is difficult because most spam originates from overseas operations using compromised computers, fake identities, and jurisdictions with weak enforcement. The practical reality is that laws deter legitimate businesses from spamming but have limited effect on criminal spammers.
Why can't spam filters stop all spam?
Spam filtering is an arms race. Filters use machine learning, reputation scoring, content analysis, and authentication checks (SPF, DKIM, DMARC) to block spam. But spammers continuously adapt — rotating domains, using compromised legitimate accounts, employing image-based content to evade text analysis, and exploiting zero-day vulnerabilities. Filters catch over 99% of spam today, but the remaining 1% of billions of daily messages still means millions of spam emails reach inboxes.