SPAM is sent usually by someone who wants to sell you something. Sometimes
these are companies, but more often, these are individuals or fly-by-night small
businesses. Sometimes these entities go to a third-party company who they then
pay to send a bulk mail on their behalf. Most of the time, these third party
bulk email companies are ethical and will seek to enforce anti-spam regulation
on their clients. But, other times spammers will use simple home computers to
send their bulk email. Computer security experts estimate that as much as 30%
of all spam is relayed using compromised home PCs located around the world in
home offices and living rooms. These computers are not necessarily set up for
the purpose of spamming, but could be vulnerable to outside control, which thus
allows the unethical spammer to use that PC as a relay. (more on securing your
computer against this later in the article).

But, who is the typical spammer? Usually they are an individual person. They
are predominantly male, around 16-35 years old. They are usually living in or
working from their home. They are usually technically competent, and you would
need to be to devise ways to send emails using other people’s computers. Sometimes,
a spammer will be involved with other illegal activities such as credit card
fraud. Almost all of them consider their "business" to be harmless
and see absolutely nothing wrong with what they do. Properly set up, a single
spammer can send millions of emails every single day. A well-known spammer by
the name of Ronnie Scelson boasts that he can send as much as 84 million emails
every day. They use software like News Blast, Mailbomb or Prospect Mailer. Some
spammers will have software custom written to send their bulk mails. Spammers
generate income based on sales or leads, so the more emails they send out, the
better. Even though nobody really wants spam in their inbox, a few still respond
and this is what keeps the spammer in business. For any given 1 million bulk
emails, maybe 100 or 150 will respond to it, which is a sales lead or even an
actual sale for the spammer. The spammer’s products might be by way of drop
shipping or something similar. Some take clients who pay them to send spam,
so the spammer will make money for sales leads or simply for the service of
having sent the bulk mail. A good spammer can generate a decent income from
this practice; some earn as much as $100,000 per year.

Ronnie Scelson, as I mentioned above, is a notorious spammer that is well-known.
Based in Louisiana, he is known as the "Cajun king of spam". He is
a high school dropout, early thirties, married with 3 kids. In a USA Today
profile, he says "I hate spam as much as the next guy. What I do is not
illegal. It’s the people who spam sex, Viagra and get-rich-quick schemes that
give commercial e-mailers a bad name." The article goes on to reveal a
man who lives life on the edge, constantly trying to out-flank anti-spam forces
online. He chain-smokes. He claims to send out 60 million to 70 million emails
per day. He has no qualms about what he does. He says he provides all recipients
an option to remove themselves from the mailing list, does not hide behind forged
email addresses, and leaves contact info in the email. He has testified before
the US Senate about spam, but says openly that if any anti-spam legislation
is passed which affects his business, he will simply move offshore.

Scelson makes a good income in the business, too. He works from a home office,
but has a dozen rack-mounted servers on 24 hours per day, going though 165,000
emails per hour in order to weed out the roughly 16% that are actually legitimate
addresses. He sends those emails to servers located throughout the US, China,
South America and Europe. He says he sends them an automated message asking
them if they want spam, and if they say yes, he will send them bulk emails.
Otherwise, he says he leaves them alone. He charges clients anywhere from $10,000
to $50,000 per month to send their ads, and Scelson estimates he makes $30,000-$40,000
per month in profit. He has a staff who help fend off anti-spam attacks and
maintain his various operations around the world.

Scelson is an extreme case of a bulk mailer, and is not really a typical case.
But, his notoriety has earned him a threat-filled life, one in which he keeps
a 9mm handgun right next to his computer. Scelson has been kicked off of numerous
networks and has sued to stay on others. His costs and legal fees forced him
to file for Chapter 13 bankruptcy in March of 2003, claiming $500,000 debt.
While Scelson may escape much of the anti-spam tactics, others are not so lucky.
There are estimated 2,000 spammers in the United States. Many companies spend
millions battling SPAM. Microsoft and AOL have had strong anti-spam efforts.
Earthlink has pending legal action on a long list of known spammers. A spammer
named Howard Carmack, known as the "Buffalo Spammer", was sentenced
to 7 years in jail on 14 counts of identity theft and forgery in 2004. He was
estimated to have sent 850 million emails. Earthlink won a judgment of $16.4
million against Carmack, who was accused of using stolen credit cards to sign
up for Earthlink accounts and then using those accounts to send spam.

Some other spammers you can check out are Scott
Richter, "Captain
Bob",

You can research spammers on your own using the ROKSO
database, hosted by the SpamHaus
Project. The Register of Known Spam Operations (ROKSO) is a database of
spammers which have been terminated by a minimum of 3 ISPs for spam offenses.
Each member of the list has detailed information, including their aliases, media
stories on them, etc. They even mention which other spammers they are partnering
with, something that occurs rather frequently in the spammer community. According
to the ROKSO site, 80% of spam received by users in North America and Europe
"can be traced via aliases and addresses, redirects, hosting locations
of sites and domains, to a hard-core group of around 200 known spam operations
("spam gangs"), almost all of whom are listed in the ROKSO database".
This is a very interesting database.