The Messaging Anti-Abuse Working Group—a group of Internet service providers and network operators dedicated to fighting spam and other e-mail abuses—last week put out a survey claiming that almost a third of consumers admitted to responding to e-mail they suspected was spam.
However, the study is utterly useless because of the use of one word: “spam.”
Why? It was done in the context of online security and the spread of malware and botnets.
“About 80% of users doubted their computers were at risk of ever being infected with a ‘bot,’ which is a covertly planted virus capable of sending spam or causing other damage without the owner's knowledge,” said the release announcing the study.
“The results indicate a lack of awareness among consumers since industry reports indicate bots are responsible for generating much of today's illegitimate email,” the release continued.
The results indicate nothing about consumer awareness because the word “spam” is too broad a term to be useful in a study concerning malware and botnets.
A quick glance at my own Gmail account can serve as an illustration.
In my inbox at the time of this writing, there’s spam from French gourmet foods marketer D’artagnan offering me 15% off my entire order if I shop now. There’s also a spam e-mail from CheaperCigars.com offering me new NUB maduro cigars.
Not surprisingly, there’s also spam in my spam folder, such as the message from “PenisPiLlesomo” offering me “A larger male part” and the message from “Emily Maxwell” urging me to “Augment your lovestick and increase your confidence.”
Sixty percent of the consumers in MAAWG’s survey defined spam as “e-mail I did not request.”
As a result, all four examples from my inbox are spam, according to the definition given by the majority of the MAAWG survey’s respondents—and by my own definition, as well.
The difference is, I have done business online with two of the senders, am comfortable I can trust them with my credit card numbers and will occasionally click on the links in their messages—even though I never gave them permission to e-mail me.
As for the other two, I keep meaning to try D’artagnan and CheaperCigars.com and just never seem to get around to it.
Kidding!
The point is, I wouldn’t dream of opening the messages from “PenisPiLlesomo” or “Emily Maxwell,” but if MAAWG asked me if I have ever opened spam e-mail and made a purchase as a result, I would have to say “yes” because I have.
Also, just guessing here, but I believe it’s highly unlikely D’artagnan and CheaperCigars.com are hijacking consumers’ computers to be part of any botnet.
I’m no research expert, but a question along the lines of, “Have you ever responded to an e-mail solicitation from an individual or organization you’ve never heard of?” would certainly have resulted in a more accurate picture of the percentage of consumers interacting with potentially dangerous e-mail.
This is not to trivialize MAAWG. It is a serious organization doing serious work.
But before its recent survey, we knew squat about the average consumer’s propensity to click on dangerous e-mail. And after the survey, we still know squat about the average consumer’s propensity to click on dangerous e-mail.
