Be honest: have you ever responded to a spam e-mail? Do you know anyone who has? If you're like most of us at Ars, you can't fathom why anyone would respond to most of the messages we get, but a new study released by the Messaging Anti-Abuse Working Group (MAAWG) shows that there are just enough people responding to make spamming worthwhile—especially since most spam these days is sent by botnets.

According to the group's latest report, a disturbing number of e-mail users respond to spam, and not just because they're dumb—some of them did so because they were actually interested in the product or service. Shocking, we know.

Admitting the secret shame

The MAAWG conducted 800 interviews by phone and Internet across the US with people who had e-mail addresses not managed by a corporate IT staff. It found that two-thirds of the group said that they were very or somewhat experienced with Internet security, and a majority used filters of some kind in order to avoid spam. Eighty-two percent were aware of bots and botnets, though not many believed they were at risk of being victimized by one.

Slightly less than half (48 percent) said that they have never clicked on a spam e-mail. That's the good news, but that means the other half have clicked on or responded to spam. But why? The answers will undoubtedly horrify you. A full 12 percent said that they were interested in the product or service being offered—those erection drug and mail order bride ads do reach a certain market, it appears.

Seventeen percent said that they made a mistake when they did so—understandable—but another 13 percent said they simply had no idea why they did it; they just did. Another six percent "wanted to see what would happen."

(Interestingly, a larger percentage of people who were interviewed by phone said that they had never acted on a spam message compared to those who answered online. Guess it's true that users would rather not admit their foibles when speaking to a real person.)

"Although a small percentage of the computing population, these numbers still earn a significant enough return on investment to support a booming spam-driven underground economy," wrote MAAWG. Indeed, with spam making up a very large majority of all e-mail traffic—Microsoft recently claimed it was at 97 percent—even low sellthrough rates are enough to make things very profitable. With botnets supposedly sending more than 80 percent of that spam (according to Symantec), there are now relatively few man-hours involved in making money from a spam-based business. Just set it and forget it.

It's hard to believe that so many people respond to spammers for any reason—much less because they actually want to buy something, but that's human nature for you. Glancing through my spam folder, the offers range from setting me up with a "lovely Russian woman TODAY!!!!" to "amazing" work from home opportunities (joke's on them—I already work from home).

Needless to say, I'm not responding, but someone is. Have you ever responded to spam?