http://www.usenix.org/events/leet09/tech/full_papers/kreibich/kreibich.pdf:

Spamcraft: An Inside Look At Spam Campaign Orchestration

Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright,
Geoffrey M. Voelker, Vern Paxson, Stefan Savage


--

http://www.usenix.org/events/leet09/tech/:

2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats

LEET '09 was held in conjunction with the 6th USENIX Symposium on
Networked Systems Design and Implementation (NSDI '09), April 22-24,
2009.

--

From the introduction:

In this paper we present an inside look at how [spam] campaign
orchestration takes place. Over a period of ten months, we have
infiltrated the spamming campaigns hosted on a large-scale spamming
platform: the Storm botnet. Our analysis is two-pronged. First,
instead of focusing on particular corpora of spam, we analyze the raw
material used to produce spam, including textual templates employed
for generating highly diverse spam instances.  We identify over 90
different campaign types hosted on the Storm platform during the
timeframe of our investigation, targeting over 630 million different
email addresses and harnessing well over 90,000 different spamming
zombies. We classify individual campaigns by topic and time, and study
the evasive maneuvers employed by the spammers to stay ahead of
filtering infrastructure. Second, we study the spammer's campaign
targeting strategies, including usage patterns of "spamvertized"
domains, harvested email addresses, target group selection, and target
list maintenance.

Our findings indicate a wide range in campaign duration, evasive
sophistication, and user targeting - even within a single botnet.

--