The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net project.
"The goal is to alert companies that they are spamming [and] hold them accountable to stop spamming, thus enhancing their security levels by creating fewer opportunities for consumer data to be stolen," said center Director Andrew Whinston.
Spam, frequently sent by a third party without a company's knowledge, can be a symptom of an underlying security problem. SpamRankings.net ranks companies' spam levels; the higher the rank, the greater the amount of spam they're sending. Companies are ranked within a specific industry sector, such as telecom, medical institutions, banks, insurance companies, universities, retail, high tech, and government offices.
For the end-user, inbound spam can carry malicious codes used by hackers for fraud and crime. For the organization, outbound spam confirms that the company's IT security has been breached, and the organization is susceptible to all sorts of other malware, such as phishing, which tries to trick users into supplying account numbers and passwords.
"Most spam is sent from computers compromised by botnets," said Gene Moo Lee, lead researcher and doctoral candidate in the department of computer science. "The same security problems that lead to spam could also be used for worse things, such as denial of service attacks, identity theft, blackmail and alteration of financial records."
SpamRankings.net sends out a monthly advisory to companies distributing spam. Each advisory includes example addresses that sent spam during the month so the organization can check those addresses to see if they're still infested.
The group of researchers behind the project explained that several companies and organizations have reached out to them to express appreciation for alerting them to their spam levels as well as to provide updates about the changes they have made to enhance the security of their IT systems.
The Director of Information Technology with Kayak Software shared that the company reduced its spam by 100 percent after receiving an advisory from SpamRankings.net and said the company wants to be informed about any future alerts the SpamRankings team receives.
The group of researchers behind the SpamRankings.net project explained that they will provide more addresses, specific dates when the addresses were affected, and any other additional information that will help companies determine the source of their problem in order to increase security and keep consumer data safe.
About Spam Rankings
The SpamRankings.net project has been measuring spam volume from thousands of US companies over a period of several years. This project receives financial support form the National Science Foundation (NSF).
Explore further: AOL probes breach allowing hackers to spoof email