Evaluating system security by analyzing spam volume

Jul 24, 2014

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net project.

"The goal is to alert companies that they are spamming [and] hold them accountable to stop spamming, thus enhancing their security levels by creating fewer opportunities for consumer data to be stolen," said center Director Andrew Whinston.

Spam, frequently sent by a third party without a company's knowledge, can be a symptom of an underlying security problem. SpamRankings.net ranks companies' levels; the higher the rank, the greater the amount of spam they're sending. Companies are ranked within a specific industry sector, such as telecom, medical institutions, banks, insurance companies, universities, retail, high tech, and government offices.

For the end-user, inbound spam can carry malicious codes used by hackers for fraud and crime. For the organization, outbound spam confirms that the company's IT security has been breached, and the organization is susceptible to all sorts of other malware, such as phishing, which tries to trick users into supplying account numbers and passwords.

"Most spam is sent from computers compromised by botnets," said Gene Moo Lee, lead researcher and doctoral candidate in the department of computer science. "The same security problems that lead to spam could also be used for worse things, such as denial of service attacks, identity theft, blackmail and alteration of financial records."

SpamRankings.net sends out a monthly advisory to companies distributing spam. Each advisory includes example addresses that sent spam during the month so the organization can check those addresses to see if they're still infested.

The group of researchers behind the project explained that several companies and organizations have reached out to them to express appreciation for alerting them to their spam levels as well as to provide updates about the changes they have made to enhance the security of their IT systems.

The Director of Information Technology with Kayak Software shared that the company reduced its spam by 100 percent after receiving an advisory from SpamRankings.net and said the company wants to be informed about any future alerts the SpamRankings team receives.

The group of researchers behind the SpamRankings.net project explained that they will provide more addresses, specific dates when the addresses were affected, and any other additional information that will help companies determine the source of their problem in order to increase and keep consumer data safe.

About Spam Rankings

The SpamRankings.net project has been measuring spam volume from thousands of US companies over a period of several years. This project receives financial support form the National Science Foundation (NSF).

Explore further: AOL probes breach allowing hackers to spoof email

Related Stories

Researchers zap huge global spam 'botnet'

Jul 19, 2012

A huge global 'botnet' responsible for sending out millions of spam messages each day has been shut down by a collaborative effort from security experts in the US, Britain and Russia, researchers said.

'Bad neighbourhoods' on the internet are a real nuisance

Mar 08, 2013

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam. That just is one of the striking results of an extensive study by ...

Recommended for you

Protecting our rights to privacy and digital dignity

1 hour ago

How many of us read the terms and conditions when signing up to a social media account or downloading a new app? And does agreeing to these rules offer us any real protection from big business looking to ...

Twitter expands privacy on direct messages

16 hours ago

Twitter said Monday it was making it easier to take direct messages private, carving out a bigger space for targeted exchanges on the popular microblogging service.

DOJ, FBI acknowledge flawed testimony from unit

Apr 19, 2015

The Justice Department and FBI have formally acknowledged that nearly every examiner in the FBI Laboratory's microscopic hair comparison unit gave flawed testimony in almost all trials in which they offered evidence against ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.