Evaluating system security by analyzing spam volume

Jul 24, 2014

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net project.

"The goal is to alert companies that they are spamming [and] hold them accountable to stop spamming, thus enhancing their security levels by creating fewer opportunities for consumer data to be stolen," said center Director Andrew Whinston.

Spam, frequently sent by a third party without a company's knowledge, can be a symptom of an underlying security problem. SpamRankings.net ranks companies' levels; the higher the rank, the greater the amount of spam they're sending. Companies are ranked within a specific industry sector, such as telecom, medical institutions, banks, insurance companies, universities, retail, high tech, and government offices.

For the end-user, inbound spam can carry malicious codes used by hackers for fraud and crime. For the organization, outbound spam confirms that the company's IT security has been breached, and the organization is susceptible to all sorts of other malware, such as phishing, which tries to trick users into supplying account numbers and passwords.

"Most spam is sent from computers compromised by botnets," said Gene Moo Lee, lead researcher and doctoral candidate in the department of computer science. "The same security problems that lead to spam could also be used for worse things, such as denial of service attacks, identity theft, blackmail and alteration of financial records."

SpamRankings.net sends out a monthly advisory to companies distributing spam. Each advisory includes example addresses that sent spam during the month so the organization can check those addresses to see if they're still infested.

The group of researchers behind the project explained that several companies and organizations have reached out to them to express appreciation for alerting them to their spam levels as well as to provide updates about the changes they have made to enhance the security of their IT systems.

The Director of Information Technology with Kayak Software shared that the company reduced its spam by 100 percent after receiving an advisory from SpamRankings.net and said the company wants to be informed about any future alerts the SpamRankings team receives.

The group of researchers behind the SpamRankings.net project explained that they will provide more addresses, specific dates when the addresses were affected, and any other additional information that will help companies determine the source of their problem in order to increase and keep consumer data safe.

About Spam Rankings

The SpamRankings.net project has been measuring spam volume from thousands of US companies over a period of several years. This project receives financial support form the National Science Foundation (NSF).

Explore further: AOL probes breach allowing hackers to spoof email

add to favorites email to friend print save as pdf

Related Stories

Researchers zap huge global spam 'botnet'

Jul 19, 2012

A huge global 'botnet' responsible for sending out millions of spam messages each day has been shut down by a collaborative effort from security experts in the US, Britain and Russia, researchers said.

'Bad neighbourhoods' on the internet are a real nuisance

Mar 08, 2013

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam. That just is one of the striking results of an extensive study by ...

Recommended for you

Say Ello to the new privacy debate on social media

Sep 29, 2014

Ello is new social networking space on the web that is receiving a lot of attention of late – so much that it's caused a few problems with the website out of action from time to time. ...

Post-Snowden, iPhone 6 encryption fans safety debate

Sep 28, 2014

Encryption technology in the iPhone 6 has taken root in a scales-of-justice debate between privacy supporters and public safety officials. Apple is using a more advanced encryption technology.

User comments : 0