Evaluating system security by analyzing spam volume

Jul 24, 2014

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net project.

"The goal is to alert companies that they are spamming [and] hold them accountable to stop spamming, thus enhancing their security levels by creating fewer opportunities for consumer data to be stolen," said center Director Andrew Whinston.

Spam, frequently sent by a third party without a company's knowledge, can be a symptom of an underlying security problem. SpamRankings.net ranks companies' levels; the higher the rank, the greater the amount of spam they're sending. Companies are ranked within a specific industry sector, such as telecom, medical institutions, banks, insurance companies, universities, retail, high tech, and government offices.

For the end-user, inbound spam can carry malicious codes used by hackers for fraud and crime. For the organization, outbound spam confirms that the company's IT security has been breached, and the organization is susceptible to all sorts of other malware, such as phishing, which tries to trick users into supplying account numbers and passwords.

"Most spam is sent from computers compromised by botnets," said Gene Moo Lee, lead researcher and doctoral candidate in the department of computer science. "The same security problems that lead to spam could also be used for worse things, such as denial of service attacks, identity theft, blackmail and alteration of financial records."

SpamRankings.net sends out a monthly advisory to companies distributing spam. Each advisory includes example addresses that sent spam during the month so the organization can check those addresses to see if they're still infested.

The group of researchers behind the project explained that several companies and organizations have reached out to them to express appreciation for alerting them to their spam levels as well as to provide updates about the changes they have made to enhance the security of their IT systems.

The Director of Information Technology with Kayak Software shared that the company reduced its spam by 100 percent after receiving an advisory from SpamRankings.net and said the company wants to be informed about any future alerts the SpamRankings team receives.

The group of researchers behind the SpamRankings.net project explained that they will provide more addresses, specific dates when the addresses were affected, and any other additional information that will help companies determine the source of their problem in order to increase and keep consumer data safe.

About Spam Rankings

The SpamRankings.net project has been measuring spam volume from thousands of US companies over a period of several years. This project receives financial support form the National Science Foundation (NSF).

Explore further: Snapchat gets $537 million in fresh funding

Related Stories

Researchers zap huge global spam 'botnet'

Jul 19, 2012

A huge global 'botnet' responsible for sending out millions of spam messages each day has been shut down by a collaborative effort from security experts in the US, Britain and Russia, researchers said.

'Bad neighbourhoods' on the internet are a real nuisance

Mar 08, 2013

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam. That just is one of the striking results of an extensive study by ...

Recommended for you

US judge jails Silk Road mastermind for life (Update)

16 hours ago

The American convicted of masterminding the criminal website Silk Road was sentenced in court Friday to life in prison over the online enterprise that sold $200 million in drugs to customers worldwide.

Slow start, gradual improvement for US Internet gambling

May 28, 2015

Internet gambling is off to a slow start in the United States, with banks hesitant to handle credit card payments for online bets and some politicians and casino moguls pushing to ban it, but there remains potential for great ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.