Evaluating system security by analyzing spam volume

Jul 24, 2014

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net project.

"The goal is to alert companies that they are spamming [and] hold them accountable to stop spamming, thus enhancing their security levels by creating fewer opportunities for consumer data to be stolen," said center Director Andrew Whinston.

Spam, frequently sent by a third party without a company's knowledge, can be a symptom of an underlying security problem. SpamRankings.net ranks companies' levels; the higher the rank, the greater the amount of spam they're sending. Companies are ranked within a specific industry sector, such as telecom, medical institutions, banks, insurance companies, universities, retail, high tech, and government offices.

For the end-user, inbound spam can carry malicious codes used by hackers for fraud and crime. For the organization, outbound spam confirms that the company's IT security has been breached, and the organization is susceptible to all sorts of other malware, such as phishing, which tries to trick users into supplying account numbers and passwords.

"Most spam is sent from computers compromised by botnets," said Gene Moo Lee, lead researcher and doctoral candidate in the department of computer science. "The same security problems that lead to spam could also be used for worse things, such as denial of service attacks, identity theft, blackmail and alteration of financial records."

SpamRankings.net sends out a monthly advisory to companies distributing spam. Each advisory includes example addresses that sent spam during the month so the organization can check those addresses to see if they're still infested.

The group of researchers behind the project explained that several companies and organizations have reached out to them to express appreciation for alerting them to their spam levels as well as to provide updates about the changes they have made to enhance the security of their IT systems.

The Director of Information Technology with Kayak Software shared that the company reduced its spam by 100 percent after receiving an advisory from SpamRankings.net and said the company wants to be informed about any future alerts the SpamRankings team receives.

The group of researchers behind the SpamRankings.net project explained that they will provide more addresses, specific dates when the addresses were affected, and any other additional information that will help companies determine the source of their problem in order to increase and keep consumer data safe.

About Spam Rankings

The SpamRankings.net project has been measuring spam volume from thousands of US companies over a period of several years. This project receives financial support form the National Science Foundation (NSF).

Explore further: AOL probes breach allowing hackers to spoof email

add to favorites email to friend print save as pdf

Related Stories

Researchers zap huge global spam 'botnet'

Jul 19, 2012

A huge global 'botnet' responsible for sending out millions of spam messages each day has been shut down by a collaborative effort from security experts in the US, Britain and Russia, researchers said.

'Bad neighbourhoods' on the internet are a real nuisance

Mar 08, 2013

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam. That just is one of the striking results of an extensive study by ...

Recommended for you

Facebook dressed down over 'real names' policy

20 hours ago

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 0