In a move to protect consumer data, the SpamRankings.net project uses a company’s spam volume to evaluate its security vulnerability.
“The goal is to alert companies that they are spamming [and] hold them accountable to stop spamming, thus enhancing their security levels by creating fewer opportunities for consumer data to be stolen,” said Andrew Whinston, director of the Center for Research on Electronic Commerce (CREC) at the University of Texas at Austin.
Spam, frequently sent by a third party without a company’s knowledge, can be a symptom of an underlying security problem. SpamRankings.net ranks companies’ spam levels; the higher the rank, the greater the amount of spam they’re sending. Companies end up ranked within a specific industry sector.
For the end-user, inbound spam can carry malicious codes used by hackers for fraud and crime. For the organization, outbound spam confirms the company’s IT security suffered a breach, and the organization is susceptible to all sorts of other malware, such as phishing, which tries to trick users into supplying account numbers and passwords.
“Most spam is sent from computers compromised by botnets,” said Gene Moo Lee, lead researcher and doctoral candidate in the department of computer science. “The same security problems that lead to spam could also be used for worse things, such as denial of service attacks, identity theft, blackmail and alteration of financial records.”
SpamRankings.net sends out a monthly advisory to companies distributing spam. Each advisory includes example addresses that sent spam during the month so the organization can check those addresses to see if they still have issues.
The group of researchers behind the project said several companies and organizations have reached out to them to express appreciation for alerting them to their spam levels as well as to provide updates about the changes they have made to enhance the security of their IT systems.
The Director of Information Technology with Kayak Software said the company reduced its spam by 100 percent after receiving an advisory from SpamRankings.net and said the company wants to know about any future alerts the SpamRankings team receives.
The group of researchers behind the SpamRankings.net project said they will provide more addresses, specific dates when the addresses end up affected, and any other additional information that will help companies determine the source of their problem in order to increase security and keep consumer data safe.