A new resource for spotlighting organizations that are unwittingly contributing to the global spam problem aims to shame junk email havens into taking more aggressive security measures.
SpamRankings.net is a project launched by the Center for Research in Electronic Commerce at the University of Texas at Austin. Its goal is to identify and call attention to organizations with networks that have been infiltrated by spammers.
Andrew Whinston, the center’s director, said the group initially is focusing on health care providers that appear to be infected with spam bots. “Nobody wants to do business with a bank or hospital or Internet hosting company that has been hijacked by spammers,” Whinston said. “It’s an environment in which user data can be stolen or compromised.”
It’s not clear whether people pay attention to spam rankings when choosing providers, but it’s nice that another method of measuring badness and reputation on the Web has come online. Unfortunately, one doesn’t have to look very hard to find spambot infections at many health care providers. In April, I wrote about a service that lets crooks proxy their communications through hacked PCs (see: Is Your Computer Listed for Rent?): Within a few hours of poking around that service, I found three health care providers that were hosting spambots.
John Quarterman, senior researcher for Spamrankings.net and chief executive of network monitoring service Internetperils.com, said future versions of the project will focus on organizations in other industry verticals, such as banking and Web hosting.
The data come from the Composite Block List (CBL), which tracks Internet addresses that have been seen sending spam. The CBL contains a massive amount of information, but it doesn’t publish the data directly. What’s more, it isn’t terribly easy from looking at the CBL data to tell which organizations have spambot problems. Getting to that level of detail involves correlating obscure autonomous system numbers (ASNs) to network owners, and then drilling down to see which organizations are responsible for smaller subsets of Internet address space. Spamrankings said it got help with that translation process from Team Cyrmu, an organization that tracks cyber crime activity.
“Everybody knows there’s a lot of spam out there, but hardly anybody knows where it’s coming from,” Quarterman said. “Which is a little weird because the data is in the CBL but nobody has been pulling it out and tying it to individual organizations on a regular basis.”
Quarterman said he hopes that the data from spamrankings.net will be syndicated, perhaps via widgets built to republish the data on blogs or Facebook pages. In addition to highlighting sources of spam, the project plans to call attention to organizations that quickly respond to spambot problems.
“We’re not going to just wait for these organizations to contact us,” Quarterman said. “We’re going to try talking to them to find out what they’re doing about it, and hopefully we can share some of that, too.”
The data now on spamrankings.net is from April, but the project is preparing to publish its May numbers. Those stats show that some organizations listed in the April rankings have made dramatic improvements, and a few appear to have cleaned up their spambot problem entirely. Others seem to have had mixed results.
“Some organizations succeeded in bringing their spam to zero,” Quarterman said. “But the leader on the April list — Cedar Sinai Health Systems — managed to keep their spam volumes low for a few weeks in May, but by the end of the month they’d surged back into the number one spot.”
I applaud this effort, and hope that it gains traction. I remain convinced that the Internet community would benefit from a more comprehensive and centralized approach to measuring badness on the Web. There are many existing efforts to measure reputation and to quantify badness online, but most of those projects seek to enumerate very specific threats (such spam or hacked Web sites) and measure the problem from a limited vantage point. What is lacking is an organization that attempts to collate data collected by these disparate efforts and to publish that information in near real-time.