The University of Texas at Austin
  • He Fights Spam So You Don’t Have To

    By Chad Schneider
    Published: Aug. 28

    Andrew Whinston Longhorn Game Changer

    Since 2011 Whinston and his team have been tracking where spam originates and reporting the results on SpamRankings.net, essentially a spam-shaming service. Image credit: Marsha Miller.

    In a world where Nigerian princes are always in need of a loan, easy weight loss can be found in a pill and free iPads are more plentiful than water it’s good to know that Longhorn Game Changer Andrew Whinston and his SpamRankings.net team have our back.

    If you see spam email as just another annoyance in our digital lives, think about this: Spam is often a sign that a computer system has been compromised, which puts your private information at risk.

    “Most spam is sent from computers compromised by botnets or phishing,” says Whinston, a professor with joint appointments in the Department of Information, Risk, and Operations Management, the Department of Economics, the School of Information and the Department of Computer Science. “The same security problems that let those problems in could be used for worse things, ranging from denial of service attacks to identity theft to blackmail to alteration of financial records.”

    Andrew Whinston is a prolific researcher in the McCombs School of Business and a pioneer in the field of e-commerce and consumer behaviors. He is the Hugh Roy Cullen Centennial Chair in Business Administration, John Newton Centennial IC2 Fellow and director of the Center for Research on Electronic Commerce.

    Since 2011 Whinston and his team have been tracking where spam originates and reporting the results on SpamRankings.net, essentially a spam-shaming service. The goal is to allow institutions, ranging from Internet companies to medical systems, to understand that they not only have a problem, but they also have an opportunity to fix it.

    “Traditional Internet security hasn’t worked for spam, which accounts for more than 90 percent of all email, and keeps coming back despite host takedowns, botnet takedowns, blocklists and other such measures,” Whinston told The Horn when the SpamRankings website launched. So we decided to try a different approach, one that would put reputational pressure on the organizations that let spam out; pressures that translate into economic incentives. Nobody wants to do business with a spam haven, so organizations that don’t stop outbound spam will have to consider what their customers think about that.”

    So far, it’s working. Most companies that find themselves on the SpamRankings.net site make it a priority to lower their ranking as fast as possible by tightening their security and implementing safeguards to keep them off the site in the future.

    Whinston will be honored as a Longhorn Game Changer at this Saturday’s football game. Keep an eye out for this clip on the video scoreboard:

    Additional reporting by Kim Brown (McCombs TODAY: UT Researchers Take Down Spam One Day at a Time).

    • Quote 2
      Darragh McCurragh said on Sept. 1 at 2:37 p.m.
      Thanks for mentioning SpamRankings.net which we hadn't heard of before. One of the problems with fighting spam is that spam, when looked at it by human eyes, is very often easily identifiable yet still eludes most pattern matching efforts, whether by fuzzy logic, neural networks, data mining or whatever. And IP addresses can be shared so it's not always fair to block an IP address only because it is (ab-) used by a "bad apple" too. One easy fix though to discourage the use or build-up of botnets etc. would be if providers (IP hosting, banks, credit card companies, anyone with a customer login) would not store the passwords on their servers. There is never any need to. It suffices to calculate a hash at the time the password is first negotiated (and at each renewal of course), then "throw away" the password on the server, store the hash only and each time the password is used for authentication re-calculate its hash and compare it to the stored hash. Since hashing works only "one-way", i.e. cannot be re-engineered to retrieve the password it is based on, this method immediately stops all password "theft".
    • Quote 2
      trebol arquitectura said on Aug. 29 at 3:59 a.m.
      A good article about spamming. should be safer methods that guarantees security from our systems as users. Most users who use e-commerce has great knowledge about web security / network and should be e intiuitivos soisticados methods for users to defend against these violations.
    Share:
    • Digg
    • del.icio.us
    • StumbleUpon
    • Facebook
    • Google Bookmarks
    • LinkedIn
    • Twitter
    • Print
    • email

    Related Topics

    , , ,