I often characterize spam as a socially transmitted disease, because, well, it is. Without our computers, phones, and IOE (Internet of Everything) devices, we’d be faced with the grim task of actually knocking on a neighbors’ door for instructions on how to get rid of fruit flies. While that last statement might seem terribly arbitrary, it is in fact the first thing that appears in my Google-suggested list of ‘how tos,’ and isn’t that how we roll these days? Paper mail is a mere remnant of a glorious time when bills were received and paid using a strange yet elegantly sophisticated container known as an ‘envelope,’ and a seemingly single-minded currency known as a ‘stamp.’ That was the past, and we dance to a new tune now, eschewing vague notions of kitschy analogs like phones that plug into the wall in lieu of digital demigods that can receive your email and play Angry Birds.
But with great power comes great irritability. The good ol’ days of video tapes and floppy disks are a fading memory, and if you can’t put it in your pocket and take it with you, it’s not going to help you communicate in the digital age. Spam tells us that we’ve grown up, in a disconcerting way. After all, it wouldn’t exist without email, and it’s that symbiotic relationship that fuels Dr. Andrew Whinston. A professor at The University of Texas at Austin, Whinston might not be a household name, but he probably should be.
Even if you haven’t heard of Whinston, you’ve probably heard of his work, a site called SpamRankings.net. As the name suggests, SpamRankings.net is dedicated to the tracking of spam, where it’s coming from, and how it ranks against other spam. Since 2011, the Center for Research in Electronic Commerce at U of T has been hounding spam in an effort to give people like you and me a fighting chance at winning the war.
“Most spam is sent from computers compromised by botnets or phishing,” says Whinston, a professor with joint appointments in the Department of Information, Risk, and Operations Management, the Department of Economics, the School of Information and the Department of Computer Science. “The same security problems that let those problems in could be used for worse things, ranging from denial of service attacks to identity theft to blackmail to alteration of financial records.”
According to NetworkWorld.com, “SpamRankings.net is running experiments with its rankings, says Andrew Whinston, a professor at the Center for Research in Electronic Commerce at the UT business school. For example, it is ranking the biggest spammers in certain countries and publishing the list, but ranking them in other countries but keeping the list private. The experiment is meant to see whether the entities ranked publicly drop off the list faster than those for which there is no public ranking, Whinston says.”
SpamRankings.net provides daily information on changes in spam trends, and it appears to be working. “It worked for at least one medical center in California, according to the center’s CIO who spoke on the condition of anonymity. The CIO of the center contacted the CSO after it was ranked at the top of the top medical-profession spammers. “The CIO told me, ‘Get us off this list,’” the CSO says.”
But there’s more to it than identifying bad behavior and shaming companies. The team at SpamRankings.net take a holistic approach to spam as more than just a nuisance to end users. “The Spam Rankings project’s leaders hope you will recognize spam as more than annoying clutter. Far from a mere nuisance, they suggest, spam is the smoke that signals a dangerous fire. Spam at its worst poses a security threat and portends infection and theft.” We can understand that. We live it. In many ways, the threat has never been more imminent, as phishing has become more targeted and more malicious, delivering payloads that can have devastating effects. We’ve seen examples of financial institutions that have been compromised without knowing it. Major corporations are falling victim to information theft and/or DDoS attacks, and the spammers are getting smarter and more difficult to find.
So where does that leave us, vis-à-vis the hard work of Dr. Whinston and the SpamRankings.net team? It’s unlikely spam will be conquered in the foreseeable future, but these dedicated researchers are helping by clearing the field of unnecessary casualties. “The rankings do show that some organizations, including hospitals, have made dramatic improvements over a few months, with some appearing to have cleaned up their spambot problem entirely.”