SpamMarc

It marks spam. Ya dingusSpamMarc is a project out of the University of Michigan class EECS 588 - Computer & Network Security.

We will be collecting some data for research purposes, none of it personally identifying, and none of which can be tied to you.

Specifically we will be collecting a field in your email headers called Authentication Results. The fields in the header only state the status of the authenticity of your email, and the authentication server that performed these checks, nothing about you or your email. The only additional thing we are sending is a timestamp of the email, and a hash of the email ID and your username (hashing is a one-way operation, thus no one can see or ever find out your username, or tie the data to you).

We send the data to our servers over HTTPS, which means it is encrypted and safe in transit as well.

In our preliminary findings, we’ve noted a large instance of authentication servers allowing email to hit users’ Inboxes that have failed authentication checks. This means that you, the user, may be receiving a spam or forged email that wasn’t caught by standard spam filters, and that it is not guaranteed to be coming from who it appears to be coming from.

We aim to use the data to identify the current state of email authentication in the wild, and present solutions for the future.

We will automatically stop data collecting at the end of our study, no later than May 31st 2017, but most likely earlier.