Understanding the role of sender reputation in abuse reporting and cleanup

F.O. Cetin, Mohammad Hanif Jhaveri, Carlos Gañán, Michel van Eeten, Tyler Moore

Research output: Contribution to journalArticleScientificpeer-review

22 Citations (Scopus)
128 Downloads (Pure)


Motivation: Participants on the front lines of abuse reporting have a variety of options to notify intermediaries and resource owners about abuse of their systems and services. These can include emails to personal messages to blacklists to machine-generated feeds. Recipients of these reports have to voluntarily act on this information. We know remarkably little about the factors that drive higher response rates to abuse reports. One such factor is the reputation of the sender. In this article, we present the first randomized controlled experiment into sender reputation. We used a private datafeed of Asprox-infected websites to issue notifications from three senders with different reputations: an individual, a university and an established anti-malware organization.

Results: We find that our detailed abuse reports significantly increase cleanup rates. Surprisingly, we find no evidence that sender reputation improves cleanup. We do see that the evasiveness of the attacker in hiding compromise can substantially hamper cleanup efforts. Furthermore, we find that the minority of hosting providers who viewed our cleanup advice webpage were much more likely to remediate infections than those who did not, but that website owners who viewed the advice fared no better.
Original languageEnglish
Pages (from-to)83-98
Number of pages16
JournalJournal of Cybersecurity
Issue number1
Publication statusPublished - 2016


  • abuse reporting
  • hosting providers
  • abuse handling
  • security economics


Dive into the research topics of 'Understanding the role of sender reputation in abuse reporting and cleanup'. Together they form a unique fingerprint.

Cite this