Spam Propagation Risk Vector Ingrid ⇤ Compromised Systems Risk Category The Spam Propagation risk vector is composed of spambots, where a device on a company’s network is unsolicitedly sending commercial or bulk email (spam). If spam originates from email addresses or devices within a company’s network, this is an indication of an infection. If a company offers a bulk email-sending service, such as a digital marketing company that sends marketing material on behalf of their customers, they are excluded from this risk vector. These companies are identified with a “Bulk Email Sender” label on their company overview page. See data collection methods or the criteria for classifying findings as Spam Propagation. Risks Damage to a company’s reputation. Abuses company resources. Legitimate email from the company may be flagged as spam and will not reach its intended recipient. Increases the risk of additional malware entering organizational systems. Grading Compromised Systems risk vectors are graded in the same manner. They are weighted evenly across the risk category and have a lifetime of 180 days. Remediation Review Spam Propagation findings and track down infections. Conduct a thorough security review of the machine (malware & antivirus sweep). Review services used on the machine, harden firewall rules. Improve employee computer safety training (phishing, installing unapproved software). Finding Behavior User-requested rescans are not available for Compromised Systems risk vectors. As the negatively impacting finding gets older, you will gradually get points back. August 16, 2023: New Grading & Finding Behavior sections. May 8, 2020: Updated risk vector description. Related articles Malware Servers Risk Vector How is the Spam Propagation Risk Vector Observed? Botnet Infections Risk Vector Compromised Systems Risk Category Spam Propagation Finding Considerations Feedback 0 comments Please sign in to leave a comment.