Antispam group targets transactions, not messages
- 12 November, 2007 07:55
A father-son team that has dedicated time and energy to fighting spam says that as of today, it has shut down more than 50,000 Web sites that use unwanted messages to lure traffic.
The team, named KnujOn (pronounced "new john"; the word is `no junk' spelled backwards), has spent the last two years relentlessly following the links embedded in spam messages to determine what Web sites they point to, and has shut those illicit sites down.
"E-mail and the spammers are the least interesting part of the problem. We want to stop the transaction, to take down those platforms" from which consumers are buying fake luxury items and phony drugs -- or worse yet, having their identity stolen, says Garth Bruen, the son in this two-man operation, who is based in Boston.
The organization runs a Web site with 2,000 registered members and roughly 2,000 unregistered, casual users, the younger Bruen says. These users report spam to KnujOn by forwarding unwanted messages to e-mail accounts run by the group, which then compiles information about the Web sites that the URL embedded in spam points to.
By collecting and analyzing this information -- to date the group has received 3 million to 4 million spam messages -- Bruen says he can go after illicit sites where the crimes are being committed.
"We're building up a map of Internet crime, figuring out who their benefactors are, where they are coming from, what networks they're running on and what products they're pushing," says Bruen, who has a background in criminal justice and software engineering.
Bruen won't talk much about how he gets these sites shut down, other than to say his methods are completely legal and require filling out many, many forms. Most ISPs will investigate reports of fraudulent Web sites operating on their networks and have the power to cease their operations if they determine them to be illicit.
Once these sites are shut down, spammers will have nothing to point consumers to and no one to pay them for sending out e-mail, so the unwanted messages will slow to a trickle, Bruen says.
Bruen is highly skeptical of the efficacy of traditional antispam measures, such as content filters and reputation services, that put the emphasis on incoming e-mail, instead of on the Web sites where the transactions are happening. "Spam filtering is just a high-tech way of ignoring the problem," he says, adding that e-mail security companies should investigate which Web sites spam is sending recipients to, instead of trashing the unwanted messages. He's approached some vendors with his ideas, but says they're not interested.
Other organizations that rely on consumer reporting, such as SpamCop and The Spamhaus Project, focus on reporting spammers to the ISPs from which unwanted messages were sent, not on the Web sites being pointed to.
KnujOn isn't making a profit; the group recently began charging US$27 for an annual membership to its site, but that was mostly to weed out visitors who don't really intend to participate, as well as the spammers who were trying to infiltrate the operation, Bruen says.
Still, Bruen is confident that his approach is working. With a pool of only 4,000 members at most, the group has been able to collect as many as 4 million spam messages and has gathered information on 350,000 Web sites, he says, one-seventh of which he's already shut down. Once knocked offline, many of these sites pop back up at the same URL, which is why KnujOn continues to monitor URLs and re-reports sites that reappear.
A white paper explaining KnujOn's approach can be found here.