Antispam group targets transactions, not messages

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Email and the spammers are the least interesting part of the problem, says father-son team

By Cara Garretson | Framingham | Monday, 12 November, 2007

A father-son team that has dedicated time and energy to fighting spam says that as of today, it has shut down more than 50,000 websites that use unwanted messages to lure traffic.

The team, named KnujOn (pronounced "new john"; the word is "no junk" spelled backwards), has spent the last two years relentlessly following the links embedded in spam messages to determine what websites they point to, and has shut those illicit sites down.

"Email and the spammers are the least interesting part of the problem. We want to stop the transaction, to take down those platforms" from which consumers are buying fake luxury items and phony drugs — or worse yet, having their identity stolen, says Garth Bruen, the son in this two-man operation, who is based in Boston.

The organisation runs a website with 2,000 registered members and roughly 2,000 unregistered, casual users, the younger Bruen says. These users report spam to KnujOn by forwarding unwanted messages to email accounts run by the group, which then compiles information about the websites that the URL embedded in spam points to.

By collecting and analysing this information — to date the group has received 3 million to 4 million spam messages — Bruen says he can go after illicit sites where the crimes are being committed.

"We're building up a map of internet crime, figuring out who their benefactors are, where they are coming from, what networks they're running on and what products they're pushing," says Bruen, who has a background in criminal justice and software engineering.

Bruen won't talk much about how he gets these sites shut down, other than to say his methods are completely legal and require filling out many, many forms. Most ISPs will investigate reports of fraudulent websites operating on their networks and have the power to cease their operations if they determine them to be illicit.

Once these sites are shut down, spammers will have nothing to point consumers to and no one to pay them for sending out email, so the unwanted messages will slow to a trickle, Bruen says.

Bruen is highly sceptical of the efficacy of traditional antispam measures, such as content filters and reputation services, that put the emphasis on incoming email, instead of on the websites where the transactions are happening. "Spam filtering is just a high-tech way of ignoring the problem," he says, adding that email security companies should investigate which websites spam is sending recipients to, instead of trashing the unwanted messages. He's approached some vendors with his ideas, but says they're not interested.

Other organisations that rely on consumer reporting, such as SpamCop and The Spamhaus Project, focus on reporting spammers to the ISPs from which unwanted messages were sent, not on the websites being pointed to.

KnujOn isn't making a profit; the group recently began charging US$27 for an annual membership to its site, but that was mostly to weed out visitors who don't really intend to participate, as well as the spammers who were trying to infiltrate the operation, Bruen says.

Still, Bruen is confident that his approach is working. With a pool of only 4,000 members at most, the group has been able to collect as many as 4 million spam messages and has gathered information on 350,000 websites, he says, one-seventh of which he's already shut down. Once knocked offline, many of these sites pop back up at the same URL, which is why KnujOn continues to monitor URLs and re-reports sites that reappear.

A white paper explaining KnujOn's approach can be found here.