Garth Bruen: Development, Database Administration, Webmaster, Presentations.

Dr. Robert Bruen: Systems Administration, Customer Support, Beta Testing, Research.

KnujOn Presentations

Documents

Project KnujOn - October 2007(PDF)

Bios and Contact

Articles and Commentary

Analysis: Crackdown on domain name crooks - SHAUN WATERMAN

WASHINGTON, May 29 (UPI) -- The non-profit association that oversees Internet addresses is trying to crack down on shady Web pages used by spammers and hackers... "It's a huge problem," said Burnette, declining to give more detailed figures on the numbers of registrants reported to have submitted inaccurate or incomplete information. "If we find that registrars are not investigating reports (of inaccurate or non-existent WHOIS data) as they are required to, our escalation procedure can ultimately result in their accreditation being terminated," effectively shutting them down, she said.

ICANN looks to lend a hand in spam fight (betanews.com)

"Worst Spam Offenders" Notified by ICANN

In order to clarify the system for dealing with incorrect “Whois” domain name registration information, and deal with community concern, ICANN is releasing the following information regarding its compliance work.

MARINA DEL REY, Calif.: ICANN has sent enforcement notices and notices of concern to certain registrars, including those reported this week as being the registrars for the majority of websites advertised in spam emails.

Earlier this week, an investigation by KnujOn, widely reported online, publicly identified 10 registrars as being the companies used to register the majority of domain names that have since appeared in spam email messages.

More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database.

With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains. To this end, a dedicated online system called the Whois Data Problem Report System (“WDPRS”) was developed in 2002 to receive and track such complaints.*

"ICANN sends, on average, over 75 enforcement notices per month following complaints from the community. We also conduct compliance audits to determine whether accredited registrars and registries are adhering to their contractual obligations," explained Stacy Burnette, Director of Compliance at ICANN.** "Infringing domain names are locked and websites removed every week through this system."

Although the majority of registrars offer excellent services and contribute to the highly competitive market for domains, ICANN’s compliance department has developed an escalation process to protect registrants and give registrars an opportunity to cure cited violations before ICANN commences the breach process.

However, while registrars are responsible for investigating claims of Whois inaccuracy, it is not fair to assume a registrar that sponsors spam-generating domain names is affiliated with the spam activity. A distinction must be made between registrars and an end user who chooses to use a particular domain name for illegitimate purposes.

"But if those registrars, including those publicly cited, do not investigate and correct alleged inaccuracies reported to ICANN, our escalation procedure can ultimately result in ICANN terminating their accreditation and preventing them from registering domain names," Ms Burnette said. (icann.org)

Most Spam Sites Tied to a Handful of Registrars - Brian Krebs

So who are the top 10 registrars most favored by spammers? You can see the list along with Knujon's methodology here. A few of the names on it are unsurprising simply by virtue of their market share. Number five -- Bellevue, Wash., based eNom -- is the second largest registrar, according to DomainTools's registrarstats.com. Number six -- Pompano Beach, Fla., based Moniker -- has the eighth largest market share among registrars.

But size doesn't explain most of the names on the list. The registrars that scored the worst overall - Xinnet Bei Gon Da Software, BEIJINGNN, and Todaynic -- are all located in China, and are 18th, 47th and 99th in terms of market share, respectively.

Perhaps the most interesting name on the list is number 7 - a registrar out of Broomfield, Colo., called Dynamic Dolphin. According to Knujon, more than 10 percent of the company's 45,000-plus domains have false WHOIS data, and more than 17 percent of the domains registered through the company have been observed being advertised through spam.

A bit of digging into Dynamic Dolphin revealed that it is owned by a company called CPA Empire, which in turn is owned by Media Breakaway LLC. Those of you who read this post a few weeks back will recognize this company: Its CEO is Scott Richter, a notorious, self-avowed spammer who claims to have quit the business. As I noted in that post, anti-spam groups claim that Media Breakaway recently hijacked more than 65,000 IP address for use in sending e-mail and hosting commercial Web sites.

Whittling spam down to a manageable level - William Jackson

A recent report by security software maker Symantec reveals that spam accounted for an average of 80 percent of traffic hitting e-mail gateways in April, spiking as high as 87 percent at times. That is a daunting figure, but Garth Bruen of KnujOn looks at the problem in a different way. According to a study being presented this week by KnujOn to the High Technology Crime Investigation Association, 90 percent of the illicit Web sites using spam to generate traffic are clustered on just 20 registrars — that is only 2.5 percent of the 800 registrars accredited by the Internet Corporation for Assigned Names and Numbers. That can make the spam problem seem almost manageable. (gcn.com)

Strategic Developer | Martin Heller: "20 registrars control 90% of illicit domains, says Knujon" (weblog.infoworld.com)

90% of the Illicit Sites Tracked by
KnujOn Clustered at 20 registrars

KnujOn Review and Promotion of Crimeware: Understanding New Attacks and Defenses, by Markus Jakobsson, Zulfikar Ramzan

“This book is the most current and comprehensive analysis of the state of Internet security threats right now. The review of current issues and predictions about problems years away are critical for truly understanding crimeware. Every concerned person should have a copy and use it for reference.”

—Garth Bruen, Project KnujOn Designer

A cure for spam: Attack the cause, not the symptoms - William Jackson

LIKE MOST OF US, computer programmer Garth Bruen doesn’t like spam, phishing e-mails or the other forms of junk that fill up his inbox. Unlike most of us, he is doing something about it. Filtering doesn’t work, he said. We have been filtering e-mail for years, and today, spam accounts for anywhere from 70 percent to 90 percent of all e-mail traffic, according to the best estimates. And although there have been some successful prosecutions, laws don’t seem to be helping much. The Can-Spam law makes it illegal to send unidentified, misidentified or misleading e-mail advertisements and provides civil and criminal penalties for spammers, but since it went into effect in 2004, the volume of junk mail has tripled. The problem, Bruen said, is not spam itself. Spam is a symptom. (gcn.com)

Fink on spammers to get better results - Mark Hall

Since 2005 Knujon has shut down more than 50,000 Web sites on behalf of its customers. (blogs.computerworld.com)

Project Knujon Shuts Down More Than 50,000 Illicit Websites - Stefanie Hoffman

Project Knujon, or no junk spelled backwards, does the work that many other organizations have shied away from -- collecting and sorting through millions of spam messages submitted by the public, and then shutting down the illicit Websites. Since 2005, Project Knujon has shut down more than 50,000 fraudulent Websites. (crn.com)

KnujOn takes the spam fight to the enemy - Neil Roiter

“Filtering and blocking tactics are failing,” says Bruen. “It’s actually making the problem worse. Even if 90 percent of the messages are being filtered, the small percentage that aren’t keeps them in business.” For example, a Consumer Reports survey published in September estimated that 650,000 people had purchased products or services offered via spam in a single month. (security.blogs.techtarget.com)

Antispam group targets transactions, not messages - Cara Garretson

A father-son team that has dedicated time and energy to fighting spam says that as of today, it has shut down more than 50,000 Web sites that use unwanted messages to lure traffic. (networkworld.com)

Is the fight against spam horribly misguided? - Robert McMillan

"Over the past four years, Bruen has tried to move the fight to a new front with his project KnujOn (that's No Junk backwards, for those who aren't into word games), which has helped shut down more than 30,000 spammer Web sites. The project asks volunteers to send in their spam, and it uses these submissions to build a large database linking sites to known spammers. To date, it has helped take down more than 32,000 of these junk mail sites." (abcnews.go.com)

It's about compressing the time interval that a spam bot network has between starting their campaign with an email blast and ending it by taking the url out of service. If their actions cut the useful life of a spam campaign, it affects spammers in two ways:a. makes ISPs more capable of adopting policies that make it hard for spammer sites, perhaps slowing the frequency of spam campaigns; b. cuts revenue from the spam campaign since lots of clicks will not be satisfied with a working website. (networkworld.com)

The Spam Index is the first method for factoring a users' actual experience in assessing the effectiveness of various anti-spam technologies. Based on the experience of over 520 business users, the users of challenge-response technology have the lowest average Spam Index, the most consistent Spam Index and the highest user satisfaction with the email experience. (brockmann.com)

Over the past four years, [Knujon] has tried to move the fight to a new front..., which has helped shut down more than 30,000 spammer Web sites. The project asks volunteers to send in their spam, and it uses these submissions to ... take down more than 32,000 of these junk mail sites.(networkworld.com)

“It is a total cliché to say this is a wake-up call for financial institutions and other companies,” Bruen says. “They all got their wake-up call five years ago. Some of them are still walking around looking for the coffee pot.”

For those smaller institutions out there reassuring themselves that they can’t possibly be a data breach victim, Bruen advises: Think again. “Is anyone a target? The answer is pretty much yes. As a business person, you’re not looking at it from a criminal’s perspective. You’d be surprised to know what they think is valuable.”

Bruen sees many smaller firms and institutions targeted by hackers, mainly because those companies don’t have the security perimeter built up as larger companies do. “You may not be a major bank, but a smaller bank, or a tiny loan servicer -- you’re still a target,” he adds. Third-party service providers that handle your operations are also possible targets. (bankinfosecurity.com)

While all of these techniques used by vendors do a lot to buffet the onslaught of new spam methods, some experts believe there is a major flaw in this approach...KnujOn says that the prevailing antispam lines of defense are only treating the symptoms of the real problem. “Beyond the analysis, you have to ask a simple question. What do the spammers want?” he says. “In addition to looking at the technical aspects of spam we have to look at what’s driving spam, what’s enabling it in the world of crime. We have to partner up with global initiatives to stop traffic of counterfeit goods and pharmaceuticals across international borders. You have to push the issue with your government and say this is an important problem and we’re also concerned about the problems behind it. And you have to provide law enforcement with actionable information.” (bankinfosecurity.com)

“Reporting fraud works. I can’t stress this enough. The Securities and Exchange Commission (SEC) has suspended trading of stocks featured in spam and frozen assets of those profiting from market manipulation. The CastleCops’ Phishing Incident Reporting and Termination (PIRT) project has shut down thousands of fake bank websites. The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) have issued millions of dollars in fines for unwanted faxes. Knujon has shutdown more than 22,000 spam websites. Every single one of these success happened because people took the time to report,” (bankinfosecurity.com)

A number of organizations are fighting spammers and phishers proactively, including KnujOn and Castle Cops. I suspect that I'll write about some of them in future postings. (weblog.infoworld.com)

When I wrote about Knujon last Thursday, I didn't realize that I'd been watching a confirmation of their principles in my own attempts to control junk email. If you read the white paper referenced in Garth Bruen's email, you'll see that Knujon has been maintaining for 4 years that filtering email is the wrong solution for the wrong battle, and that a block and delete strategy just makes the problem worse. This reminds me of the rise of superbugs. (weblog.infoworld.com)

Knujon has a solution that might prove fruitful, though. It focuses on the sites that spammers use to peddle their wares. So far, it has removed more than 30,000 sites affiliated with spammers. How will this stop spammers? If they can’t sell their products, there’s no point in spam. (komando.com)

The three finalist prizes of $1,000 each were presented to Cold Rain Technologies, owned by Robert Bruen of Wilmington, for producing, developing, and marketing KnujOn, a system developed by his son Garth Bruen for shutting down junk e-mail and e-fraud websites. (bdccbusinessplancompetition.com)

Instead of tolerating spam and just using all sorts of filters to protect ourselves from it, we should attack spam and take it down. For example, spam doesn't just pop up by itself – it's all being sent either from sites, either from botnets. So, what needs to be done is track spam down and then just kill whatever spawns it. Why just avoid it, when you can destroy it? (softpedia.com)

Knujon wins Linksgiving.com Weekly Link Award

All Web sites of our user-submitted link collection are of unique interest and value. Being featured in it, that already means receiving an award from one's own visitors. In addition, in January 2002 we created the Weekly Link Award for listed Web sites that distinguish themselves for originality of concept, easiness of navigation, pleasant design, clarity and completeness of information, browser-independent accessibility, and that give visitors the sensation to really have found what they are looking for, make them feel at home and want to come back again, give a considerable contribution to the Internet community. Only a "giving" site that enphasizes those qualities, a "gemstone" in our precious collection, can win the Weekly Link Award. The prestige of the Weekly Link Award is increased by the fact that it is not possible to directly apply for it and that only a Web site a week may receive it. (linksgiving.com)

Knujon.com Privacy Policy

KnujOn.com does not force cookies, software downloads, or use any tracking software. No personal client information is stored on Knujon.com

Knujon.com will not harvest, distribute, publish, sell, or share the email addresses or personal information of our clients.

Because of the unique nature of this project, Knujon.com may require the use of email addresses for the purpose removing those email addresses from databases and lists, but only for this purpose. The persons or organizations contacted already have your address and will be tracked to ensure that the email address is removed.

Contact: contact@knujon.com

Questions about Knujon

1. What is KnujOn?
2. What does KnujOn do?
3. I already have a spam filter/blocker, why do I need KnujOn?
4. How is KnujOn different from current anti-spam programs?
5. Does KnujOn practice hacking or use denial of service attacks?
6. Does KnujOn spam the spammers?
7. Is it intended to replace my spam filter/blocker?
8. Can I use KnujOn for my personal email?
9. Could KnujOn be improperly used against legitimate sites?
10. Do you only take some kinds of junk mail?
11. Are you out to get all email marketing?
12. What steps do you take to protect inocent parties?
13. Are you out to stop on-line pornography?
14. Are you out to stop on-line gambling?
15. What is a "multi-tiered" approach?
16. Does KnujOn use blackholes or blacklists?
17. What is the relationship between Knujon.com and Coldrain.net?
18. What is the relationship between Knujon.com and Thunderbird?
19. What is the relationship between Knujon.com and MailWasher?
20. What is the relationship between Knujon.com and SpamCop?
21. What is the relationship between Knujon.com and CastleCops?
22. What is the relationship between Knujon.com and Triade systems?
23. What is the relationship between Knujon.com and Okopipi/BlueFrog?
24. How are you funded?
25. Are you a real company?


Questions about membership/reports

26. Can I send you my junk mail?
27. How do I join?
28. How much is a KnujOn membership?
29. Is there software to download or maintain?
30. I sent junk mail but it was rejected, why?
31. Do you need full headers?
32. Does Knujon provide any other submission method besides email forwarding?
33. I joined but I have not received any information, why?
34. I joined but I have not received a report, why?
35. I received a report but it was empty, why?
36. There is a legitimate site in my report, why?
37. What is a suspension or shutdown?
38. If I am already reporting to another anti-spam service should I stop and only send to Knujon?
39. What is difference between yourjunk@knujon.com, knujon_us@yahoo.com, knujon@coldrain.net and other addresses?


Questions about junk mail and spam in general

40. What is spoofing?
41. How do junk mailers get email addresses?
42. Why does "unsubscribe" not work?
43. What about laws that make spam illegal?
44. What about recent arrests and lawsuits?
45. What about improvements in content filtering?
46. How serious is the junk mail problem?
47. What are the problems with current strategies?
48. How is junk mail different from legitimate marketing through email?


Other, Miscelaneous

49. What is a forensic tool?
50. How do I get access to the CastleCops forum?
51. How can I post something in your News section?
52. Why doesn't KnujOn tell its members to us the opt-out in our emails?

What is KnujOn?
KnujOn is a completely new approach to the ever-growing junk email problem. KnujOn is a multi-tiered response to Internet threats.

I already have a spam filter/blocker, why do I need KnujOn?
Filters and blockers stop spam from reaching mailboxes but do not actually stop the flow of spam. The messages pile up and must be reviewed and deleted.

How is KnujOn different from current anti-spam programs?
Filters and blockers search emails for keywords and other content that flag messages as possible junk mail and then divert the email to a quarantine area for review or deletion. KnujOn takes the junk email and uses it to track and stop the sources of the junk.

What does KnujOn do?
KnujOn is a policy enforcement engine. KnujOn has a powerful records interface that can also be used a forensic tool. KnujOn sorts through thousands of emails and profiles vast e-fraud operations so they can be shared with law enforcement and financial instutions.

Does KnujOn practice hacking or use denial of service attacks?
No. KnujOn is a policy enforcement, reporting and tracking tool.

Does KnujOn spam the spammers?
Absolutely not. We contact junk mailers in proportion to what they send out to our clients. Internet criminals will often accuse us of spamming them because we sent one or two opt-out messages on behalf of a client. It is a garbage tactic for them to play the victim.

How is junk mail different from legitimate marketing through email?
Junk mail companies use spoofing to conceal their identity. Legitimate marketing companies typically follow accepted privacy practices and honor removal requests.

What is spoofing?
Spoofing is a technique of forging an email address to hide where it truly came from. Email headers may be modified to insert bogus "From" information.

What is a forensic tool?
A forensic tool is something that gathers and sorts data so it can be used in investigations or as evidence.

How much is a KnujOn membership?
Free, but we welcome donations

Is it intended to replace my spam filter/blocker?
KnujOn is designed to work with your current email protection or alone.

Can I use KnujOn for my personal email?
Yes, KnujOn.com personal service is available: More information.

Could KnujOn be improperly used against legitimate sites?
KnujOn processes junk mail and reports sites that do not comply with rules and regulations. Legitimate sites are not affected. In addition, .gov, .mil, and .edu sites are exempt. KnujOn will not run policy enforcement against charities or polictical organizations.

How do junk mailers get email addresses?
There are several methods. One is simply buying lists of emails from on-line companies. If you have purchased something on-lie, you may get junk mail. Junk mailers also have programs that scan the Internet for email address posted on web pages. Because of this certain people have warned against posting emails on web pages but I think this voids a vital purpose of the Internet, namely communication. Everyone should be able to post their email somewhere without worrying about junk mail, and to help we designed KnujOn! A third common method to send junk mail to range of possible addresses until a match is found. For example: aaa@hotmail.com, aab@hotmail, aac@hotmail... You may have received junk mail with various spellings of your name in the distribution list. One of the worst ways to harvest addresses is through viruses. Some viruses(trojans, spyware) infect email software and steal your contacts list. But with KnujOn, these individuals can be found and shut down.

Why does "unsubscribe" not work?
There are many legitimate companies who adhere to requests to unsubscribe. Spammers don't care, they ignore unsubscribe requests.

What about laws that make spam illegal?
Making junk mail illegal may sound like a good idea, but it will not solve the problem. Many Junk Mailers are in foreign countries and cannot be touched by U.S. laws. Spammers also conceal their identities making it very difficult track where the email is coming from. Since the CAN-SPAM Act has gone into effect the junk mail levels have trippled.

What about recent arrests and lawsuits?
These government actions are the result of extensive investigations taking months of man-hours and unknown amounts of taxpayer dollars. Their efforts should be lauded, but this is just the tip of the iceberg. To expend these resources for every junk mailer would be an extremely expensive venture. This tactic would be ineffective against junk mailers in other countries.

What about improvements in content filtering?
The developers of content filtering software have come up with some truly amazing innovations. Unfortunately, the junk mailers are constantly finding ways to bypass the filtering. What if you work in a pharmacy and you have a legitimate reason to send email with "Viagra" in the content? Recently, a version of the sober virus sent millions of junk emails in German. None of these emails contained English words that were on block lists, but they had violent sexual language in German. The emails bypassed blocking.

How much of a problem is junk mail?
Recent studies show that 90% of all email traffic is junk spam. AOL reports that their users receive 10 million junk messages every day. Some studies estimate that U.S. employees lose 3.1% of their day dealing with junk mail, that is about one and a quarter hours per week, over 300 hours per year.

What are the problems with current strategies?

• Use a filter or blocker program
  Most networks use some kind of spam blocker or filter. These programs effectively keep junk mail from reaching mailboxes but they also block some legitimate mail and allow bad messages to get through. Blocking and filtering do not stop the problem, only delay it. Why Content Blocking Does Not Work.
  
  
• Don't post your email address on web pages
  While spammers do use programs that harvest emails from web pages they also obtain lists from other spammers and send junk to random emails until they get a hit. This strategy also violates the point of the Internet, communication. Why should we hide from them?
  
  
• Use temporary email addresses and dump them when spam shows up
  Sounds like they have you on the run.
  
  
• Never buy anything from a company that spams
  I totally agree. However, they will still make money from a minority of people and keep spamming everyone. Also, believe it or not legitimate on-line companies sell your address to spammers.
  
  
• Hack the spammers
  Lots of work and now you are breaking the law too.
  
  
• Sue the spammers
  Expensive. Time-consuming. Limited results.
  
  
• Pass laws that make spamming illegal
  Speeding is illegal, people still do it. Try enforcing these laws in foreign countries.
  
  
• Code verification
  Many email services will display a random set of non-ascii(images) letters and numbers for a user to enter in order to verify that a real person is sending email and not a script hacking a mail account. This is clever concept but it wont stop them.
  
  
• SMTP relay limits
  Many mail hosts will limit the amount of mail that can be sent to 500 or 250 emails per day per email address. However, if a spammer has 10 sites with 100 email accounts on each they can send half a million emails per day.
  
  

Can I send you my junk mail?
Yes, send it to: nonregistered@coldrain.net, OR use one of the specific addresses listed here: Instructions for sending email, OR become a member.

How do I join?
Register Here.

I sent junk mail but it was rejected, why?
Because of various levels of filters and firewalls junk mail forwarding may be blocked. Registered users should not experience problems forwarding email. Check here for more forwarding options.

Do you need full headers?
Full headers are not needed. Our procedures do not require full headers at this time. If your email client already expands the headers this is fine, there is no need to alter your options before forwarding email to us.

Does Knujon provide any other submission method besides email forwarding?
Yes, we have a bulk file upload interface for members, read more.

I joined but I have not received any information, why?
Knujon carefully vets every application to keep Internet criminals out, it can be a lenthy and time-consuming process.

I joined but I have not received a report, why?
The reports are cumulative and take a week or two to build up.

I received a report but it was empty, why?
There could be many reasons for this. If you are new member it is possible we have not processed your submissions yet.

There is a legitimate site in my report, why?
Legitimate sites are often victims of spoofing. Please contact us about this so we can investigate.

What is a suspension or shutdown?
This means that a site has lost its hosting, registration, is blocked in some way, or has suffered some kind of procedural action.

What is the relationship between Knujon.com and Coldrain.net?
Knujon.com and Coldrain.net are partners in this project.

What is the relationship between Knujon.com and Thunderbird?
Thunderbird is a free email program distributed by Mozilla. There are a variety of Thuderbird extensions available that forward email to Knujon but there is no financial or organizational connection.

What is the relationship between Knujon.com and MailWasher?
There are various ways to forward junk mail to Knujon from MailWasher but there is no financial or organizational connection.

What is the relationship between Knujon.com and SpamCop?
There are various ways to forward junk mail to Knujon from SpamCop through MailWasher but there is no financial or organizational connection.

What is the relationship between Knujon.com and CastleCops?
CastleCops hosted 2 forums for Knujon until the service ceased. We were big supporters of their efforts.

What is the relationship between Knujon.com and Triade systems?
Triade systems systems has created a Python script that forwards junk mail to Knujon from Gmail but there is no financial or organizational connection to Triade or Gmail.

What is the relationship between Knujon.com and Okopipi/BlueFrog?
Okopipi is an open-source version of BlueFrog. Many Okopipi users forward email to Knujon through various methods but there is no financial or organizational connection.

How are you funded?
Our funding is entierly private at the moment, but this may change in the future.

Are you a real company?
Coldrain Technologies and Knujon.com are legally registered corporations in the United States.

How do I get access to the CastleCops forum?
CastleCops is closed, they are no longer hosting forums or accepting members.

There is new Knujon forum on LinkedIn

What is difference between yourjunk@knujon.com, knujon_us@yahoo.com and other addresses?
knujon_us@yahoo.com was the original reporting and contact email address for this project when it was in its beginning stages. When Knujon.com was launched, the reporting address became yourjunk@knujon.com and the contact address became contact@knujon.com. Because of issues with our IP many users experienced problems forwarding junk mail to yourjunk@knujon.com so we offered knujon_us@yahoo.com as a temporary alternative while we found a permanent solution. Registered users are now issued a rejection-free address to report junk to. yourjunk@knujon.com is still valid and junk sent there will be processed. We would prefer that knujon_us@yahoo.com no longer be used. Email forwarded to knujon_us@yahoo.com will still be processed but it takes more time. We understand that many users have automated the reporting and that a complete switch-over will take time.

Do you only take some kinds of junk mail?
No, we take it all. Spam, phishing, stock junk, "awards", "degrees", Rx, unsolicited pornography, mortgage offers, software offers, whatever. Instructions for sending email.

Are you out to get all email marketing?
No, only unwanted and fraudulent email. We believe that the marketing industry has been unfairly tainted by online scams.

If I am already reporting to another anti-spam service, should I stop and only send to Knujon?
No, we want the effort maximized. Report to anyone who will listen.

What steps do you take to protect innocent parties?
We are well aware of the extent cyber criminals will go trick, defraud and embarrass lawful organizations and companies and Knujon.com makes every effort to protect the innocent. Even Knujon.com has been a victim of spoofing. The first thing to be aware of is that all .EDU, .GOV, and .MIL sites are exempt from this process. Secondly, we have an enormous list of trusted sites that include legitimate companies, news services, non-profit organizations, banks, and other entities. Email reported to Knujon with any information relating to these sites is treated as a phishing or smear attack and we cooperate with innocent parties to report and stop the potential fraud. We encourage all site admins who have been victimized by phishing to register with out Alert System.

Are you out to stop on-line pornography?
No, with two exceptions: porn pushed through junk email and evidence of child sexual exploitation. We will do everything in our power to report crimes against children and cooperate with authorities to ensure that the perpetrators are prosecuted to the fullest extent of the law.

Are you out to stop on-line gambling?
Not specifically. Lotteries, racetracks and casinos exist all over the world. Some believe it is personal choice others a menace. The online gambling issue is a complex and controversial subject that KnujOn does not intend to address at this time. However, we will address unwanted gambling-related emails.

What is a "multi-tiered" approach?
Rather than relying on a single method KnujOn has developed a toolbox of procedures that address junk email on many levels.

Does KnujOn use blackholes or blacklists?
KnujOn does not use or maintain blacklists or blackholes.

Is there software to download or maintain?
No. There are extensions and add-ons for email software that make it easier to report to KnujOn but there is no "KnujOn" software to install.

History and Philosophy

When this project started we did not look at any other methods being used to handle junk mail. We started from point zero and examined the entire problem from top to bottom before trying to write any code. Assumptions were thrown out and our theories and philosophies were developed and applied manually on a very small scale. The manual process was tedious but effective so portions of it were automated. Once again, we applied this on a very small scale and gradually expanded it, modifying and enhancing throughout. The process continues to evolve and expand. Part of the development involved identifying mistakes being made on the Internet in terms of dealing with spam.

Mistake 2. Encouraging end users and corporate networks to delete junk email

In complete contradiction with the general assumption that fraud attempts should be reported to authorities, email users have been in fact told to ignore and delete fraudulent emails. The assumption being that if we ignore it, it will eventually go away. This naively assumes there is no real criminal threat behind the emails.

Mistake 3. Viewing junk email as the primary issue

The central dialog in the anti-spam community has been about stopping the email and not investigating the motivations or persons behind the email. Here it is assumed that junk email is the one and only issue whereas it is just one part of the larger problem of electronic fraud which includes hacking, network hijacking, spoofing, ID theft and industrial espionage.

Mistake 4. Relying solely on technical solutions

Most of the offered solutions to spam have been technical in nature: content filtering, quarantining, relay limits, certificate-based email, header tracing. This assumes that the junk mailers and on-line criminals will not find ways to defeat new security measures.

Mistake 5. Categorizing junk email as an annoyance

The threat of electronic fraud through email has only recently been taken more seriously. Initial assessments of the spam problem approached the issue as if it were just an annoyance and not a gateway for fraud and exploitation. When the problem started it was often asserted that the recipient of junk was to blame, that they had signed up pornographic sites or other services. We now know it is possible to get spam in mailboxes that are never even used.

Our biggest beef is probably with the “Block and Delete” approach. Relying on blockers and filters makes the problem worse. Organizations and personal email users are blocking/filtering/quarantining millions of junk emails every day. This is to the advantage of spammers as it allows them to target the most vulnerable users who do not have filtering software or technical savvy. Beneath the protected networks is a wide-open "pushdown" network full of potential victims waiting to be scammed. It's called "pushdown" because we have all created it by pushing down the junk through blocking, filtering, and deleting. This is another reason why content blocking alone will not solve the problem. While you and I may be protected, those without protection are allowing their PCs to turn into zombies and bringing infected files onto office networks. These people may end up being victims of fraud or identity theft and this affects all of us.

Besides helping the junk mailers and identity thieves find their target audience, we are restricting our own use of email. Many networks no longer allow HTML content, images or file attachments. This is unacceptable since email is a communication tool and should not limited because of a minority of people who won’t play by the rules. Filters have dictionaries of words that will result in email quarantines, but often completely legitimate emails are blocked and bad emails pass through. There may be valid reasons to send an email with “Viagra” in the text but it is becoming impossible. Newsletters and legitimate marketing have been lumped in with junk messages and ignored by those who might otherwise benefit from the information.

Of course many may recoil in horror at the thought of turning off the filters and leaving networks exposed, but we are not proposing that. We are proposing that something be done after it has been blocked, filtered, or quarantined. Knujon is an end process, and we encourage everyone to have an end process for junk mail. If you don’t want to report it to us, report it somewhere: spamcop, spamhaus, ftc, your ISP.

Because the spam problem has many dimensions, a solution that addresses each one is required. Blocking and filtering are not proper solutions for law enforcement or computer security professionals since they only serve to hide the problem and force the activity to an underground network. Ordinary users must sift through hundreds of quarantined junk emails everyday to search for legitimate messages.

We do not require that our users know anything about spam or e-fraud(although many do), just forward the junk mail to us. This takes away much of the end user exhaustion of reporting junk mail. In addition this encourages users to report and not delete.

Structure

There is no software to download, install, or update for Knujon. Therefore, there is nothing that ties a particular user’s computer or Internet browser to the project and no live connection. There are no databases, executables, or any live process running on knujon.com. The core process run off-line. We had assumed from the beginning that denial of service attacks and intrusion attempts were inevitable so our site only has static content and information. Brining the site down will not stop the process from running.

The Knujon process is currently only running in one location, but it is designed in a very portable format and copies could possibly be run from 12 or 100 locations(call them “franchises” if you want). A distributed system such as this would be nearly impossible to disrupt.

Funding

At the moment this is an all-volunteer project and our costs are surprisingly low. While we may recommend some anti-spyware or anti-virus packages we have tested we have no advertising. As conditions change and the project gets bigger this may change but we are serious about addressing the issue.

Problems with Email Forwarding

This is a complex issue that there are no easy answers to. We appreciate and understand the frustration experienced in forwarding mail only to have it rejected.

We do not run our own mail server and it is not because we don’t know how, it is because not running it has certain benefits. We did request that the filters be lifted for our submission mailbox and that request was denied. This is not the end, we will continue weigh the options and develop alternatives.

Why are some emails rejected and others not? There are many reasons. To start with the filtering is based on a list of blacklisted sites received from spamhaus, if an email contains one of these links it will probably be rejected. In addition, if you are using webmail like yahoo or gmail the junk has already been marked as such. When forwarding it the added flags make it harder receive. The irony here is that you have no problem receiving the original mail, but you cant report it. Outgoing mail servers will also sometimes prevent junk mail from being forwarded but this is rare.

This situation is further complicated by unique problems experienced by submitters. In some cases sending multiple emails as attachments

The good news: We ran a test this week and individually forwarded 100 junk mail messages from standard webmail account and only 7 were rejected. This seems to be the case for most of our submitters. We are getting tons of junk from the people who have signed up this week. The problem with forwarding emails with non-western characters has also been resolved; if you receive this error please forward the error to us.

This may not be the answer you wanted to hear, but we are aware of the problem and it will be addressed.

Reports

Some of you have been wondering: “I’ve been submitting samples, where are the reports?” They are issued weekly, usually on Monday unless there is a holiday or a technical problem.

Delays in Processing New Members

Most savvy Internet users are used to signing up for a service and then immediately receiving information and access. Knujon attempts to validate applicants before approving which takes some time. In addition to this we have had an increased volume this week.

In general we are delighted to have the interest from CaslteCops and former Blue Security users. Thank you.

Results

We structured the test in a controlled manner. Out of 350 email accounts within the organization, we selected 3 of the top recipients of junk mail and left the others alone. Each morning we would dump the collected junk mail from these three mailboxes into the program.

During the first test week(5 business days) the program returned 393 junk messages to the original sender and filed 72 complaints.

As a result, all three of these mailboxes moved down in the list of top receivers of junk mail, one dropped out of the top ten.

27 sites sent apologies and removed us from their lists. Note that these sites previously ignored requests to unsubscribe.

Several administrators noted that a spammer had been using their web content without permission and thanked us for alerting them.

During week 2 the program returned 576 junk messages (the 3 mail mailboxes did not get more mail this week, we were still working bugs out of the program and were able to process more mail the second week without errors). By the third week the program returned 184 messages. Why did it return fewer messages? The number of incoming messages dropped by one-half.

This program is designed to reduce the junk mail over time so we had to wait about a month for the results of the complaints. Of the 72 complaints from the first week 9 sites had their registrations revoked or were dumped by their hosting sponsors, and 10 were suspended pending review. The other 53 sites stopped sending us email.

In the following 3 weeks more junk was returned and more complaints were filed. In addition we have gathered an amazing amount of data on junk mail sites.

We have now ended the first phase of our testing and have expanded to more mailboxes. The program is now returning thousands and thousands of emails every day and filing hundreds of complaints. The complaint results for the first month have not yet been complied, but we are estimating the suspension or shutdown of dozens of sites.

As indicated at the top, there are nearly 100 shutdowns or suspensions based reports filed during the first month. The program filed an average of 60 reports a week, the program is now filing an average of 90 per day. The tally for suspensions and shutdowns at the end of May are expected to be over 500. KnujOn has also revealed the identity of some email scammers(phishing) and forwarded those that information to the companies being impersonated.

The total amount of Junk Mail is continuing to drop on our network. Mailboxes that received over 100 junk messages per day are now receiving less than 10.

Please note that this is based on a handfull of email accounts on just one network. Expanding the use of KnujOn should result in a dramatic change across the Internet.

Initial Results 2003 - March 2005

This is an overview of the results so far. The results are somewhat general and summary. To provide daily or weekly results would not be helpful because the program has been improved multiple times since it went into live testing, which allowed more emails to be processed without error. The number of participants has also changed, increasing the volume. A second round of testing with fresh participants and a completed program would be required for more precise results.

Pending or Completed Suspensions: 179. This is a sample list of 20 sites that can no longer be found on the Internet:

kr3.net
l0ss.com
lc5.net
netaparty.com
pharmzod.com
weighedinatmore.com
qwild.com
vlc0.com
t0p9.com
rz3e23fzf.com
wak3.com
netacheck.com
vaigra.net
aboutanyotherform.com
ak2two.com
housepharm.com
comforstop.com
ghhgkenb.net
hycod.com
ambein.net

These are some sample emails I have received from administrators who took us off their lists voluntarily. Please note that these junk mailers had previously ignored unsubscribe requests or attempted to conceal their identities(the real names have been removed because they cooperated with us).

-----Original Message-----
From: Jeff [mailto:jeff@xxxxxxxxxxxxxxx.com]
Sent: Friday, April 22, 2005 2:35 PM
Subject: Re: xxxxxxxxxxx.com

Hi,

i just deleted 2 address. You may get one from us today but if you get any more in 
the future please let me know and i will take care of it.

Best,
Jeff

-----Original Message-----
From: Bill XXXXX [mailto:billXXXXX@XXXXXXX.com]
Sent: Thursday, February 24, 2005 5:59 PM
Subject: XXXXX.com
We have unsubscribed all your email addresses from our list.  
It may take a day or two to take effect as some emails may be in process.

-----Original Message-----
From: xxxxxxxxxxxe.com Support [mailto:support@xxxxxx.com]
Sent: Friday, April 15, 2005 12:21 PM
Subject: Re: xxxxxx.com - Ticket id (192142)

Hello,

Thanks for your email. We have found the domain name and account you listed to be 
taking part in spamming activities and have therefore disabled their domain names 
and account. Thank you for your help in this matter.

If we can be of any further assistance, don't hesitate to contact us. Thank you 
for choosing xxxxxxxxx.com.

Sincerely,
support@xxxxxxxxxxx.com

I have 73 messages similar to these 3.

Phishing and Content Hijacking

Some completely innocent parties have been caught up in this and our program allows them to be alerted. Here is one response:

-----Original Message-----
From: Andras XXXXXXXX [mailto:andras.xxxxxxxxxxx@xxxxxxxxxxxx.com]
Sent: Thursday, February 24, 2005 10:43 AM
Subject: Re: FW: xxxxxxxxxxx.com

Hi!

My name is Andras XXXXXXXXXXX; I am in charge of the XXXXXXXXXXXXXX.com domain. 
Your e-mail to Phillip XXXXXXXX was forwarded to me.

The spam you are complaining about did not come from us; it came from leads-for-less.com.  
They are apparently using our content without permission, and they will hear from our 
lawyers about that soon. They are offering the removeme@leads-for-less.com address for 
removals, although I have no way of knowing whether they will in fact honor your request.

I have checked our own mailing lists and found none of your  addresses on them.

If you have any questions or concerns, send me an e-mail or give me a call.

The KnujOn process works over time, results are not immediate. The earliest adopters have seen the most benefit. Many of our original members receive little or no junk email. The process seems to work best if clients report as much of their junk email as possible.

General Notes about membership:

• You can forward from multiple accounts
• No limit to the amount forwarded
• Non-spam sites in reports can be removed by notifying us at contact@knujon.com, updated report interface will make this easier
• It is possible to change the report notice frequency, your contact address and other preferences within the report
• Reports are not per-email or per-item reports, but rather reflect the frequency certain sites appear in your submissions(this may change)
• Results vary and can take time to notice a difference in you spam volume
• Not every submitted message is reflected in the reports, but every message is processed(this may change)

Terms

As a participant in the Knujon.com project I agree to send my junk email to a designated address. All forwarded emails become the property of Knujon.com. I also agree to supply periodic feedback to Knujon.com via occasional questionnaires. I also understand that email I forward to Knujon.com may also be sent to bank security departments, credit card fraud investigators, Internet service providers, and law enforcement agencies. I also release Knujon.com and Coldrain.net from any liability that may arise as the result of procedural actions against websites or entities for which Knujon is handling complaints on my behalf. I will not submit legitimate newsletters I signed up for as junk mail. In addition I affirm that I myself am not a spammer or engaged in any kind of electronic fraud. All reports distributed to me by Knujon.com are for my own personal use and I will not re-distribute them. I may elect to be excused from the Knujon membership at any time by sending an email to contact@knujon.com stating "Please remove me from knujon". I also understand that Knujon may terminate my membership at any time for any reason.

Knujon.com will not harvest, distribute, publish, sell, or share the email addresses or personal information of our clients. Because of the unique nature of this project, Knujon.com may require the use of email addresses for the purpose removing those email addresses from databases and lists, but only for this purpose. The persons or organizations contacted already have your address and will be tracked to ensure that the email address is removed and not reused. However, each client has the option of not allowing their address to be opted out, meaning we will keep your participation private if you select this option.