http://brattleborodevelopment.com/bpc/2007/11/images/win_bruen.jpg

Bios | Presentations | Press | Documents | FAQ

Espańol Ceština| Magyar| Italiano| Nederlands| Français| Deutsch| Svenska| Nynorsk| ελληνικα|

Relying on Blockers and Filters Makes the Problem Worse

Organizations and Personal Email users are blocking/filtering millions of junk emails every day. This is to the advantage of spammers as it allows them to target the most vulnerable users who do not have filtering software or technical savvy. Besides helping the junk mailers and identity thieves find their target audience, we are restricting our own use of email. Many networks no longer allow HTML content, images or file attachments. This is unacceptable, email is communication tool and should not limited because of a minority of people who won’t play by the rules. Filters have dictionaries of words that will result in email quarantines, but often completely legitimate emails are blocked and bad emails pass through. There may be valid reasons to send an email with “Viagra” in the text but it is becoming impossible. Newsletters and legitimate marketing have been lumped in with junk messages and ignored by those who might otherwise benefit from the information.

Spam is a Multilayered Problem

Junk mail poses various threats to government, consumers and business. Spam is a law enforcement issues because identity theft, credit card fraud, child sex traffic, and illegal products and/or services offered via junk mail. Consumers face the issue legitimate on-line purchases becoming riskier. Businesses see problems with using email as the basic communication tool it was designed to be and must counteract lowered consumer confidence due to on-line fraud.

Because the spam problem has many dimensions, a solution that addresses each one is required. Blocking and filtering are not proper solutions for law enforcement or computer security professionals since it they only serve to hide the problem and force the activity to an underground network. Ordinary users must sift through hundreds of quarantined junk emails everyday to search for legitimate messages.

KnujOn Addresses the Source of the Problem

Spam is not the problem, it is a symptom of a more complex issue. The KnujOn project is not merely a technical solution. KnujOn’s creator draws from a diverse background that includes programming, policy development, and criminal justice. KnujOn is policy enforcement, reporting and tracking tool that exposes the hidden world of e-fraud rather than ignoring it. Please contact us if you have any questions: contact@knujon.com





Our Philosophy

  • The e-fraud problem is a complex, multi-layered issue and cannot be addressed by blocking, ignoring and deleting email.
  • The Internet and email are tools for communication. These tools should not be restricted because of junk mail and viruses from a minority who refuse to play by the rules.
  • Consumers have a right to know who is collecting their personal information and for what purpose.
  • Companies and organizations should not have to restrict email usage with filtering and blocking.
  • Legitimate marketing and e-newsletters should not be characterized as spam as long as they follow acceptable policies.
  • The tools and policies for stopping junk mailers, spammers, phishers, pharmers, virus senders, hackers, and forgers already exist. New laws and legislation are not needed.

Garth Bruen: Development, Database Administration, Webmaster, Presentations.

Garth is the creator of Knujon. He draws from a diverse background that includes programming, public policy development, private security, and banking. He is an award-wining workflow developer specializing in policy automation through rules-based software, SQL, ASP, C++, and web scripting.

Garth has spent many hours before large groups of security professionals presenting his theories, concepts, process and plan. He has also authored several articles about KnujOn in various technical magazines.

Northeastern University. Software Engineering Certificate
Suffolk University. Master’s in Public Administration
Northeastern University. B.S. Criminal Justice

Contact: g_bruen@knujon.com



Dr. Robert Bruen: Systems Administration, Customer Support, Beta Testing, Research.

Dr. Bruen has uses his long years of experience to make Knujon an operational success on a large scale. He runs the data center operations and continuously works to improve KnujOn.

Bob has over 30 years of experience in the areas of computer science and higher education. In addition to faculty positions at Babson College, Merrimack College, and Springfield Technical Community College. He spent 17 years managing information systems at MIT in the Aeronautics and Astronautics Department, Lab for Nuclear Science, the Genome Center and the Laboratory for Information and Decision Systems. He has also conducted research for PIES, a prime number discovery project and is well known within the world of network security and privacy research as the security book review editor for Cipher for ten years.

Boston College. Ph.D. Higher Education Administration
Harvard University. ALM History of Science
Boston University. M.S. Computer Information Systems
Northeastern University. B.A. Philosophy and Religion

Contact: b_bruen@knujon.com



For business development, collaboration, or other proposals: bizdev@knujon.com

KnujOn Presentations

Recent and Pending
Messaging Anti-Abuse Working Group (maawg.org) Sept 22-24

Open Web Application Security Project (OWASP) Sept 24-25, 2008 - Park Central Hotel, located in midtown New York City

Anti-Phishing Working Group eCrime Researchers Summit "APWG" (antiphishing.org) October 14-16 - Buckhead, GA

Information Security Summit (informationsecuritysummit.org) October 30-31 - Cleveland, Ohio


History
HTCIA Ohio May 12-14, 2008

M.I.T. Spam Conference March 27 and 28, 2008

Southeastern CyberCrime Summit March, 2008 Summit Postponed to 2009!

International HTCIA sponsored by San Diego HTCIA August 27-29, 2007

HTCIA New England April, 2007

Southeastern CyberCrime Summit March, 2007

Southeastern CyberCrime Summit March, 2006

Northeast HTCIA September, 2005

HTCIA New England September, 2005

HTCIA New England May, 2005



Documents

KnujOn Comments/Report Regarding Joint Project Agreement with ICANN for the U.S. Department of Commerce, the National Telecommunications and Information Administration (NTIA)
General NTIA ICANN JPA Information

White Paper (Oct 2007)
White Paper (March 2008)
White Paper (May 2008 - Not Yet Posted)

The Path Of Fake Goods Sold In Spam - ppt
Presentation to International HTCIA (ppt)

Press Kit

KnujOn is transforming the "unsolvable" spam problem into a situation that can be understood, managed, minimized and defeated. Spam filtering and blocking isn't working, in fact spam has increased in the last two years, flooding the global network. Email and Internet users are demanding solutions but the technology market is slow to respond to consumer need.

At KnujOn we are providing consumers with a no-nonsense way to report junk mail. In return they receive feedback and action they are not getting elsewhere. Through persistent policy enforcement, KnujOn is reducing the value of junk email by eliminating the transaction platforms (websites) and increasing the operational costs for the spammers.

White Papers

Project KnujOn - October 2007(PDF)

Bios and Contact

Garth Bruen
Dr. Robert Bruen

Contact: contact@knujon.com

Frequently Asked Questions
    Questions about Knujon
  1. What is KnujOn?
  2. What does KnujOn do?
  3. I already have a spam filter/blocker, why do I need KnujOn?
  4. How is KnujOn different from current anti-spam programs?
  5. Does KnujOn practice hacking or use denial of service attacks?
  6. Does KnujOn spam the spammers?
  7. Is it intended to replace my spam filter/blocker?
  8. Can I use KnujOn for my personal email?
  9. Could KnujOn be improperly used against legitimate sites?
  10. Do you only take some kinds of junk mail?
  11. Are you out to get all email marketing?
  12. What steps do you take to protect inocent parties?
  13. Are you out to stop on-line pornography?
  14. Are you out to stop on-line gambling?
  15. What is a "multi-tiered" approach?
  16. Does KnujOn use blackholes or blacklists?
  17. What is the relationship between Knujon.com and Coldrain.net?
  18. What is the relationship between Knujon.com and Thunderbird?
  19. What is the relationship between Knujon.com and MailWasher?
  20. What is the relationship between Knujon.com and SpamCop?
  21. What is the relationship between Knujon.com and CastleCops?
  22. What is the relationship between Knujon.com and Triade systems?
  23. What is the relationship between Knujon.com and Okopipi/BlueFrog?
  24. How are you funded?
  25. Are you a real company?


    26. Questions about membership/reports
  26. Can I send you my junk mail?
  27. How do I join?
  28. How much is a KnujOn membership?
  29. Is there software to download or maintain?
  30. I sent junk mail but it was rejected, why?
  31. Do you need full headers?
  32. Does Knujon provide any other submission method besides email forwarding?
  33. I joined but I have not received any information, why?
  34. I joined but I have not received a report, why?
  35. I received a report but it was empty, why?
  36. There is a legitimate site in my report, why?
  37. What is a suspension or shutdown?
  38. If I am already reporting to another anti-spam service should I stop and only send to Knujon?
  39. What is difference between yourjunk@knujon.com, knujon_us@yahoo.com, knujon@coldrain.net and other addresses?


    40. Questions about junk mail and spam in general
  40. What is spoofing?
  41. How do junk mailers get email addresses?
  42. Why does "unsubscribe" not work?
  43. What about laws that make spam illegal?
  44. What about recent arrests and lawsuits?
  45. What about improvements in content filtering?
  46. How serious is the junk mail problem?
  47. What are the problems with current strategies?
  48. How is junk mail different from legitimate marketing through email?


    49. Other, Miscelaneous
  49. What is a forensic tool?
  50. How do I get access to the CastleCops forum?
  51. How can I post something in your News section?
  52. Why doesn't KnujOn tell its members to us the opt-out in our emails?


What is KnujOn?
KnujOn is a completely new approach to the ever-growing junk email problem. KnujOn is a multi-tiered response to Internet threats.

I already have a spam filter/blocker, why do I need KnujOn?
Filters and blockers stop spam from reaching mailboxes but do not actually stop the flow of spam. The messages pile up and must be reviewed and deleted.

How is KnujOn different from current anti-spam programs?
Filters and blockers search emails for keywords and other content that flag messages as possible junk mail and then divert the email to a quarantine area for review or deletion. KnujOn takes the junk email and uses it to track and stop the sources of the junk.

What does KnujOn do?
KnujOn is a policy enforcement engine. KnujOn has a powerful records interface that can also be used a forensic tool. KnujOn sorts through thousands of emails and profiles vast e-fraud operations so they can be shared with law enforcement and financial instutions.

Does KnujOn practice hacking or use denial of service attacks?
No. KnujOn is a policy enforcement, reporting and tracking tool.

Does KnujOn spam the spammers?
Absolutely not. We contact junk mailers in proportion to what they send out to our clients. Internet criminals will often accuse us of spamming them because we sent one or two opt-out messages on behalf of a client. It is a garbage tactic for them to play the victim.

How is junk mail different from legitimate marketing through email?
Junk mail companies use spoofing to conceal their identity. Legitimate marketing companies typically follow accepted privacy practices and honor removal requests.

What is spoofing?
Spoofing is a technique of forging an email address to hide where it truly came from. Email headers may be modified to insert bogus "From" information.

What is a forensic tool?
A forensic tool is something that gathers and sorts data so it can be used in investigations or as evidence.

How much is a KnujOn membership?
Free, but we welcome donations

Is it intended to replace my spam filter/blocker?
KnujOn is designed to work with your current email protection or alone.

Can I use KnujOn for my personal email?
Yes, KnujOn.com personal service is available: More information.

Could KnujOn be improperly used against legitimate sites?
KnujOn processes junk mail and reports sites that do not comply with rules and regulations. Legitimate sites are not affected. In addition, .gov, .mil, and .edu sites are exempt. KnujOn will not run policy enforcement against charities or polictical organizations.

How do junk mailers get email addresses?
There are several methods. One is simply buying lists of emails from on-line companies. If you have purchased something on-lie, you may get junk mail. Junk mailers also have programs that scan the Internet for email address posted on web pages. Because of this certain people have warned against posting emails on web pages but I think this voids a vital purpose of the Internet, namely communication. Everyone should be able to post their email somewhere without worrying about junk mail, and to help we designed KnujOn! A third common method to send junk mail to range of possible addresses until a match is found. For example: aaa@hotmail.com, aab@hotmail, aac@hotmail... You may have received junk mail with various spellings of your name in the distribution list. One of the worst ways to harvest addresses is through viruses. Some viruses(trojans, spyware) infect email software and steal your contacts list. But with KnujOn, these individuals can be found and shut down.

Why does "unsubscribe" not work?
There are many legitimate companies who adhere to requests to unsubscribe. Spammers don't care, they ignore unsubscribe requests.

What about laws that make spam illegal?
Making junk mail illegal may sound like a good idea, but it will not solve the problem. Many Junk Mailers are in foreign countries and cannot be touched by U.S. laws. Spammers also conceal their identities making it very difficult track where the email is coming from. Since the CAN-SPAM Act has gone into effect the junk mail levels have trippled.

What about recent arrests and lawsuits?
These government actions are the result of extensive investigations taking months of man-hours and unknown amounts of taxpayer dollars. Their efforts should be lauded, but this is just the tip of the iceberg. To expend these resources for every junk mailer would be an extremely expensive venture. This tactic would be ineffective against junk mailers in other countries.

What about improvements in content filtering?
The developers of content filtering software have come up with some truly amazing innovations. Unfortunately, the junk mailers are constantly finding ways to bypass the filtering. What if you work in a pharmacy and you have a legitimate reason to send email with "Viagra" in the content? Recently, a version of the sober virus sent millions of junk emails in German. None of these emails contained English words that were on block lists, but they had violent sexual language in German. The emails bypassed blocking.

How much of a problem is junk mail?
Recent studies show that 90% of all email traffic is junk spam. AOL reports that their users receive 10 million junk messages every day. Some studies estimate that U.S. employees lose 3.1% of their day dealing with junk mail, that is about one and a quarter hours per week, over 300 hours per year.

What are the problems with current strategies?

  • Use a filter or blocker program
    Most networks use some kind of spam blocker or filter. These programs effectively keep junk mail from reaching mailboxes but they also block some legitimate mail and allow bad messages to get through. Blocking and filtering do not stop the problem, only delay it. Why Content Blocking Does Not Work.

  • Don't post your email address on web pages
    While spammers do use programs that harvest emails from web pages they also obtain lists from other spammers and send junk to random emails until they get a hit. This strategy also violates the point of the Internet, communication. Why should we hide from them?

  • Use temporary email addresses and dump them when spam shows up
    Sounds like they have you on the run.

  • Never buy anything from a company that spams
    I totally agree. However, they will still make money from a minority of people and keep spamming everyone. Also, believe it or not legitimate on-line companies sell your address to spammers.

  • Hack the spammers
    Lots of work and now you are breaking the law too.

  • Sue the spammers
    Expensive. Time-consuming. Limited results.

  • Pass laws that make spamming illegal
    Speeding is illegal, people still do it. Try enforcing these laws in foreign countries.

  • Code verification
    Many email services will display a random set of non-ascii(images) letters and numbers for a user to enter in order to verify that a real person is sending email and not a script hacking a mail account. This is clever concept but it wont stop them.

  • SMTP relay limits
    Many mail hosts will limit the amount of mail that can be sent to 500 or 250 emails per day per email address. However, if a spammer has 10 sites with 100 email accounts on each they can send half a million emails per day.

Can I send you my junk mail?
Yes, send it to: nonregistered@coldrain.net, OR use one of the specific addresses listed here: Instructions for sending email, OR become a member.

How do I join?
Register Here.

I sent junk mail but it was rejected, why?
Because of various levels of filters and firewalls junk mail forwarding may be blocked. Registered users should not experience problems forwarding email. Check here for more forwarding options.

Do you need full headers?
Full headers are not needed. Our procedures do not require full headers at this time. If your email client already expands the headers this is fine, there is no need to alter your options before forwarding email to us.

Does Knujon provide any other submission method besides email forwarding?
Yes, we have a bulk file upload interface for members, read more.

I joined but I have not received any information, why?
Knujon carefully vets every application to keep Internet criminals out, it can be a lenthy and time-consuming process.

I joined but I have not received a report, why?
The reports are cumulative and take a week or two to build up.

I received a report but it was empty, why?
There could be many reasons for this. If you are new member it is possible we have not processed your submissions yet.

There is a legitimate site in my report, why?
Legitimate sites are often victims of spoofing. Please contact us about this so we can investigate.

What is a suspension or shutdown?
This means that a site has lost its hosting, registration, is blocked in some way, or has suffered some kind of procedural action.

What is the relationship between Knujon.com and Coldrain.net?
Knujon.com and Coldrain.net are partners in this project.

What is the relationship between Knujon.com and Thunderbird?
Thunderbird is a free email program distributed by Mozilla. There are a variety of Thuderbird extensions available that forward email to Knujon but there is no financial or organizational connection.

What is the relationship between Knujon.com and MailWasher?
There are various ways to forward junk mail to Knujon from MailWasher but there is no financial or organizational connection.

What is the relationship between Knujon.com and SpamCop?
There are various ways to forward junk mail to Knujon from SpamCop through MailWasher but there is no financial or organizational connection.

What is the relationship between Knujon.com and CastleCops?
CastleCops hosted 2 forums for Knujon until the service ceased. We were big supporters of their efforts.

What is the relationship between Knujon.com and Triade systems?
Triade systems systems has created a Python script that forwards junk mail to Knujon from Gmail but there is no financial or organizational connection to Triade or Gmail.

What is the relationship between Knujon.com and Okopipi/BlueFrog?
Okopipi is an open-source version of BlueFrog. Many Okopipi users forward email to Knujon through various methods but there is no financial or organizational connection.

How are you funded?
Our funding is entierly private at the moment, but this may change in the future.

Are you a real company?
Coldrain Technologies and Knujon.com are legally registered corporations in the United States.

How do I get access to the CastleCops forum?
CastleCops is closed, they are no longer hosting forums or accepting members.

There is new Knujon forum on LinkedIn

What is difference between yourjunk@knujon.com, knujon_us@yahoo.com and other addresses?
knujon_us@yahoo.com was the original reporting and contact email address for this project when it was in its beginning stages. When Knujon.com was launched, the reporting address became yourjunk@knujon.com and the contact address became contact@knujon.com. Because of issues with our IP many users experienced problems forwarding junk mail to yourjunk@knujon.com so we offered knujon_us@yahoo.com as a temporary alternative while we found a permanent solution. Registered users are now issued a rejection-free address to report junk to. yourjunk@knujon.com is still valid and junk sent there will be processed. We would prefer that knujon_us@yahoo.com no longer be used. Email forwarded to knujon_us@yahoo.com will still be processed but it takes more time. We understand that many users have automated the reporting and that a complete switch-over will take time.

Do you only take some kinds of junk mail?
No, we take it all. Spam, phishing, stock junk, "awards", "degrees", Rx, unsolicited pornography, mortgage offers, software offers, whatever. Instructions for sending email.

Are you out to get all email marketing?
No, only unwanted and fraudulent email. We believe that the marketing industry has been unfairly tainted by online scams.

If I am already reporting to another anti-spam service, should I stop and only send to Knujon?
No, we want the effort maximized. Report to anyone who will listen.

What steps do you take to protect innocent parties?
We are well aware of the extent cyber criminals will go trick, defraud and embarrass lawful organizations and companies and Knujon.com makes every effort to protect the innocent. Even Knujon.com has been a victim of spoofing. The first thing to be aware of is that all .EDU, .GOV, and .MIL sites are exempt from this process. Secondly, we have an enormous list of trusted sites that include legitimate companies, news services, non-profit organizations, banks, and other entities. Email reported to Knujon with any information relating to these sites is treated as a phishing or smear attack and we cooperate with innocent parties to report and stop the potential fraud. We encourage all site admins who have been victimized by phishing to register with out Alert System.

Are you out to stop on-line pornography?
No, with two exceptions: porn pushed through junk email and evidence of child sexual exploitation. We will do everything in our power to report crimes against children and cooperate with authorities to ensure that the perpetrators are prosecuted to the fullest extent of the law.

Are you out to stop on-line gambling?
Not specifically. Lotteries, racetracks and casinos exist all over the world. Some believe it is personal choice others a menace. The online gambling issue is a complex and controversial subject that KnujOn does not intend to address at this time. However, we will address unwanted gambling-related emails.

What is a "multi-tiered" approach?
Rather than relying on a single method KnujOn has developed a toolbox of procedures that address junk email on many levels.

Does KnujOn use blackholes or blacklists?
KnujOn does not use or maintain blacklists or blackholes.

Is there software to download or maintain?
No. There are extensions and add-ons for email software that make it easier to report to KnujOn but there is no "KnujOn" software to install.