Knujon's narrow AI approach to taking down spam sites

Readers of this blog know that I write about "21st-century technologies, from data mining to virtual worlds." Today I'll be talking about a slightly older and far less sexy 20th century technology: Spam.

For the past four or five years, a friend has been tinkering with a software program and set of processes to fight unsolicited email marketing messages that are used to promote illicit products and malware. The friend is Garth Bruen, a high-school buddy and kick-ass programmer who has come up with a novel approach to fighting spam.

Forget blacklists, whitelists, Bayesian filtering, and other more traditional methods of preventing spam from reaching users' inboxes. Bruen takes the long-term view that the best way to fight spam is to shut down the websites that spammers use to make money and spread malware. His service, Knujon, has accepted millions of user-submitted spam reports, and has determined if the sites affiliated with the bogus email messages are violating domain registration rules relating to the identity of the registrants, copyright infringement, seal abuse ("Verisign approved", etc.) or forged ICANN information. If they are, Knujon reports them to the relevant authorities -- ICANN and the registrars -- for takedown. To date, Bruen claims 50,000 spam sites have been shut down because of Knujon. The service, programmed in Lisp, uses "pattern recognition" -- a classic application of narrow AI -- to identify the spammers and associate their actions with specific violations that can be used as evidence to have their sites shut down.

It's not an instant solution to the spam problem, nor does it prevent spam that's already en route from reaching inboxes. But Knujon really hurts the spammers where it counts, by disabling their websites, ruining their spam campaigns, and boosting their costs. It also appeals to people's desire to actually get revenge on the spammers -- the spam messages that I have sent to Knujon have helped contribute to dozens of takedowns over the years.

Beyond shutting down spam sites, Bruen has also helped identify some of the worst registrars around the globe. These are the services that allow spam sites to flourish. He says there are two "evil" registrars and ten other suspect registrars (who Bruen admits may simply be lazy, and are not aware of the spam sites that they are registering). This information has been forwarded to ICANN, which for years has taken a hands-off approach to regulation but has recently hired an attorney in charge of contractual compliance, reports Bruen.

In the months to come, Bruen warns that there will be a flood of spam hawking knock-off goods and other schemes tied to the Christmas shopping season. He also says that Knujon will be expanding beyond reported spam sites, to sites that haven't been reported but are using the same language to sell illicit merchandise and spread malware -- in other words, mirror sites that are likely set up by the same spam networks.

Knujon actually wants your spam. Visit the Knujon submission page to learn about Knujon's services and the email addresses to send specific types of spam (for instance, pump 'n dump stock scams are sent to stockjunk@coldrain.net and CC'd to the Securities and Exchange Commission). Registered members can also get a custom reporting address and weekly reports about the status of spammers who have crossed their paths -- perfect for spam victims who want to see the progress of their reporting/revenge.