What is a Joe Job?
A Joe Job (or “joeing”) is a spamming method used to send unwanted email to other email users. Recipients are deceived into believing the purported sender was the actual one.
The term Joe Job originated in January of 1997. A customer’s account was blocked by joes.com, for sending spam advertisements.
The customer sought revenge by forging the “reply-to” headers to appear from Joe Doll, the owner of joes.com. The email sent out was a termination notice to new users. The email enraged customers and caused joes.com website to temporarily go down due to denial-of-service attacks from angered anti-spam groups. The whole attack was said to have a negative impact on the website for days.
In some instances, Joe Jobs are used to tarnish and defame the reputation of a competitor; however, many are now sent to hide the true origin of the spam message. The easy implementation of a Joe Job makes it a commonly used technique to get around spam filters.
You can compare a Joe Job to anyone having the ability to use your mailing address as the return address on a postal letter they are sending; a spammer can forge your email headers or addresses in the same way. A spammer will normally choose a reply-to address from an already created spam list or by selecting a domain name (@joejob.com) and attaching a bunch of common names (email@example.com) or randomly generated names to the domain name (firstname.lastname@example.org).
If you have fallen victim to a Joe Job, one of the first telltale signs you will notice is the sudden onset of bounce back errors from emails you did not send, with subjects like “delivery failure”, “undelivered mail returned to sender” or even out of office notices. Upon opening these messages, you will notice the original message was spam.
How can a business avoid a Joe Job?
Whenever signing up on any website for a service, always read the agreement form. It is very important to stop bypassing those agreements and mindlessly clicking the box. The agreement forms could be allowing the site to sell your personal information. Avoid clicking on unsubscribe links, or any links in spam email. This shows spammers they have found a valid email address. Establish a sender policy framework (SPF) record for your domain. This will help mail servers identify emails that are permitted to be sent on behalf of your domain.