Joe job

Online, a joe job is a spam attack using spoofed sender data and aimed at tarnishing the reputation of the apparent sender and/or induce the recipients to take action against him (see also e-mail spoofing). For a related phenomenon that is not targeted directly at a particular victim, see backscatter of email spam.

In Canada, "joe job" is a common slang term for a low-paying, low-status, dead-end job, especially in the service sector. "Joe job" was used with this definition in the movie Wayne's World.

Origin and motivation

The name "joe job" originated from such a spam attack on Joe Doll, webmaster of Joe's Cyberpost. [ [http://joes.com Joe's Cyperpost] ] One user had his joes.com account removed for advertising through spam; in retaliation, he sent another spam, but with the "reply-to" headers forged to make it appear to be from Joe Doll. [http://www.rahul.net/falk/joe.txt] Besides prompting angry replies, it also caused joes.com to fall prey to denial-of-service attacks that took the website down temporarily.

Like the original, most e-mail joe jobs are acts of revenge, whether by individuals or by organizations that also use spam for other purposes. Unless the joe-jobber is a business trying to defame a competitor or a spammer trying to harm the reputation of an anti-spam group or filtering service, there is no commercial use for joe jobbing. Therefore, it is a comparatively uneconomical form of spam, unless an additional aim is to advertise within the email body, and mail replies are not what the spammer is after. Joe job attacks in other media are often motivated politically or through personal enmity.

Form

Joe jobs usually look like normal spam, although they might also disguise themselves as other types of scams or even as legitimate (but misdirected) messages.

Joe jobbing (or "joeing") can take different forms, but most incidents involve either e-mail or Usenet. They are sometimes seen on instant messaging systems as well. In general, joe jobbing is seen only on messaging systems with weak or no sender authentication, or where most users will assume the purported sender to be the actual one.

If the joe-jobber is imitating a normal spam, it will simply advertise the victim's product, business or website. It may also claim that the victim is selling illegal or offensive items such as illegal drugs, automatic weapons or child pornography to increase the likelihood that the recipient will take action against the victim.

Some joe jobs are politically motivated, where the intended victim is usually a political candidate, party or organization. Such joe jobs generally espouse an inflammatory viewpoint not actually held by the victim, or present a deliberately distorted variation of an actual viewpoint. Large-scale joe jobs were staged on Usenet against the Ralph Nader campaign in 2000 and 2004. The second of these was unusual in employing multiple phases —the first a conventional political joe job, the second claiming to be a widely spammed and similarly inflammatory statement by the Nader campaign about the first. Fact|date=February 2007

When imitating a scam, such as a Nigerian scam, or phishing scheme, the e-mail will still feature links to the victim's website or include contact information. In these instances, the joe-jobber is hoping that the recipient will notice the e-mail is fake, but mistakenly think the victim is behind the "scam".

When imitating a legitimate e-mail, the joe job will usually pose as an order confirmation. These "confirmations" may ask for credit card information, in which event the attack differs from phishing only in intent, not methodology, or simply imply that the recipient has already bought something from the store (leading the recipient to fear his credit card has already been charged). Like the "normal spam" jobs, these e-mails will often mention illegal activities to incite the recipient to angry e-mails and legal threats.

Another joe-job variation is an e-mail claiming that the victim offers a "spam friendly" web host or e-mail server in the hope of further inciting action against the victim by anti-spam activists.

How it works

Joe jobs often intend to capitalize on general hatred for spam. They usually forge "from" addresses and email headers so that angry replies are directed to the victim. Some joe job attacks adopt deliberately inflammatory viewpoints, intending to deceive the recipient into believing they were sent by the victim. Joe job victims may lose website hosting or network connectivity due to complaints to their Internet service providers, and even face increased bandwidth costs (or server overload) due to increased website traffic. The victim may also find his or her email blacklisted by spam filters.

Unlike most email spam, the victim does not have to "fall for" or even receive the email in question; the perpetrator is using innocent third parties to fuel what essentially amounts to slander combined with a denial of service attack.

Joe-job-like automated spam

Today, false headers are used by many viruses or spambots, and are selected in a random or automated way, so it is possible for someone to be Joe Jobbed without any human intent or intervention [ [http://profs.logti.etsmtl.ca/cfuhrman/backscatter/ Cris Fuhrman : Backscatter analyses ] ] .

How to prevent a joe job

While the old wisdom was to abandon the joe-jobbed email address, such addresses can be protected from email-based joe jobs by using sender authentication, which makes email forgeries more identifiable.

Additional steps the victim can take to prevent being harmed by a joe job are to post conspicuous disclaimers on his or her website (if applicable), acquire email filters if he or she does not already have them, and to alert his or her Internet service provider about the scam.

The average person receiving a joe job email will probably not recognize it for what it is. All joe job email can simply be deleted without consequence; this is the action that causes the least trouble for the intended victim.

If you manage a mail server, you should not configure it to send bounce message notifications in response to messages it classifies as spam. Best practice is to perform your content scanning during the SMTP exchange (while the connection to the MTA that submitted the message is still open), and to refuse to accept the message with a "5xx" rejection code if the message is determined to be unwanted. If you cannot perform scanning during the SMTP phase, then either quarantine the messages for human review, or as a last resort, discard the messages quietly. Sending bounce messages to forged sender addresses taken from spams may get your mail server on DNSBLs as abusively misconfigured.

ee also

Sporgery

References

External links

* [http://www.joes.com/spammed.html Joe Doll's account of the original joe job]
* [http://www.everything2.com/index.pl?node=Joe%20Job Everything2 entry for "Joe Job"]
* [http://members.cox.net/joejob/ Steve's Joe Job Page]
* [http://www.snopes.com/inboxer/hoaxes/joejobs/joejobs.asp Some examples of recent joe jobs]
* [http://php-man.nl/EMD/joejob.html Joejobs: The Simple Explanation]
* [http://www.votenader.org/contact/spam.php Nader Campaign discussion of 2004 joe job attack]
* [http://www.sitepoint.com/print/sabotage-coping-joe-job Sabotage! Coping With The Joe Job] by Dillian Thomas
* [http://web.archive.org/web/20001013162208/http://www.markwelch.com/yuri.htm The Weekend IBM.NET Almost Died] - Another article about Joe Jobs that covered IBM's refusal to terminate the account