Joe-job

A joe-job is a message that looks like spam, which is sent to damage the reputation of a web-site by making it look like the message was sent by the victim, who is the target of the spam, not the sender. See: http://en.wikipedia.org/wiki/Joe-job.

It is not always easy to tell if a spam campaign is a joe-job, because sometimes one illegal domain will use a joe-job against another illegal domain. So we cannot just decide by the nature of a spammed domain whether or not it is a joe-job. Have a look at the WHOIS information of the domain and at its reputation. Check the reputation with a tool like http://www.urlvoid.com. If a domain has existed for several years, and has not been blacklisted, than it is not likely that it suddenly will start spamming.

The style of the spam message will be different from average spam. Real spam will often use redirects and other tricks to make reporting more difficult. Joe-jobs will display the name of the domain in a prominent way, to make reporting as easy as possible. The joe-jobs will also often contain provoking text to irritate anti-spammers. That text can be vulgar words or ridiculous offers like heroin or Tomahawk-rockets. Sometimes this will even be a message as unlikely as “we will send more spam”.

Most recent joe-jobs targeted domains in Eastern Europe, and those domains are in a local language. Such domains depend on local customers and sometimes on customers in nearby countries who share the language. When such a domain is world-wide spamvertized, it is clear that that is a joe-job. A forum on politics in Ukrainian language has nothing to gain from sending world-wide spam to people who can not even read the domain. Therefore, if you receive spam in an unfamiliar language for a domain that also uses unfamiliar language, you can be sure that it is a joe-job.

Joe-jobs are business. Criminal spammers who already have the control over large botnets, offer reputation damage on demand.

It is important to realize that the purpose of joe-jobs is to make as many anti-spammers as possible submit bad comments and ratings at SiteAdvisor and WoT, and report the spam to services like SpamCop and to Registrars. This means that the spammers use anti-spammers to do the job they get paid for: damaging or even closing the targeted domain. When reporting joe-jobs to SpamCop, only submit the full headers + from the body only the part above any link to websites, and add the text " ". By reporting it in that way, SpamCop will investigate and notify the source of the message (usually an infected system, which is part of a botnet), but nothing is reported on the innocent victim of the joe-job.

Finally, when joe-jobs do not have the desired effect as quickly as the joe-job spammer (or the client they work for) wants, the available botnets sometimes are used for a DDOS attack so that the domains cannot be accessed, or have to pay for an expensive service that offers protection against a DDOS attack.

As always you should comment and rate a domain according to your own experience. Please read the recommendations for comments at: http://www.mywot.com/faq/website/scorecard#howtocomment. No matter how much you may dislike a certain kind of domain, only comment/rate it for good reasons. The fact that a joe-job has made you aware of the existence of a domain is not a good reason for rating it or commenting on it. Do not let yourself be used by spammers!