Joe-job

From WOT Wiki
Revision as of 12:33, 17 January 2013 by Boonsiri (talk | contribs)
Jump to: navigation, search

A joe-job is a message that looks like spam, which is send to damage the reputation of a web-site, by making it look like the message was sent by the victim, who is the target of the spam, not the sender. See: http://en.wikipedia.org/wiki/Joe-job

It is not always easy to see if a spam-campaign is a joe-job, because sometimes one illegal domain will use a joe-job against another illegal domain. So we cannot just decide by the nature of the domain, if the spam that has its name in it, is a joe-job or not.

Have a look at the WHOIS-information of the domain and at its reputation. Check the reputation with a tool like http://www.urlvoid.com . If a domain has existed for several years, and has not been blacklisted, than it is not likely that it suddenly will start spamming.

The style of the spam message will be different from average spam. Real spam will often use redirects and other tricks to make reporting more difficult. Joe-jobs will display the name of the domain in a prominent way, to make reporting as easy as possible. The joe-jobs will also often contain provoking text to irritate anti-spammers. That text can be vulgar words or ridiculous offers like heroin or Tomahawk-rockets. Sometimes this will even be a message as unlikely as “we will send more spam”.

Most recent joe-jobs targeted domains in Eastern Europe, and those domains are in a local language. Such domains depend on local customers and sometimes from customers in nearby countries who share the language. When such a domain is world-wide spamvertized, it is clear that that is a joe-job. A forum on politics in Ukrainian language has nothing to gain from sending world-wide spam to people who can not even read the domain. Therefore, if you receive spam in an unfamiliar, language for a domain that also uses unfamiliar language, you can be sure that it is a joe-job.

Joe-jobs are business. Criminal spammers who already have the control over large botnets, offer reputation damage on demand.

It is important to realize, that the purpose of joe-jobs is, to make as many anti-spammers as possible, submit bad comments and ratings at SiteAdvisor and WoT, and report the spam to services like SpamCop and to Registrars. This means that the spammers use anti-spammers to do the job they get paid for: damaging or even closing the targeted domain. When reporting joe-jobs to SpamCop, only submit the full headers + from the body only the part above any link to websites, and add the text "<truncated>". By reporting it in that way, SpamCop will investigate and notify the source of the message (usually an infected system, which is part of a botnet), but nothing is reported on the innocent victim of the joe-job.

Finally, when joe-jobs do not have the desired effect as quickly as the joe-job spammer (or the client they work for) wants, the available botnets sometimes are used for a DDOS attack to cause that the domains cannot be accessed, or have to pay for an expensive service that offers protection against a DDOS-attack.

As always you should comment and rate a domain according to your own experience. No matter how much you may dislike a certain kind of domain, only comment/rate it for good reasons. The fact that a joe-job has made you aware of the existence of a domain is not a good reason for rating it or commenting on it. Do not let yourself be used by spammers!

Retrieved from "https://www.mywot.com/wiki/index.php?title=Joe-job&oldid=10237"