Essentially, a Joe Job attack happens when an attacker sends fake (spoofed) spam email that appears as though it originated from your domain. Email has always been one of the most insecure protocols on the Internet – anybody with even a minimal knowledge of technology can send email “from” whoever they want, without much effort.
Usually you become aware of such an attack when you begin receiving a flood of angry email replies to the spam (since the Reply-To address is often your own). Now begins the long arduous task of saving face amongst the onslaught of defamation. It seems daunting, but we have compiled a comprehensive guide to surviving a Joe Job attack, should you be unfortunate enough to become a victim:
1. Create abuse@yourdomain.com and postmaster@yourdomain.com if these do not already exist. These should either be set up to forward to you, or you could configure your email client to also receive email from these addresses. This is so that information sent from SpamCop and other blacklist services is not missed. Whenever somebody submits one of the spam emails to SpamCop, real time reports will be forwarded to abuse@yourdomain.com. Fortunately, SpamCop is smart about these things and will realize that the emails are not originating from your domain.
2. Set up a spam information page with information about the attack and a form where victims can submit the header information from the offending emails to help you expedite the investigation. In cases where the attack is being carried out by a devious competitor, this will have the benefit of letting them know you’re onto them, and they need to stop. It also helps the people who are receiving the spam. They may be hearing about your company for the first time by receiving the defaming spam, and the proactive ones will almost certainly be browsing your site looking for answers. It will help immeasurably to provide them with the information they are looking for, letting them know that the email did not come from you and that there is something they can do to help end the attack. As you begin to receive more information it will also help with your own investigation. Appletree’s Joe Job information page is an excellent reference.
3. Create an alert link from your home page that directs people to the spam information page without distracting the customers who are there under normal circumstances. The point is that you need to address the issue with an official response and a way for proactive victims to do something meaningful to help stop the attack.
4. Once people begin sending you full header information thanks to step 3, you can begin doing some research to find out where the attacks are coming from. As you view the full headers, the only line which cannot be faked is the “Received” line, which usually contains the originating IP address. This may or may not be useful because a smart attacker will often bounce their emails off of several “open relay” servers, effectively hiding their original location. This information will still be very valuable to SpamCop, however, in building up a blacklist of known “open relay” servers, which will be beneficial in the long run. Make sure to create a SpamCop account and submit all of the spam emails you receive.
5. Notify your web host about what is going on. Even though the emails are not being sent from their servers, it is good for them to know what is happening. Sometimes web hosts will help with the investigation.
6. Utilize your social networks – blogs, Facebook, Twitter, etc – to send out helpful “security” reminders, while being sure not to instill fear. The people in your own network will appreciate the information even though they most likely did not receive the spam email. The spammer usually has different targets and goals, separate from your own. It is always a good idea, though, to make sure your own customers are aware of your spam policy and that you are actively on top of keeping them safe while doing online business with you.
Other than that, be very gracious and kind to the victims who complain about getting spam from your company. Being knowledgeable enough to briefly explain the nature of the problem will go a long way towards turning potentially bad press into a network of allies.
Subscribe To Our E-Newsletter
Recent Articles
- The Great Phishing Scamdemic
Have you been noticing an abundance of suspicious looking emails flooding y…
- Serious Risks to Consider When Socializing Distantly
In today’s crazy world of staying home instead of visiting friends, we’ve a…
- Ten Tips on How to be Successful While Working From Home Dur
As a web developer of over 15 years, I’ve spent a lot of time working remot…
Categories
Recommended Posts
- Why Is It Important To Know Who Owns Your Representative? One Example: Glass-Steagall
- Calendar
- Emails
- What’s a Twitter Storm?
- Social Media Copyright Issues: Fair Use or Infringement?
- Referral Program
- TriCity Lightning Baseball & Softball
- Facebook Password Reset Scam!
- Serious Risks to Consider When Socializing Distantly
- Help Alexa and Siri Find Your Business During Voice Search
Upcoming Events
Social Media
-
- A great quote to live by! Happy President's Day 🇺🇸
.
.
.
#presidentsday #internet #truthish #quotes #life #inspiration #quoteoftheday #quote #follow #success #believe #inspirationalquotes #quotestagram #quotestoliveby - Happy Valentine's Day ❤️
.
.
.
#valentine #pickuplines #cupid #love #valentinesday #pickuplines101 #valentines #valentineday #valentinegift #heart - I don't know who needs to hear this, but Valentine's Day IS this Sunday. She'll remember.... 🥰💐
- How to see what Facebook knows about you, and download your data Do you know what they know?
.
.
#Facebook #Facebookpage #PrivacyAware #privacypolicy #Data #datasecurity - Tech that died in 2020 We've been busy helping clients with Flash workarounds for training software. What tech are you going to mourn in #2021?
- How to recycle your old phone, laptop, TV and batteries for free A win for those with resolutions to declutter or be nice to the environment this year. I'd never heard of Cell Phones For Soldiers before!
- We can’t thank you enough for all of your support this year. From our entire team, we want to wish you a happy, healthy, and prosperous new year! #welcome2021goodbye2020 https://t.co/yEYCRBAK4d
-
-
- I'm not just scrolling to the bottom and hitting AGREE anymore.
.
.
.
#2021 #ReadyorNot #HereWeGo #happynewyear2021 -
-
-
-
- The year is 1997.
You: *struggling to write a letter*
Clippy: Would you like some assistance with that? -
-
- The Jetsons predicted 2020.. just waiting on the flying cars. No doubt our hero @elonmusk will make that come true too. 🚀 #jetsons #telework #onlineclasses #telemedicine #videocalls #tesla https://t.co/0T1s3MgaMx
- @GovWhitmer Why aren't #Michigan groomers allowed to open if they are offering curbside service? #Ohio and #Indiana allow it. Asking for a client (and our staff).
- The most popular pickup line for Web Developers: "Can I clear your cache?" https://t.co/pIUAEr23nX
-
- Have you considered the risks of socializing distantly? 💬🗨️⚠️ https://t.co/xzOTfGBJIc
#SocialDistancing #SocialMedia - If #IRS doesn’t have your direct deposit info, a check will be mailed to your address on file. For your #TaxSecurity, do NOT provide your direct deposit or banking information for others to input on your behalf into the IRS...
- Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world... Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world faces with cyber censorship is what is going on in China. The government blocks many websites, searches, and software based on their content.
- EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the... EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the judicial redress act, and no true protection for businesses
- Copyright and Social Media: This has become a gray area. Almost everyone is guilty of... Copyright and Social Media: This has become a gray area. Almost everyone is guilty of sharing something on social media, whether it be Facebook, Twitter, or Pinterest, that was copyrighted and not yours to share. But what is fair to ...
- How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android
- Being Safe while Downloading Apps: With how many apps are downloaded it is always a... Being Safe while Downloading Apps: With how many apps are downloaded it is always a good idea to stay safe while downloading. You must take precautions, learn where to download, and do your research.