Print Page | Close Window

Joe Jobbing problem

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=533
Printed Date: 05 February 2025 at 2:00pm


Topic: Joe Jobbing problem
Posted By: Guests
Subject: Joe Jobbing problem
Date Posted: 14 May 2003 at 4:04pm

For those not familiar with a "Joe-Job" this refers to spam where the culprit spoofs the "From" or "Reply-To" with someone elses real email domain so that that user gets all the bounces and rejections for the spammers broadcast.

In many cases, the spammer simply inserts the domain of the sender and generates a random username to creat the "To:" (i.e. mailto:sjdkghsf@mailserverdomain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - sjdkghsf@mailserverdomain.com ) so that the victim mail server of the spam attempt also gets all the rejections and bounces.

This is a terrible problem as there is no way to track the spammer and the victim server suffers from all the extra traffic.

What I suggest is a variation of the "Reject if Mail From = Mail To" feature.  Create a new check box to "Reject if recipient domain = (sender domain or reply-to domain)".  Generally the sender of outside email to a mail server should be from a different domain than is local to the mail server.  The only time it would not would be if the sender is trying to spoof the mail server.  (At least as far as I can think of)

Would this be possible to do? 



Replies:
Posted By: LogSat
Date Posted: 15 May 2003 at 12:48pm

Good idea! It will not work for everyone, as there are some cases where users with multiple email accounts will use one while sending with the other, but it should work for the majority.

We'll definetly add this very soon then. Thanks for the suggestion.

Roberto
LogSat Software

Posted By: Guests
Date Posted: 15 May 2003 at 1:52pm

Thanks.  After spending two months as a victim of a Joe-Job, it took a lot of offline investigation to get the situation resolved by way of third parties affilliates threatening the culprit with financial penalties for his actions if he continued.

Let me say that if you can add this feature, you would be the first product that I know of that will have a feature to specifically deter Joe-Jobs.

Great job Roberto!  You responsiveness and support are truly outstanding and refreshing in a sea of faceless mega-monopolys swallowing up small companies and turning their great products into really dreadful ones (Symantec, NAI, CA, etc).  Cheers to you!


Print Page | Close Window