Hubbry Logo
Joe jobJoe jobMain
Open search
Joe job
Community hub
Joe job
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Joe job
Joe job
Joe job
View on Wikipedia
from Wikipedia

A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also email spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source.

Origin and motivation

[edit]

The name "Joe job" originated from such a spam attack on Joe Doll, webmaster of joes.com, in early 1997.[1] One user's joes.com account was removed because of advertising through spam. In retaliation, the user sent new spam with headers forged to make it appear that Joe Doll was responsible. Besides prompting angry replies, it also caused joes.com to fall prey to denial-of-service attacks, from anti-spam vigilantes who thought he had sent the mail, which temporarily took the site down.[2]

Some e-mail Joe jobs are acts of revenge like the original, whether by individuals or by organizations that also use spam for other purposes. Spammers use the technique to cycle through domains and to try to get around spam filters and blocks.

Joe-jobbers could also be businesses trying to defame a competitor or a spammer trying to harm the reputation of an anti-spam group or filtering service. Joe job attacks in other media are often motivated politically or through personal enmity.

Form

[edit]

Joe jobs usually look like normal spam, although they might also disguise themselves as other types of scams or even as legitimate (but misdirected) messages.

Joe jobbing (or "joeing") can take different forms, but most incidents involve either e-mail or Usenet. They are sometimes seen on instant messaging systems as well. In general, joe jobbing is seen only on messaging systems with weak or no sender authentication, or where most users will assume the purported sender to be the actual one.

If the Joe-jobber is imitating a normal spam, it will simply advertise the victim's product, business or website. It may also claim that the victim is selling illegal or offensive items such as illegal drugs, automatic weapons or child pornography to increase the likelihood that the recipient will take action against the victim.

When imitating a scam, such as a Nigerian scam, or phishing scheme, the e-mail will still feature links to the victim's website or include contact information. In these instances, the joe-jobber is hoping that the recipient will notice the e-mail is fake, but mistakenly think the victim is behind the "scam".

When imitating a legitimate e-mail, the joe job will usually pose as an order confirmation. These "confirmations" may ask for credit card information, in which event the attack differs from phishing only in intent, not methodology, or simply imply that the recipient has already bought something from the store (leading the recipient to fear their credit card has already been charged). Like the "normal spam" jobs, these e-mails will often mention illegal activities to incite the recipient to angry e-mails and legal threats.

Another joe-job variation is an e-mail claiming that the victim offers a "spam friendly" web host or e-mail server in the hope of further inciting action against the victim by anti-spam activists.

Function

[edit]

Joe jobs often intend to capitalize on general hatred for spam. They usually forge "from" addresses and email headers so that angry replies are directed to the victim. Some joe job attacks adopt deliberately inflammatory viewpoints, intending to deceive the recipient into believing they were sent by the victim. Joe job victims may lose website hosting or network connectivity due to complaints to their Internet service providers, and even face increased bandwidth costs (or server overload) due to increased website traffic. The victim may also find their email blacklisted by spam filters.

Unlike most email spam, the victim does not have to "fall for" or even receive the email in question; the perpetrator is attempting to defame the victim and incite innocent third parties to be angry, usually causing angry replies and a denial of service attack.

Similar automated spam

[edit]

False headers are used by many viruses or spambots today, and are selected in a random or automated way, so it is possible for someone to be joe jobbed without any human intent or intervention.[3]

See also

[edit]
  • Agent provocateur – Person who incites others to commit incriminating acts
  • Backscatter (email) – Incorrectly automated bounce messages – A related phenomenon that is not targeted directly at a particular victim
  • False flag – Covert operation designed to deceive, a similar military concept
  • Sporgery – Posting a flood of articles to a Usenet group, with falsified headers

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Joe job

View on Grokipedia
from Grokipedia
A Joe job is a form of in which the perpetrator forges the "From" to impersonate a legitimate individual, organization, or domain, often with the intent to conceal the true sender's identity or to provoke backlash against the impersonated party through complaints, mailbombing, or reputational harm. This technique exploits vulnerabilities in email protocols like SMTP, which historically allowed easy spoofing of sender details without robust . The term "Joe job" originated in January 1997 during an incident involving Joe Doll, the owner of the joes.com. After Doll disabled an account used by spammer Yuri Rutman for sending unsolicited advertisements, Rutman retaliated by forging massive spam campaigns—such as promotions for treatments and adult services—to appear as if sent from "[email protected]." This led to a flood of complaints and denial-of-service attacks against Doll's business, ultimately causing his to temporarily sever connectivity and highlighting the destructive potential of such attacks. Joe jobs have evolved as a tool for competitive , political , or simply overwhelming targeted systems with bounce-back notifications from undeliverable messages. Victims often experience by email providers, service disruptions, and loss of customer trust, as recipients may associate the spam with the forged sender. Notable later examples include attacks on businesses like BoxedArt.com in , where spammers impersonated the company to send offensive content and drive away subscribers. Despite advancements in email security, such as SPF, DKIM, and protocols, Joe jobs persist due to incomplete adoption and the ease of exploiting legacy systems.

Definition and Etymology

Definition

A Joe job is a technique in which unsolicited bulk emails are sent with a forged sender address in the From: field, impersonating a targeted individual, , or domain to direct backlash toward the impersonated . This method leverages as its underlying mechanism, allowing the actual sender to remain hidden while attributing the spam to an innocent third party. Unlike general used merely for anonymity in routine spam, a Joe job is distinguished by its deliberate intent to damage the reputation or operations of the spoofed entity. Key characteristics of a Joe job include the use of high-volume campaigns containing provocative, illegal, or offensive content—such as , scams, or —to incite recipients to complain directly to the forged sender, often overwhelming their email infrastructure with bounce messages and abuse reports. The spam is typically distributed to large lists of recipients, amplifying the potential for reputational harm and resource exhaustion for the victim. First documented in the late , the Joe job remains a relevant threat in 2025 due to ongoing vulnerabilities in protocols that enable such . Despite advancements in spam filtering, the technique persists as a form of targeted in cyber campaigns.

Etymology

The term "joe job" originated in 1997 from a targeted spam campaign against Joe Doll, the owner of Joe's Cyberpost (joes.com), an early provider of free web hosting. After Doll terminated a user's account for violating the site's by posting spam to newsgroups, the offender retaliated on January 2, 1997, by sending millions of forged bulk messages that appeared to originate from Doll's , often containing offensive or inflammatory content. This led to a flood of complaints, denial-of-service-like effects, and temporary shutdowns of Doll's services as recipients and anti-spam activists mistakenly directed backlash toward him. The phrase quickly entered cybersecurity discussions on , particularly in the news.admin.net-abuse.email newsgroup, where it described spam attacks intended to damage the reputation or operations of an innocent third party through . By the early , "joe job" had become a standard term in technical references, appearing in resources like the (version 4.4.4 onward) as a noun for such forged spam runs and in the Encyclopedia as a method of sending spam via another party's to provoke complaints and account disruptions. Linguistically, the term draws from the specific incident involving Joe Doll, with "Joe" serving as his proper name rather than a generic placeholder, though the name "Joe" has long functioned in English as a stand-in for an ordinary or unidentified person (e.g., "Joe Public"). It bears no relation to the unrelated pre-existing phrase "joe job," which since at least 1948 has denoted a menial, monotonous, or low-paid task.

History

Origin

Joe jobs emerged in 1997 as email spam proliferated in the early days of the internet, when email systems lacked robust authentication mechanisms such as Sender Policy Framework (SPF), allowing easy forgery of sender addresses. This vulnerability enabled spammers to impersonate others anonymously, often as retaliation against those enforcing anti-spam policies. The tactic represented an evolution from basic unsolicited bulk email to deliberate sabotage, exploiting the nascent email infrastructure's weaknesses. The seminal incident occurred in early January 1997, when a Chicago-area spammer, whose free hosting account on Joe's Cyberpost (joes.com) was terminated by webmaster Joe Doll for violating terms by sending spam advertisements, retaliated by forging millions of spam emails with headers appearing to originate from Doll's domain. These messages, sent to vast numbers of recipients, incited angry responses, including denial-of-service attacks (such as mail bombs, ping floods, and SYN attacks) against joes.com, which disabled the site for over 10 days and led to its domain being blacklisted by some ISPs and mail services. The attack's motivation stemmed from the spammer's desire for anonymity while punishing Doll, highlighting joe jobs' potential for reputational harm without direct traceability. The term "joe job" was coined in reference to this event targeting Joe Doll. The incident was first discussed publicly in early 1997 on the news.admin.net-abuse.email (NANAE), where anti-spam activists debated the forged mails designed to deceive them into joining the backlash against Doll. By 1998, the tactic had spread, with joe jobs increasingly deployed against anti-spam activists to discredit their efforts and flood their domains with complaints, marking a shift toward targeted in the ongoing spam wars.

Notable Incidents

In 2003, anti-spam activist Joe Wein, operator of joewein.de, was targeted in a series of Joe jobs where spammers forged emails from his domain addresses, such as and [email protected], to send spam through various providers including those in , , and the . These attacks promoted illegal or objectionable content, resulting in thousands of bounce-back emails flooding his inboxes and causing significant . The volume generated over 3,000 bounces in one instance alone, disrupting his operations and highlighting the retaliatory nature of such attacks against spam fighters. In May 2011, the experienced a major Joe job spam campaign that spoofed university domains as the sender for massive unsolicited blasts. This led to widespread —error replies from recipients' servers—causing confusion among users and potential of the university's mail services, as well as numerous queries to IT support. The incident affected academic and administrative communications, requiring urgent and coordination to mitigate the flood of incoming complaints and bounces. In June 2003, shortly before the Wein attacks, the template site BoxedArt.com was subjected to a large-scale Joe job as part of coordinated cyber sabotage, with spammers forging its domain to distribute spam promoting dubious products. This led to floods of bounces, complaints, and potential , causing significant operational disruptions and loss of customers. These incidents, building on the precursor 1997 attack against Joe Doll's joes.com domain, reveal patterns in Joe jobs targeting anti-spam activists, educational institutions, and commercial entities like rivals or small businesses.

Mechanics

Execution Methods

A Joe job attack begins with preparation, where the attacker selects a target domain or to impersonate, often choosing one associated with a or individual likely to suffer reputational harm from association with spam. The attacker then acquires or rents resources for high-volume sending, such as botnets of compromised devices or access to large SMTP relays, to enable the transmission of thousands or millions of messages without immediate detection. In the phase, the attacker spoofs the "From:" header to make the emails appear to originate from the target's domain, typically by exploiting open relays or hijacked servers that allow unauthorized sending without . The message content is crafted to be highly provocative, incorporating elements like explicit attachments, links, or inflammatory text to elicit strong reactions from recipients; additionally, the "Reply-To:" field is often set to null, a disposable , or the attacker's controlled trap to redirect any responses away from the true sender. Distribution involves dispatching the forged emails in bulk across multiple IP addresses to distribute the load and evade rate-limiting or by email providers. Attackers frequently embed deliberate errors, such as invalid recipient addresses in CC or BCC fields, to trigger non-delivery reports (NDRs) or bounces that flood the target's inbox with backscatter complaints from mail servers attempting to return undeliverable mail. Joe job attacks vary in complexity, with simple variants consisting of a one-off campaign using basic header manipulation for a short burst of spam. In contrast, sustained attacks involve ongoing campaigns that rotate content, IP sources, and target elements over time to prolong exposure and complicate evasion efforts.

Technical Components

Joe jobs exploit fundamental vulnerabilities in the (SMTP), which has allowed unauthenticated manipulation of the From: header since its initial specification in RFC 821 published in 1982. This protocol lacks built-in mechanisms for verifying the sender's identity, enabling attackers to forge the visible sender address in email headers without , a design choice that persisted until the introduction of later standards like SPF in the early . Despite advancements in , incomplete adoption allows such spoofing to persist as of 2025. As a result, SMTP transmissions can include arbitrary From: fields in the message body, separate from any validation of the actual originating server. Central to this exploitation are the distinctions between the envelope sender and the header sender in SMTP transactions. The envelope sender, specified in the MAIL FROM command during the SMTP handshake, determines bounce handling and is often set to a null sender ("<>") to prevent delivery failures from returning to the attacker, as permitted by the protocol for non-delivery reports. In contrast, the From: header in the email's DATA section—the part displayed to recipients—can be freely spoofed to impersonate a target entity, creating the illusion of origin without affecting the envelope path. Attackers frequently integrate these elements with botnets, leveraging networks of compromised devices to distribute transmissions across diverse IP addresses, thereby diluting traceability and enhancing volume. Practical implementation relies on accessible tools and services tailored for spam operations. Open-source mail transfer agents like , originally developed in the , can be modified to facilitate header spoofing and bulk sending, allowing customized SMTP interactions for Joe job campaigns. To evade Real-time Blackhole Lists (RBLs) that block known spam sources, perpetrators employ proxies or rotating IP pools from virtual private servers, ensuring continued deliverability despite reputation-based filtering.

Purposes and Effects

Motivations

Joe jobs are primarily motivated by the intent to damage the of the targeted entity, often by the sender's to associate the victim with offensive, illegal, or unethical content such as , scams, or . This tarnishes the victim's image, potentially leading to loss of customers, partners, or business opportunities as recipients and complainants direct their anger toward the spoofed sender. For instance, spammers may impersonate a legitimate to send bulk messages promoting illicit activities, thereby eroding trust in the victim's brand. A common motivation involves retaliation, particularly against anti-spam activists, organizations, or competitors who challenge operations. Spammers frequently target individuals or groups reporting or blocking their activities, such as members of anti-spam networks like Spamhaus, by launching joe jobs to overwhelm them with complaints and backlash. This tactic serves to intimidate or discredit those efforts, forcing anti-spam vigilantes to divert resources to defending their own reputation rather than pursuing the attackers. Joe jobs also provide for the perpetrator while deflecting blame and complaints onto the victim. By spoofing the sender's details, the true spammer conceals their identity and infrastructure, routing abuse reports, unsubscribe requests, and automated responses back to the targeted address. A secondary effect is the generation of —bounced messages from invalid recipients—which can overload the victim's servers and further disrupt operations. Economically, joe jobs are appealing due to their minimal cost, often leveraging botnets or compromised servers; for example, in 2008, sending millions of emails could cost under $80 per million. This low barrier has enabled their use in schemes, where attackers threaten further attacks unless paid, or in competitive to undermine rivals by associating them with spam. Such tactics have been used in targeted campaigns against businesses, exploiting the asymmetry between cheap execution and high potential damage. With advancements in , however, their effectiveness has diminished as of the 2020s.

Impacts on Victims

Victims of Joe jobs often experience immediate operational disruptions, as the spoofed email addresses result in a massive influx of bounce messages, complaints, and unsubscribe requests directed back to their servers. This flood can overwhelm email infrastructure, leading to server crashes or significant bandwidth consumption that hampers legitimate communications. For instance, victims may receive hundreds to millions of such responses, rendering email systems temporarily unusable. Reputational damage is a core consequence, with recipients and the public potentially perceiving the victim as the spammer, eroding trust from customers, partners, and stakeholders. Businesses may face boycotts, loss of partnerships, or even legal scrutiny if the forged spam content suggests illegal activities, such as promoting scams or offensive material. Individuals, particularly activists or public figures targeted for harassment, endure additional threats including angry phone calls and public accusations, further amplifying distrust and credibility loss. Long-term financial repercussions include costs associated with recovering from blacklisting by internet service providers (ISPs) and real-time blackhole lists (RBLs), such as fees for delisting and professional remediation services. Lost revenue arises from disrupted customer interactions and potential fines if regulators attribute the spam to the victim under anti-spam laws. The time-intensive effort to manage fallout—such as responding to thousands of daily complaints—also imposes indirect economic burdens on organizations and individuals alike. On a personal level, the psychological toll can be profound for individual victims, including stress from relentless , threats, and the invasion of , which may lead to anxiety or withdrawal from online activities. In the broader ecosystem, Joe jobs exacerbate user fatigue by contributing to higher volumes of unwanted messages, prompting stricter spam filters that inadvertently increase false positives for legitimate emails.

Mitigation and Prevention

Detection Strategies

Detecting a Joe job attack in real-time relies on vigilant monitoring of infrastructure for anomalous patterns indicative of spoofed outgoing . Administrators can track sudden spikes in bounce messages, known as Delivery Status Notifications (DSNs), through server logs, as these often flood the victim's inbox when invalid recipients reject forged emails purporting to originate from their domain. Similarly, external complaints from recipients or ISPs about unsolicited spam can be logged and reviewed, providing early signals of damage. Reputation monitoring tools, such as MX Toolbox, enable regular checks against over 100 DNS-based email blacklists (DNSBLs or RBLs) to identify if the victim's IP or domain has been listed due to the attack's volume. Key indicators include discrepancies in email headers from incoming bounces or complaints, where the sender's IP address does not align with the spoofed domain, often revealed through the "Received" fields tracing the actual path. High volumes of unsolicited reports, such as bounces from spam traps or user complaints, further signal the attack, as the forged emails target non-existent or monitored addresses to amplify backscatter. Automated systems enhance detection by integrating with (SIEM) platforms or security gateways, which analyze logs for forged "From:" patterns by cross-referencing against authentication protocols like SPF, DKIM, and . These tools flag anomalies such as unauthorized IPs sending on behalf of the domain, triggering alerts for investigation. As of 2025, AI-based in has become prevalent, using to identify unusual bounce rates or patterns that deviate from baseline behavior, improving accuracy over traditional rule-based methods. Manual verification complements automation, involving cross-checks with known contacts to confirm whether reported spam aligns with legitimate communications and analysis of patterns in bounces for content mismatches, such as unfamiliar subjects or attachments inconsistent with the victim's typical messaging. This approach ensures rapid confirmation of non-sent messages, preventing escalation while automated systems scale monitoring efforts.

Countermeasures

To mitigate Joe jobs, organizations should prioritize email authentication protocols that verify sender legitimacy and thwart domain spoofing. The Sender Policy Framework (SPF) allows domain owners to specify authorized mail servers in DNS records, enabling receiving servers to reject or flag emails from unauthorized sources purporting to originate from the domain. DomainKeys Identified Mail (DKIM) adds cryptographic signatures to outgoing emails, allowing recipients to confirm the message was not altered in transit and came from the claimed domain. builds on SPF and DKIM by providing a mechanism; setting the DMARC to "p=reject" instructs receiving mail servers to block delivery of unauthenticated messages, effectively preventing forged Joe job emails from reaching inboxes. For example, with a reject in place, spoofed emails fail authentication checks and are discarded before delivery, reducing the attack's reach and reputational harm. Upon detecting a Joe job—often signaled by a surge in bounce-back notifications or warnings—victims can deploy response tactics to limit damage and restore trust. Issuing s on websites and channels explicitly denying involvement in the spam, providing sample forged messages, and directing recipients to the via tools like SpamCop helps clarify the situation and mobilizes community reporting to trace attackers. Configuring auto-responders on affected accounts to automatically reply to incoming complaints with an explanation of the attack, a link to the , and instructions for verification can efficiently handle volume while educating recipients. Additionally, contacting affected ISPs and providers promptly with evidence of the spoofing can expedite reinstatement for legitimate traffic, as many providers prioritize such requests to avoid blocking innocent domains. Infrastructure adjustments further bolster defenses against ongoing or repeated Joe jobs. For legitimate automated emails, such as bounces or notifications, using a null sender (e.g., Return-Path: <>) prevents replies from routing to spoofable addresses, minimizing amplification that attackers exploit. Implementing on incoming mail servers caps the volume of bounce messages or complaints, protecting resources from overload during an attack; for instance, tools like Postfix can throttle connections per sender to sustain operations. In traceable cases, engaging legal action under the CAN-SPAM Act is viable, as spoofed spam violates federal anti-spam provisions; the FTC has pursued enforcement against perpetrators, with penalties up to $53,088 per email, though success depends on identifying the attacker through headers or reports. As of 2025, emerging standards enhance these measures through visual and collaborative approaches. (BIMI) enables verified logos to display alongside authenticated emails in supporting clients like Gmail, reinforcing trust and deterring spoofing by making legitimate messages visually distinct; adoption has surged, with predictions of 75% of major brands implementing it by 2026 to combat fraud. Collaborating with anti-spam organizations like the Messaging, Malware and Mobile Anti-Abuse (M3AAWG) facilitates rapid delisting from blocklists, as their industry guidelines and shared intelligence help coordinate responses to Joe job-induced blackholing.

Similar Techniques

Backscatter is a form of collateral spam resulting from automated non-delivery reports (NDRs) or delivery status notifications (DSNs) generated by servers when spam messages with forged sender addresses fail to deliver to invalid recipients. Unlike joe jobs, which deliberately forge sender addresses to target specific victims and provoke intentional floods of complaints or bounces aimed at reputation damage, occurs unintentionally as a of widespread spam campaigns hitting non-existent addresses. This distinction highlights 's passive nature, often affecting innocent parties through no fault of their own, whereas joe jobs weaponize the same spoofing mechanism for malice. Email bombing, also known as mail bombing, constitutes a that overwhelms a single account or server with a high volume of messages, typically through automated scripts or botnets subscribing the target to numerous mailing lists or sending direct floods. In contrast to joe jobs, which distribute spoofed spam across broad audiences to implicate a target's domain in bulk unsolicited , bombing concentrates the assault on one recipient to disrupt access and bury legitimate communications. Common variants include registration bombs, where bots mass-enroll the victim in newsletters, differing from joe jobs' focus on sender rather than subscription abuse. Phishing attacks employing email spoofing forge sender identities to deceive recipients into divulging sensitive information, such as credentials or financial details, often through urgent requests mimicking trusted entities. This tactic shares spoofing with joe jobs but diverges in purpose: seeks direct exploitation, as seen in business email compromise (BEC) schemes like CEO fraud, where attackers impersonate executives to authorize fraudulent transfers, rather than joe jobs' emphasis on provoking backlash to erode a target's . For instance, BEC relies on social engineering for monetary gain, without the joe job's intent to generate widespread abuse reports against the spoofed party.

Distinctions from Other Abuses

Joe jobs differ from general spam in their intent and execution. While general spam typically involves the mass distribution of unsolicited commercial emails aimed at promoting products or services, often without targeting specific victims for harm, a Joe job specifically forges the sender's to attribute the spam to an innocent third party, with the primary goal of damaging that party's through backlash from recipients or . In contrast to , which relies on registering domain names that closely mimic legitimate ones to deceive users into visiting sites or fraudulent pages, Joe jobs operate solely through header manipulation, such as spoofing the "From" field, without requiring the creation or control of any deceptive domain. Unlike a distributed denial-of-service (DDoS) attack, which overwhelms a target's network or servers with excessive traffic from multiple sources to cause , a Joe job targets email-specific and reputation, generating complaints, bounces, or blacklisting against the spoofed sender rather than flooding IP addresses or ports. Legally, Joe jobs are addressed primarily under anti-spoofing and anti-spam statutes, such as the U.S. CAN-SPAM Act, which prohibits false or misleading header information and imposes civil penalties up to $53,088 per violating email, with criminal sanctions for aggravated spoofing cases. This distinguishes them from pure or offenses, which fall under broader statutes like those prohibiting threats or stalking, as Joe jobs emphasize deceptive transmission over direct intimidation. Enforcement often involves tools like , an email authentication protocol designed to detect and prevent domain spoofing by verifying sender alignment, thereby mitigating Joe job impacts without invoking general laws.

References

  1. https://www.pcmag.com/encyclopedia/term/joe-job
  2. https://uwaterloo.atlassian.net/wiki/spaces/ISTKB/pages/42583195670/Email+security+-+Joe+Jobs
  3. https://www.devx.com/terms/joe-job/
  4. https://www.markwelchblog.com/1997/01/20/the-weekend-ibm-net-almost-died/
  5. http://www.joes.com/spammed.html
  6. https://www.sitepoint.com/sabotage-coping-joe-job/
  7. https://www.cknow.com/cms/ckinfo/joe-job-use-of-a-fake-return-address-in-a-spam-message.html
  8. https://www.computerhope.com/jargon/j/joejob.htm
  9. http://linuxmafia.com/~rick/qmail-backscatter-spf.html
  10. http://www.catb.org/jargon/html/J/joe-job.html
  11. https://www.oed.com/dictionary/joe_n2
  12. https://www.oed.com/dictionary/joe-job_n
  13. https://www.weil.com/~/media/files/pdfs/authenticating_challenged_emails.pdf
  14. http://www.joewein.net/spam/spam-joejob.htm
  15. https://blogs.it.ox.ac.uk/networks/2011/05/03/joe-job-spam-run/
  16. https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/Spamish_Inquisition.pdf
  17. https://www.theregister.com/2004/04/06/joejoe_dos_attack/
  18. https://datatracker.ietf.org/doc/html/rfc821
  19. https://dalibornasevic.com/posts/67-email-authentication-protocols
  20. https://www.egress.com/blog/security-and-email-security/must-know-phishing-statistics-for-2025
  21. https://www.virusbulletin.com/virusbulletin/2008/09/problem-backscatter-part-1
  22. https://www.spamhero.com/support/120008/Envelope_Sender_Vs_Email_Header_To
  23. https://www.usenix.org/system/files/login/issues/login_october_2005.pdf
  24. https://aosabook.org/en/v1/sendmail.html
  25. https://www.virusbulletin.com/uploads/pdf/magazine/2008/200803.pdf
  26. https://www.rfc-editor.org/rfc/rfc4686.txt
  27. https://www.wired.com/2003/11/time-travel-spammer-strikes-back/
  28. https://krebsonsecurity.com/2013/11/dont-like-spam-complain-about-it/
  29. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117799-problem-esa-00.html
  30. https://www.icir.org/christian/publications/2008-ccs-spamalytics.pdf
  31. http://www.dontbouncespam.org/
  32. https://www.tnpi.net/internet/mail/toaster/faq/joe-job.shtml
  33. http://blog.netsonic.net/what-is-a-joe-job/
  34. https://mxtoolbox.com/blacklists.aspx
  35. https://www.exchangedefender.com/blog/2025/04/understanding-email-headers-how-to-detect-and-prevent-email-spoofing/
  36. https://www.proofpoint.com/us/threat-reference/email-gateway
  37. https://www.strongestlayer.com/blog/ai-generated-phishing-enterprise-threat-2025
  38. https://www.valimail.com/spf/
  39. https://emailsecurity.fortra.com/blog/pros-cons-dmarc-reject-vs-quarantine
  40. https://www.thecloudtechnologist.com/2016/04/07/how-to-stop-email-spoofing-using-dmarc/
  41. https://helpdesk.vipre.com/hc/en-us/articles/36698500494609-Null-Senders
  42. https://serverfault.com/questions/614058/how-to-rate-limit-outgoing-smtp-connections-for-postfix
  43. https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guide-business
  44. https://www.informationweek.com/it-leadership/u-s-charges-four-under-can-spam-law
  45. https://www.libraesva.com/blog/email-security-predictions-for-2025
  46. https://www.duocircle.com/email-security/bimi-email-security-a-complete-guide-to-email-authentication
  47. https://profs.etsmtl.ca/cfuhrman/backscatter/Analysis_of_massive_backscatter_of_email_spam.pdf
  48. https://www.hhs.gov/sites/default/files/email-bombing-sector-alert-tlpclear.pdf
  49. https://www.spamresource.com/2021/12/beware-email-bomb.html
  50. https://www.proofpoint.com/us/threat-reference/email-scams
  51. https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/spoofing-and-phishing
  52. https://www.crowdstrike.com/en-us/cybersecurity-101/threat-intelligence/business-email-compromise-bec/
  53. https://www.atg.wa.gov/spam
  54. https://www.sentinelone.com/cybersecurity-101/threat-intelligence/cybersquatting/
  55. https://corero.com/dos-vs-ddos-whats-the-difference/
Add your contribution
Related Hubs
User Avatar
No comments yet.