Beware the 'Joe Job'written by Lindsey Arent, Tech Live on Thursday, January 23, 2003
Avoid seeing your email address as the return address in spam.If you've got a name and an email account that you covet, watch out. You could be at risk for what the spam industry calls a "Joe job." Find out what you can do to protect yourself, tonight on "Tech Live."
Late last year, Steve Long opened up his email account and got a huge surprise: a ton of rejected or redirected emails he didn't write. "I thought, 'Oh, I wrote in the wrong address.' 137 (emails) later I realized something's wrong," he said.
That "something wrong" turned out to be what the anti-spam industry calls a Joe job. It's a simple way of making spam look like it didn't come from the original sender.
Now it's personal
An Army veteran, Long is waging a personal war against the spammers who Joe-jobbed him. He said he resents the people who made him an unwitting spammer and filled his inbox with unwanted email rejected by other people's spam filters.
"I don't want to change my address. I've got a small business, I've got brochures I'd have to change all my addresses on," Long said. "I'd rather find out who's doing this. It's a much deeper problem than just my email. Here's a large company out there using me in their advertising. They're making a lot of money and you can't find them."
It's an old trick
A Joe job is one of the oldest, and easiest, spamming tricks in the book, said spam consultant Ben Westbrook, CEO of Mail-Filters.com. "Internet mail was created at a time when people were collaborating in the early stages on the Internet so there were no security mechanisms really put into Internet mail and consequently it's very easy to forge who you are when you send mail."
"Everyone's vulnerable," he added.
So how can you protect yourself and your email account? Westbrook said there are a few simple tricks.
Don't unsubscribe from anything. That lets spammers know they have a valid email address. Don't open Web-based emails, as it also alerts spammers to a valid address. And of course, keep your email address off websites.
For Long, who has spent two months and countless hours on the phone trying to track down the spammers who took his email and made it their own, the hunt has become more than personal. It's financial.
"It's wrong, what they're doing, and they need to be held accountable," Long said. "I don't represent them, I don't want my name associated with them, and I don't want to support their business unless I'm reimbursed."