Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


What's a "joe job" and why are spammers using my domain?

In the past 3 days I've received dozens of returned e-mails that appear to be sent by my domain name but that are not valid email addresses. For example I received a returned e-mail today that was "sent" from nvsnx@mydomainname.com but there is no user "nvsnx". Where did this come from, how do I stop it, and what risk am I at from this happening?


Dave's Answer:

You're a victim of what the spyware / spam community calls a joe job, a deliberate effort to send out spam or other email (often viruses or spyware) masquerading as part of your domain or even as you, rather than having the sender be their own account.

Unfortunately, there's really not much you can do about this sort of problem, though it's definitely important to check and ensure that you don't have an open mail relay or otherwise aren't actually hosting the spam messages being sent out: if your system is compromised, spam being sent might be the least of your problems!

Here's information on how to test for an open relay: quick check for an open mail relay.

If you do find that your site is open or, upon investigation, has been hacked, then I suggest the following sequence of events (and yes, they're painful):

  1. Pull your server off the net completely.
  2. Do a full backup
  3. Reinstall the operating system and all important software (including Web server, common CGI scripts, the SQL database system, etc).
  4. Check your FTP archives to ensure that you aren't inadvertently hosting any porn or warez.
  5. Get help so you can identify how they came in (was it a bad password, a social engineering hack, a known exploit you didn't patch, a poorly written script, or what?) and fix it.
  6. Come back online and carefully monitor attempts to connect to your telnet, ssh and ftp ports.

If you're clean, you're not an open relay and your system hasn't been compromised, then all you can do when you're the victim of a "joe job" is to just wait it out and apologize (and explain) if you get any grumbly email from victims. You can point them to the following Wikipedia page to explain what's happening:

    http://en.wikipedia.org/wiki/Joe_job

Good luck! This is a very frustrating experience, I know.


More Useful Computer and Internet Basics Articles:
✔   How do I blur my house on Google Maps Street View?
I was poking around on Google Maps looking at satellite views of my neighborhood and when I switched to street view, was upset...
✔   Create a custom vanity URL for Kickstarter?
I was reading some updates on Twitter and saw someone had posted a URL that would let me see what projects they'd backed...
✔   Export or Save Subscription List from Google Reader?
Just heard that Google Reader is going away this summer. That stinks! How am I supposed to read my RSS feeds? More importantly,...
✔   Shrink or Reduce a Photo File Size on Mac?
I'm trying to upload some photos to a social media site and it's complaining that they're too big. They are, as they come...
✔   Can I organize my Yahoo Mail with folders?
I've been on Yahoo Mail for years and while most of my friends are now on Gmail or their own Web-based email programs,...

Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  





Categorized: Computer and Internet Basics   (Article 6920, Written by )
Tagged: hacks, spam, spammers, spyware, system security, viruses
Previous: Can I automatically ping Google Blogsearch?
Next: How do I speed up my Windows XP startup?




Reader Comments To Date:

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
Rather amazingly, there are no comments on this article yet.

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Look for Answers
Need Help? Ask Dave Taylor!


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.