what to do about joe-jobs?

badkarma2 at canada.com badkarma2 at canada.com
Thu Sep 25 00:32:49 UTC 2003


>Speaking of joe-jobs, what's the "proper" proceedure
for >dealing with such?  The company I work for is
currently >undergoing an admitedly minor joe-job.
(about 300 or so >bounces that I've seen since mid last
week or so.)
>
>Any suggestions for dealing with this?

What domains are you seeing the joe-jobs from? We see
alot of joe jobbing attacks from the large webmail
providers eg. yahoo.com, hotmail.com, aol.com,
netscape.net, etc. A promising response that we've been
following is Sender Permitted From http://spf.pobox.com
. It's basically a reverse RBL. The owner of a domain
identifies ip's that are allowed to send mail for that
domain in a TXT DNS record. The rest are tagged with a
wildcard deny or probably softdeny initially. If
yahoo.com, hotmail.com etc alone just added the DNS
records, we'd all be able to identify joe-jobbers of
these domains. It won't help their own spam situation
but it'd help our massive attacks of spoofed email.
Spammers seem to use these big providers since blocking
all of hotmail.com or yahoo.com is tough for other
providers.



More information about the NANOG mailing list