If you are anything like me, you’ve noticed that you are getting a lot of spam lately. How the heck do these spamming jerks get our email addresses anyway?
Websites – There are quite a few inexpensive programs (usually less than a hundred bucks) which automatically scan websites for any email addresses. These are called email spiders, and they are becoming very, very aggressive. If, like many people, you have your email address coded into your website (using a “mailto:” link), then the spiders can pluck it right off your own pages.
To prevent this, it’s wise to simply not include your email address anywhere on any website. If you must post an email address, be sure it’s not your primary address (in fact, a throw-away free email address is perfect for this purpose). If you must post your real address, you can hide it by using forms or by placing the email address in a graphic image).
Guestbooks – Likewise, if you’ve signed guestbooks, then the same email spiders can get your address from them. Many spammers specifically program their harvesters to look for email address-rich guestbooks.
It’s a fantastic idea to use one of those free email accounts for your guestbook signing.
Signing up for free stuff – Perhaps you like to sign up for free stuff or newsletters? If so, it’s likely that at least one of them either was a spammer, or sold your email address to one. Again, it’s a great idea to use one of those free email accounts to sign up for newsletters and free stuff.
Guessing – It’s also possible the spammers just made a good guess at your email address. I mean, if your name is “John Smith” and your email address is “” then it’s easy for them to figure out. The new .NAME domain name makes this even simpler – the format is merely “first.last.name” for the website and “” for the email address.
Replying to spam – You may have made the mistake of replying to spam sometime in the past. Why is this a mistake? Because when spammers send you a message they think they have a good email address – once you reply they know they got a good one without a doubt.
Email messages – A friend of yours may have sent an email to a list using “cc:” instead of “bcc:”. This basically hands all of the email addresses in the “cc:” to everyone on the list. To prevent this, you need to educate your friends on the use of “Bcc:”.
Internet listings – You may be listed in one or more of the various internet white or yellow pages. It’s a good idea to check these once in a while and delete your email address when you find it.
Newsgroups – If you’ve posted to newsgroups with your real email address, then you’ve simply given it away. This is one of the spammers favorite places to get new email addresses. What they do is harvest email addresses by the thousands using automated software especially designed for this purpose. To make it even worse, newsgroup postings are available forever (especially now that they are supported by Google), which means even one posting leaves your address exposed to the world.
Domain Name Registration information – It’s a legal requirement that all domain names have valid contact information. In addition, this information is freely available to anyone, in the same way that land ownership records are publicly available at the local city hall. Spammers (and the domain registrars are often guilty of this sin) will interrogate the WHOIS databases for these email addresses.
Mail Servers – Some mail servers allow people to request a list of all of the email addresses for a particular list. This is a normal function which allows administrators to back up the list and to find out who has subscribed. However, poorly configured lists allow these addresses to be returned with minimal security. Some spammers know this and will regularly test lists to see if they can get the addresses.
Mail Server Lists – These days this is more uncommon, but sometimes spammers will get the names of mailing lists and just send their spam to the lists, allowing the list server to send it to everyone on the list. Most lists will not allow non-subscribers to send emails (although some very poorly configured ones will), but subscribers are a different issue. Good moderation can prevent this from occurring, or at least reduce it’s frequency.
It is inevitable that you will receive some spam. However, with a few precautions you can reduce it to a nuisance instead of a major chore. Learn to treat your primary email address as a valuable commodity and you will be getting off to a good start.
Social Medial Profiles – A rich source of email addresses is from social media profiles. These are very easy to access and it’s extremely common for spammers to attempt to do so.
Message Board Profiles – Be careful when entering your email address on message boards, especially in the profile. These can be retrieved by email harvesting programs. If you must include a publicly available email address, then either use a filtered account (such as spamcop.net) or a throw-away free email account.
IRC and chat rooms – It’s pretty straightforward for spammers to harvest email addresses from IRC (a form of chat room) and AOL chat rooms. Use throw-away email addresses for use only when chatting – never use your primary email address.
Previous owner of domain – If you purchase a domain that’s been previously used, you also inherit any spam that might be emailed to that domain. In fact, occasionally domain names are abandoned because the volume of email is so huge that it cannot be sustained by a server.
Previous owner of an email address – If you happen to create an email account which matches a previous email account name, you will inherit any spam that’s being sent to that address.
Paper forms – Don’t forget the value of paper. It’s not unheard of for a spammer to grab a printed copy of a mailing list off someone’s desk, then type that list into a computer.
Purchasing Lists – Email lists can be purchased from a person or company. In fact, it’s possible to make quite a bit of money selling a list to a spammer, especially of those members of a list are known to have purchased something in the past.
By hacking into a system – It’s reported in the news occasionally that some database has been stolen. Usually this involves credit card information, but oftentimes the email database is stolen as well. These databases may be sold to spammers upon occasion.
Social Engineering – This occurs when someone convinces another person or company to give them an email address. This might be the result of a chain letter or some offer via email (for something free), or some other innocent-sounding scheme.