How DO Spammers Get Your Email Address?


How DO Spammers Get Your Email Address?

 by: Rosalind Gardner

As much as I try to stem the seemingly endless flow of spam, the crap just keeps arriving my Inbox.

For example, this week I received "New affiliate programs from 2004-02-10 to 2004-02-14 :: Subscription from http://WeAreBlahBlahBlah.net".

I'd never heard of WeAreBlahBlahBlah.net, let alone subscribed to the newsletter. But the address used explained exactly how the spammer reached me.

I've set up numerous 'special' addresses for customers, affiliates, subscribers, merchant partners and others.

For example, if I join XYZ's affiliate program, I might set up XYZ@rosalinds.com and give that address to them to contact me. If I suddenly start to receive spam at that address, then I know EXACTLY who the 'leaky' culprit is.

Here are other ways spammers get your address.

Web Pages

Spammers use scavenger bots, programs that 'harvest' email addresses contained in "mailto:" HTML tags. Those are clickable email links that open your email program with the address already placed in the "To" field.

Web Forms

Some sites request various details via forms, e.g. guest books & registration forms. Spammers get email addresses from these because the form is publicly available on the web, or because the webmaster sells the list.

Paper (Offline) Forms

Some companies sell lists of addresses obtained from convention participants or contest entrants.

Whois Searches

Unless the domain registrant has paid an additional fee to make their registration private, a simple Whois lookup reveals the registrant's address.

Although most registrars have enhanced the security of their WHOIS databases, by requiring a special code be entered before information is displayed, many spammers take the time and trouble to grab addresses this way.

>From Web Browsers

Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it.

Chat Rooms

This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses.

Sending Test Messages

Have you ever sent a message to an invalid address? You get an 'undeliverable' or 'failure' notice back.

Some spammers use this to guess email addresses by sending test messages to a list of made-up or guessed addresses. They know they've got good addresses for those that did not result in failure messages.

Online Yellow Pages

What could be more alluring to a spammer than a directory of names and email addresses filed by category?

Chain Letters

These are ingenious. I tell five friends, and my friends each tell five of their friends, and so on and so forth. The email addresses all build up in the cc field and are a spammers delight.

Buying Lists

Spammers buy lists of email addresses usually passed off as those belonging to people who opted-in to to obtain information in a specific category.

Let's put spammers out of business.

An ounce of prevention is worth a pound of cure. Use 'throw-away' addresses whenever you're not sure of the source, and don't sign up unless there are clear 'Privacy' statements on the site.

If worse comes to worse, and you're fighting your way through a mountain of spam, install anti-spam software on your computer.

© Copyright Rosalind Gardner, All Rights Reserved.