How Do Spammers Get Your Email Address?

Category: Spam

Spammers seem to have supernatural powers that enable them to guess email addresses accurately and quickly. But in reality, spammers harvest email addresses by pretty mundane means. You may even be contributing to the problem without realizing it. Here's the scoop on how spammers get email addresses, and steps you can take to protect your inbox...

Is Your Email Address Vulnerable to Spammers?

It can be maddening when your email inbox gets a fresh load of spam dumped into it. Equally frustrating is when spammers spoof your address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get ahold of your email address can help to prevent both of these problems.

Using web-crawling "spider" programs (not unlike the ones Google uses to index Web pages) spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being bitten by a spider, don't put your email address on the Web. That means not posting it to online forums or personal web pages. If it's included in online directories (school, work, clubs, etc.) ask to have it removed.

Do a Google search to see where your email address is available, and work towards becoming invisible. (Tip: enter your email address in the Google search box enclosed in quotes.) If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at blow dot com" instead, or create an image with the address instead.

How Do Spammers Get My Email Address?

"Dictionary attacks" are another standard way to collect email addresses. Spammers generate emails to made-up addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam.

You can make it harder for a dictionary attacker to guess your address by NOT choosing any combination of dictionary words, common first or last names, and a string of numbers. If your email address is or I can guarantee that you'll get loads of spam, no matter how careful you are. Those addresses are just easy targets, because they're so easy to guess.

Margaritaville? Huh?

See my related article Fight Spam With a Disposable Email Address for more tips on how to protect your inbox.

With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own damn fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address.

And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address book are vulnerable to spam attacks as well. See my article Is Your Password Hacker Proof? for help picking a secure password.

Some people believe that email forwards play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. I'm not so sure this actually works, because there's no easy mechanism for the bloated messages to return to the spammer. But I will certainly agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring money? Really?? If you're tempted to forward something that seems dubious, check it out on before hitting the Send button.

Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. In December 2016, Yahoo confessed that over one BILLION of its users’ accounts had been hacked three years prior. Target, Chase Bank, American Express, Home Depot, Apple, Sony and other large companies have reported hacks in the past 2 years, resulting in many millions of accounts being compromised. There's not much you can do to prevent this, except hope that the companies you do business with have good security protocols in place.

Spammers also trade in lists of email addresses. A list of a million addresses goes for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses.

Your supposedly legitimate business associates (or any website where you hand out your email address) may be selling you out to spammers, though they may think of the spammers as "trusted partners." Before signing up to any mailing list, make sure you know what the email privacy policy is. Opt out of allowing your email address to be shared with third parties for any reason, if possible.

It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But think before you give your email address to any website. The fewer entities that have your email address, the less spam you will receive. Keeping your own computer secured, and encouraging your friends and family to do likewise will also help.

Got any additional tips for keeping your email address safe? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 2 Mar 2017

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update 02 26 17

The Top Twenty
Next Article:
Do You Need a PUP Cleaner?

Most recent comments on "How Do Spammers Get Your Email Address?"

Posted by:

02 Mar 2017

You're caught up in the internet
You think it's such a great asset
But you're wrong wrong wrong
All that fibre optic gear still cannot take away the fear
Like an island song

Banana Wind by Jimmy Buffett (who I believe will accept your apology Bob) :-)

Posted by:

02 Mar 2017

Just to stay mellow, when I do type my email address in a forum post, it's something dot "calm".

Posted by:

02 Mar 2017

In the context of your post, I wonder about "Linkdin." I get an email saying my friend Rob Brankin invited me to join Linkdin. I ask my friend Rob, and he doesn't even know what I am talking about. Is this site simply harvesting contacts or is it legitimate?

EDITOR'S NOTE: Is this real or hypothetical? And are you asking about the legitimacy of LinkedIn or

Posted by:

02 Mar 2017

My jaw is on the floor.
I just searched for my email address on Google. There was only one file I found - my email address was on a txt file of thousands of email addresses WITH passwords! Thankfully, I changed my password long ago but that still shocked me. I did a quick check on other people's email addresses that I know too.

Posted by:

02 Mar 2017

I wouldn't trust Snopes on the color of grass. Here's an even-handed article from Forbes about the problems with Snopes:

There's plenty of additional info available. Just Google "snopes bias".

Posted by:

Dave H.
02 Mar 2017

There used to be a site called to "fight" spam - does this site still do any good or are there other sites that might fight back against spam?

Posted by:

Stuart Berg
02 Mar 2017

@Dave H.
The website I like to use to fight spam is KnujOn (which backwards spells "No Junk"). Their URL is . I send them all my spam from which they:
"KnujOn builds profiles of online criminal groups, evaluates the quality of Registrars and Internet Service Providers, issues WHOIS challenges, documents policy failures, develops policy initiatives, tests compliance mechanisms, issues reports to law enforcement, and educates the public about complex Internet security issues."

I use an automated system to send them my spam called "gknujon" (which only works for GMAIL email addresses). It can be downloaded here:

Posted by:

02 Mar 2017

Bob, won't doing a "Google search to see where your email address is available" actually PUT your address on the web? - contrary to the whole point of finding out where it's located. I'm thinking that Google, at least, keeps track (stores?) all searches - which makes them "hackable".

EDITOR'S NOTE: If your Google search history is hackable, then it wouldn't matter much that your email address was made known to third parties.

Posted by:

02 Mar 2017

Hi Bob I found one of my email addresses on this site but Whoois gives the following:

Registry Domain ID: 2075778846_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL: [link removed] Date: 2016-11-21T19:07:20Z
Creation Date: 2016-11-21T19:07:20Z
Registrar Registration Expiration Date: 2017-11-21T19:07:20Z
Registrar:, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited [link removed] Status: clientUpdateProhibited [link removed] Status: clientRenewProhibited [link removed] Status: clientDeleteProhibited [link removed] Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street:
Registrant Street: 14455 N. Hayden Road
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:

I can't find out how to remove my entry.
Any help would be appreciated.

Posted by:

Bill Prater
02 Mar 2017

Why would you advise anyone to use "Snopes",the leftover commie/muslim arm of the barack hussein dictatorship?

Posted by:

03 Mar 2017

I had a financial advisor send a email with all his clients in the "To:" line. While I agree that a spammer might find it hard to get the email itself, all it takes is for one of those people to have a compromised computer, and now everyone whose address was on that email is on the list. Also a pet peeve of mine with family members that forward internet crap to everyone in their address book without using BCC:

Posted by:

03 Mar 2017

Great article, Bob! I pretty much follow those basic principals all of the time.
I currently have 3 satellite email addresses forwarding to my primary email and I get maybe 4-6 spam mails in a month.
I look through my spam mail occasionally to see if anything legit slipped through before deleting it all.

Posted by:

04 Mar 2017

I was disturbed to read about Snopes as I use them regularly. I read the Forbes article and it was disturbing yet interestingly the author of the article seemed biased against them himself. Here is an article from which tries to demonstrate that although there may be biases in Snopes, it is the least biased fact checker available.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.

Article information: AskBobRankin -- How Do Spammers Get Your Email Address? (Posted: 2 Mar 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved