How Spammers Get Your Email Address

Category: Spam

Spammers seem to have supernatural powers that enable them to guess email addresses accurately and quickly. But in reality, spammers harvest email addresses by pretty mundane means. You may even be contributing to the problem without realizing it. Here's the scoop on how spammers get email addresses, and steps you can take to protect your inbox...

Is Your Email Address Vulnerable to Spammers?

It can be maddening when your email inbox gets a fresh load of spam dumped into it. Equally frustrating is when spammers spoof your address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get ahold of your email address can help to prevent both of these problems.

Using web-crawling "spider" programs (not unlike the ones Google uses to index Web pages) spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being bitten by a spider, don't put your email address on the Web. That means not posting it to online forums or personal web pages. If it's included in online directories (school, work, clubs, etc.) ask to have it removed.

Scan the web with a Google search to see where your email address is available, and work towards becoming invisible. If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at blow dot com" instead, or create an image with the address instead.
How Do Spammers Get My Email Address?

"Dictionary attacks" are another standard way to collect email addresses. Spammers generate emails to made-up addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam.

You can make it harder for a dictionary attacker to guess your address by NOT choosing any combination of dictionary words, common first or last names, and a string of numbers. If your email address is or I can guarantee that you'll get loads of spam, no matter how careful you are. Those addresses are just easy targets, because they're so easy to guess.

Margaritaville? Huh?

See my related article Fight Spam With a Disposable Email Address for more tips on how to protect your inbox.

With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own damn fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address.

And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address book are vulnerable to spam attacks as well. See my article Is Your Password Hacker Proof? for help picking a secure password.

Some people believe that email forwards play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. I'm not so sure this actually works, because there's no easy mechanism for the bloated messages to return to the spammer. But I will certainly agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring money? Really?? If you're tempted to forward something that seems dubious, check it out on before hitting the Send button.

Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. Not long ago, Chase Bank was hacked, and 76 million customer email addresses were exposed. It seems every month another massive data breach makes news, affecting millions of consumers. There's not much you can do to prevent this, except hope that the companies you do business with have good security protocols in place.

Spammers also trade in lists of email addresses. A list of a million addresses goes for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses.

Your supposedly legitimate business associates (or any website where you hand out your email address) may be selling you out to spammers, though they may think of the spammers as "trusted partners." Before signing up to any mailing list, make sure you know what the email privacy policy is. Opt out of allowing your email address to be shared with third parties for any reason, if possible.

It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But think before you give your email address to any website. The fewer entities that have your email address, the less spam you will receive. Keeping your own computer secured, and encouraging your friends and family to do likewise will also help.

Got any additional tips for keeping your email address safe? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 13 Oct 2014

For Fun: Buy Bob a Snickers.

Prev Article:
Get Organized With Evernote or OneNote

The Top Twenty
Next Article:
Good News: Windows 10 is Coming!

Most recent comments on "How Spammers Get Your Email Address"

Posted by:

13 Oct 2014

I know spam is irritating, especially if it is trying to sell you erection enhancements and you are a female! But it is just so easy to deal with them: both your email provider and your email client have safe senders lists and will put all mail that is NOT from one of your safe senders into a spam folder. Then all you have to do is scan through them quickly and if you don't spot any that are probably not spam, select all and delete them! It really is that quick and simple.

Posted by:

13 Oct 2014 now, you can set up your account so only people on your contacts list can email you except you will receive an email from time to time from MSN. That seems to solve the spamming problem.

Posted by:

13 Oct 2014

I followed your suggestion and googled my email address but it only came up with offers like Spokeo's to show (for a fee) my profiles etc., if I put my address into their search box. No other of some 100 google search results revealed my one address that, of course, does get a tolerable amount of spam after using it for 15+ years to register for various websites, mailing lists or give to less saavy friends who send out bulk emails to many at once without Bcc-ing them. I would say, also, that this specific email has been spoofed only 2-3 times over that entire period.

Posted by:

top squirrel
13 Oct 2014

Many instances of spam I receive say that if I want off their list, I should click to this site and enter the address I want off their list on the provided form. I figure they already have my email address so nothing lost, even when my posting such requests has no effect.
I use the local library's computer to send such opt-outs. They wipe it clean every day.
I figure my sending them an opt-out doesn't give them anything new. They knew my email is valid since it isn't bounced back to them. And it does nothing for them to retain an address of somebody who won't buy into or use anything they offer.
I send an opt-out whenever they offer to remove the email of one who sends such an opt-out.
Is there a better way to handle spam-mail?

Posted by:

Dave S
13 Oct 2014

This is interesting and also why I just created a NEW email address and I use Abine's (I think that's the company) "Mask Me" program to create alias emails that I use for all online activity. If I start getting spam I delete that alias email.

It's been working pretty well so far.

Posted by:

sandy sutherland
13 Oct 2014

Margaritaville last thing before text goes into a long text box....

Posted by:

Clive Hawes
13 Oct 2014

I use Mailwasher. This is from (w etc) firetrust dot com.
There is a free version and it provides a list of the Inbox contents before downloading. It's possible to preview any item, and select Delete or Bounce (or both).

Posted by:

Jim Lewis
15 Oct 2014

Your article tells me to: "Scan the web with a Google search to see where your email address is available" but does not tell me HOW to do that.


Posted by:

25 Oct 2014

Jim Lewis--

Just type your email address into the search box.

Posted by:

02 Nov 2014

Verizon must have the worst spam detector. After it catchers a few pieces of spam, my Mozilla Thunderbird program traps roughly another 100 pieces per day from my 3 addresses.

Posted by:

03 Nov 2014

"If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at blow dot com" instead, or create an image with the address instead."

Way back in 2006, I devised a way to show one's email address on a website, without making it available to spambots. The two methods you mention in the quote above do no fool robots, who know both of these tricks, and have ways around them. My method requires a bit of programming knowledge, but if you are familiar with HTML, or if your website has a knowledgable webmaster, it's easy to apply.

EDITOR'S NOTE: A clever approach, but what stops the robots from reading your snippets.js file?

Posted by:

03 Nov 2014

I just tried a search on my own email address and got zero result. The last strange spam event I experienced was a friend received a spam message from my FB account allegedly sent from an iPhone. I have no iPhone, and the phone I do have is never allowed access to any data service. A check of my FB account showed no log-in or access from any other PC than my normal one, and no record of the message having been sent.

Posted by:

04 Nov 2014

In response to the "EDITOR'S NOTE: A clever approach, but what stops the robots from reading your snippets.js file?"

How are they going to find it? Robots won't even know that it's supposed to be there. A human could find it easily, but spammers don't work that way - it wouldn't be economically worthwhile.

Even if they found it, they aren't going to write more code just so their robot can find the email addresses of the few people who are using my program!

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.

Article information: AskBobRankin -- How Spammers Get Your Email Address (Posted: 13 Oct 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved