Is Your Email Address Visible to Spammers?

Category: Email , Spam

Spammers seem to have supernatural powers that enable them to guess your email addresses accurately and quickly. But in reality, spammers harvest email addresses by pretty mundane means. You may even be contributing to the problem without realizing it. Here's the scoop on how spammers get email addresses, and steps you can take to protect your inbox...

How Do Spammers Get Your Email Address?

It can be maddening when your email inbox gets a fresh load of spam dumped into it. Equally frustrating is when spammers spoof your address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get ahold of your email address can help to prevent both of these problems.

Using web-crawling "spider" programs (not unlike the ones Google uses to index Web pages) spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being bitten by a spider, don't put your email address on the Web. That means not posting it to online forums or personal web pages. If it's included in online directories (school, work, clubs, etc.) ask to have it removed.

Do a Google search to see where your email address is available, and work towards becoming invisible. (Tip: enter your email address in the Google search box enclosed in quotes.) If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at blow dot com" instead, or create an image with the address instead.

How Do Spammers Get My Email Address?

"Dictionary attacks" are another standard way to collect email addresses. Spammers generate emails to made-up addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam.

You can make it harder for a dictionary attacker to guess your address by NOT choosing any combination of dictionary words, common first or last names, and a string of numbers. If your email address is or I can guarantee that you'll get loads of spam, no matter how careful you are. Those addresses are just easy targets, because they're so easy to guess.

Margaritaville? Huh?

See my related article Fight Spam With a Disposable Email Address for more tips on how to protect your inbox.

With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own damn fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address.

And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address book are vulnerable to spam attacks as well. See my article Is Your Password Hacker Proof? for help picking a secure password.

I'm pretty sure that email "forwards" play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. For a while, I wasn't sure how this worked, because I didn't see an easy mechanism for those bloated messages to wind up in the hands of the the spammer. But then I realized that if even one of those recipients had their email hacked (or computer compromised by malware), the entire trove or addresses would be vulnerable.

This may or may not be a major source of email address harvesting, but at the very least, you must agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring money? Really?? If you're tempted to forward something that seems dubious, check it out on before hitting the Send button. If you don't trust Snopes, use another myth-busting site such as Hoax-Slayer or TruthOrFiction.

Along those lines, I cringe whenever I get an email that includes my address, along with dozens of others, in the TO: or CC: line. It's especially irksome when they come from businesses who should know better. In addition to revealing their customer/contact lists to everyone else in the distribution list, it's really bad form.

Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. In December 2016, Yahoo confessed that over one BILLION of its users’ accounts had been hacked three years prior. Target, Chase Bank, American Express, Home Depot, Apple, Sony and other large companies have reported hacks in the past 2 years, resulting in many millions of accounts being compromised.

The Big Kahuna of Data Breaches was reported in September 2017. The Equifax hack was especially damaging, because it revealed names, addresses, Social Security Numbers, birth dates, driver’s license data, credit card numbers, and email addresses. By combining all of that data, Bad Guys can create much more sophisticated and compelling email scams. There's not much you can do to prevent this, except hope that the companies you do business with have good security protocols in place, and cast a wary eye on everything that lands in your email inbox.

Spammers also trade in lists of email addresses. A list of a million addresses goes for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses.

Your supposedly legitimate business associates (or any website where you hand out your email address) may be selling you out to spammers, though they may think of the spammers as "trusted partners." Before signing up to any mailing list, make sure you know what the email privacy policy is. Opt out of allowing your email address to be shared with third parties for any reason, if possible.

It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But think before you give your email address to any website. The fewer entities that have your email address, the less spam you will receive. Keeping your own computer secured, and encouraging your friends and family to do likewise will also help.

Got any additional tips for keeping your email address safe? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 13 Feb 2018

For Fun: Buy Bob a Snickers.

Prev Article:
Earth to Opera... The Browser War is Over (and you lost)

The Top Twenty
Next Article:
Geekly Update - 14 Feb 2018

Most recent comments on "Is Your Email Address Visible to Spammers?"

Posted by:

Dr. Sheldon Cooper
13 Feb 2018

Another Margaritaville must be a Parrothead Bob! Fins Up! (or PHinz Up!)

Posted by:

13 Feb 2018

If you remember correctly, you put my email address in one of your posts! At this point, it is kind of hard for me to become invisible.

EDITOR'S NOTE: With your permission, and without the "@" sign. :-)

Posted by:

13 Feb 2018

Gmail has the bad feature of telling spammers that their guessed names for gmail actually exist.

If you mail to a bad gmail address, it returns a "not found" message.
If you mail to a legitimate gmail address, it delivers the mail and by not sending a bounce message, lets the spammers know they have a real address.

I happen to have a gmail address that was used about 11 years ago for a very short time, that spammers have recently discovered. It actually is my email account but I use a different address that forwards to it. It is presently getting about 500 spam a month addressed to it.

It would be useful if Google would allow an option in their filtering to send "no such address" bounces based on the filtering.

EDITOR'S NOTE: Those bounce messages are not specific to Gmail. They are sent by all ISPs, and in a standard form dictated by Internet protocols. (See RFC 5321, for example.

Posted by:

13 Feb 2018

I have 4 email accounts; 3 with my ISP, and one with Microsoft. I can't remember when I have received spam through my ISP accounts. After MS made some changes 2-3 years ago, I began receiving multiple spam messages regularly:20-40 a day. They decreased significantly a couple of months ago, but they are climbing again. The subject lines are a dead give away. When I complained, they wanted "examples." Really?? "Hot(insert any country)woman looking for(insert anything)." MS spam filters are useless.
I also receive legitimate emails from people with announcements of activities we are involved in; but the majority of senders put all of the addresses in the "TO" line, not the "BCC." I have tried to explain this but it falls on deaf ears
since they consider themselves to be "computer literate." I make it a habit to send all emails to myself and to put any recipients in the BCC, even when sending to only one person. I know that at least the email went through to me! To do it that way all of the time makes it less likely for me to forget.
I tried to post this by removing the "@" from my address and replacing it with "at." But you won't let me.

Posted by:

Dave H.
13 Feb 2018

I googled my e-mail address and it returned a site called "". Sure enough, I was in that HUGE list. At the top of the page was this notice: "You can remove your email now:" with a box to enter your e-mail address. I tried and I got a pop-up message that said "You enter email invalid. Please enter it again." (Yes, that was the exact wording.) I tried again, making sure I typed it correctly, and got the same pop-up. I was in a private (i.e., anonymous) browser window, so I hope I didn't just make things worse. (I get a moderate amount of junk mail already but Hotmail does a pretty good job of filtering it, so I'm not too concerned.)

Posted by:

Mark H.
13 Feb 2018

I don't use Gmail at all. And I don't see a lot of spam messages showing up in my junk mail folder, maybe 1 to 3 a day. I just empty the folder without reading the messages. Once in a while a spam message shows up in my inbox. I mark it as junk and that's it. I don't have any social media accounts, as well. Guess staying away from the herd helps.

Posted by:

13 Feb 2018

I have multiple email accounts (19 at the moment) with different providers, used for different things, or as backups. I get more spam at Yahoo! (yes, still using it!) than all the others combined, but Yahoo! does a much better job of assigning it to the Spam folder. Gmail, Outlook, and AOL (yes, good old AOL) get less spam but seem quite shaky as to what is or isn't spam. (I have to check the Spam folder carefully, then delete a great deal of what's in my Inbox, especially with AOL.)

Posted by:

Kenneth Heikkila
13 Feb 2018

Gmail catches 99.9% of my spam plus some legit email offers that I would just as soon not see and the very rare email that I might want to read. The last are always from friends who CC a list of people.
Even so there aren't an excessive amount of emails in my spam folder like people above say they get.

My email address is also available at, emaildatalist and on multiple lists.....Oh well.

I figure if I waste a lot of time trying to fool them, they win. Good internet security is all I am willing to do and I pay for that.

Posted by:

13 Feb 2018

Thank you for all you do to educate us, Mr. Rankin.
I think what I am hearing you say is that it is NOT okay to have bad-actors get a hold of our email addresses.
Unfortunately, some consider google to be part of that bad-actors' guild: I am having a bit of problem with your "Tip: enter your email address in the Google search box enclosed in quotes." Doesn't google already have enough giga-metadata w/o us voluntarily handing over yet another piece of private data to google by following your tip?

EDITOR'S NOTE: I don't think entering your email address in a Google search tells Google anything interesting. You could be searching for someone else's email address.

Posted by:

13 Feb 2018

Good article, Bob. We ALL need to be reminded or taught the issues with our email addresses.

Yes, I have had spammers use my email address, in the past and what a mess it was to tell all of my family and friends that it wasn't me sending out all of the emails. However, it has been a long time since that has happened to me. I started having Anti-Virus programs, AVG, Avast, Zone Alarm and now Bitdefender who check all of my emails for a variety of issues, before I get them. My ISP Server also checks all of the emails for a variety of issues.

I also use an independent email program, Thunderbird, which is so much better to use than Outlook, with many of the same options. I prefer to not use a Web email program. Yes, I do have a Gmail account. . .To do some things on the Internet you need to have one. However, I mainly use my ISP Server's email addresses. It is solid now, even though it is an AT&T server. I really think I haven't had any real problems with my email, is due to having an "older" email address and that ISP Server is no longer in existence.

We also must remember that our ISP Server will "sell" our email addresses! Sorry, but that is the real truth. It is no different than your Private Telephone Number being "sold", as well. It happens and happens all the time!

What I try to do is use my Ad-blocker, my Anti-Virus/Malware programs, my "listening and responding" to the warnings of these programs while I am on the Internet and my own good common sense to protect me, as much as possible.

I am not really sure we can ever eliminate Spammers, since we haven't so far. What we can do is use resources available to us, meaning Anti-Virus/Malware programs, Ad-blockers, respecting your protection programs by responding, to what they are warning you about and "tighten" up the Firewall that you are using!

Tightening the Firewall that you are using, be it your ISP's router, your own router or Windows Defender's Firewall can and will make a BIG difference in most of your activities and what happens to you and your email. Please, don't blow off this suggestion. . .I can attest that I have had little issues with Spammers or Hackers or Viruses or Malware when my Firewall has been "tightened" up. "Tightening up" your Firewall means closing all of your ports, so Spammers, Hackers and Crackers can't find you easily.

To check your Firewall protection. . .Please go to Steve Gibson is a highly respected computer genius, in my opinion. Bob has referred to Gibson throughout his newsletters/blogs, when Gibson has the "testing" or program needed. At Gibson's website look for the Shield'sUp!! test, do the testing and when it is done, you will know if you are "Stealth" or not. If you are not "Stealth" the test will show you were you "open port(s)" are, so you can close them.

I still go to, Gibson's website to test my Internet Router for being Stealth or not. I have used it for years and trust it completely. By the way Gibson's SpinRite is highly recommended when you need to recover data from a hard drive, when it is not working right or possibly has died.

Posted by:

13 Feb 2018

the only one I consistently get is Canadian pharmacy
every time I block them they change the sender name

Posted by:

toip squirrel
14 Feb 2018

There is one email box I use only to receive. Never sent anything out of it and the user name would be impossible to guess (willing to send it to Bob and he can authenticate that). I would use this box only to a person I know who would not be offended by the sacreligious reference. Yet I do get some spam in that box. Not much, but some. How come?
The spam I get in my main email box (Yahoo) is 99% of the sexual come-on variety. (I suppose I should feel neglected by those Nigerian princes!) How they know I'm male and straight I have no idea; not even Yahoo knows my name. There was a time I used to try to unsubscribe by return email, but it always gets bounced back and I will not click on a link.
I could get 25 sexual come-ons a day, using maybe half a dozen forms. So many different named women asking using identical text why I don't answer their pleas for sex! That they saw my picture in Facebook and I'm cute (I have no social media accounts). And why is there one woman's first name before the user name, and the user name carries a different female name! Someone may be trying to two-time me! The perils of popularity!

And I have never visited a p*rn site.

Posted by:

14 Feb 2018 is actually a cat lady who lives/works out of a basement.

Posted by:

14 Feb 2018

My search shows 2 references to my GMail address (some old technical comments) and none to my own domain addresses.

I always read my emails in plain text to avoid nasties and I can see links for what they are. The nasties include viruses, macros etc but also images and links that include some identifying information linked to your address. Simply reading the email and getting the image lets the sender know they have a valid address and someone has opened it.

Posted by:

14 Apr 2018

I too have an email on that can be publically found. How are you supposed to remove it? According to their site the only way to remove it is to email them... which surely is validating that the email is live?

Posted by:

07 Nov 2018

(Hesitant that I have to give my email without being able to sub the @ for "at" especially after reading this specific article)

I am also in the process of trying to "scrub" my email address from the web and am listed on along with other generic email list websites of the same caliber. What is the solution for this?

I agree with the previous poster that confirming my email address on the site to have it removed seems like the lowest hanging fruit for scammers to verify it's validity.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy

Article information: AskBobRankin -- Is Your Email Address Visible to Spammers? (Posted: 13 Feb 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved