Spammer Got Your Email Address? (here's how...)

Category: Spam

Spammers and scammers appear to have supernatural powers that enable them to guess email addresses accurately and quickly. But in reality, the bad guys harvest email addresses by pretty mundane means. YOU may even be contributing to the problem without realizing it. Here's the scoop on how spammers get ahold of your email addresses, and steps you can take to protect your inbox...

Is Your Email Address Vulnerable to Spammers?

It can be maddening when your email inbox gets a fresh load of spam dumped into it. Equally frustrating is when spammers spoof your address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get your email address can help to prevent both of these problems.

Using web-crawling "spider" programs (not unlike the ones Google uses to index Web pages) spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being "bitten" by an email harvesting spider, don't put your email address on public spaces on the Web. That means not posting it to online forums or personal web pages. If it's included in online directories (school, work, clubs, etc.) ask to have it removed.

Do a Google search to see where your email address is available, and work towards becoming invisible. (Tip: enter your email address in the Google search box enclosed in double quotes.) If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at blow dot com" instead, or create an image with the address instead.

How Do Spammers Get My Email Address?

"Dictionary attacks" are another standard way to collect email addresses. Spammers generate emails to made-up addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam.

You can make it harder for a dictionary attacker to guess your address by NOT choosing any combination of dictionary words, common first or last names, and a string of numbers. If your email address is or I can guarantee that you'll get loads of spam, no matter how careful you are. Those addresses are just easy targets, because they're so easy to guess.

Margaritaville? Huh?

With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own damn fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address. See my related article Fight Spam With a Disposable Email Address for more tips on how to protect your inbox.

And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address book are vulnerable to spam attacks as well. See my article Here's the END of Weak Passwords for help picking a secure password.

I'm pretty sure that email "forwards" play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. For a while, I wasn't sure how this worked, because I didn't see an easy mechanism for those bloated messages to wind up in the hands of the the spammer. But then I realized that if even one of those recipients had their email hacked (or computer compromised by malware), the entire trove or addresses would be vulnerable.

This may or may not be a major source of email address harvesting, but at the very least, you must agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring money? Really?? If you're tempted to forward something that seems dubious, check it out on Snopes before hitting the Send button. If you don't trust Snopes, use another myth-busting site such as Hoax-Slayer or TruthOrFiction.

Along those lines, I cringe whenever I get an email that includes my address, along with dozens of others, in the TO: or CC: line. It's especially irksome when they come from businesses who should know better. In addition to revealing their customer/contact lists to everyone else in the distribution list, it's really bad form.

Data Breaches: An Ongoing Privacy Menace

Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. In December 2016, Yahoo confessed that over one BILLION of its users’ accounts had been hacked three years prior. Target, Chase Bank, American Express, Home Depot, Apple, Sony and other large companies have reported hacks in the past 2 years, resulting in many millions of accounts being compromised.

The Big Kahuna of Data Breaches was reported in September 2017. The Equifax hack was especially damaging, because it revealed names, addresses, Social Security Numbers, birth dates, driver’s license data, credit card numbers, and email addresses. By combining all of that data, Bad Guys can create much more sophisticated and compelling email scams.
See my article Which Privacy Tools Do You Need (and which should be avoided)? for some tips on how to protect your privacy in the age of constant data breaches.

Spammers also trade in lists of email addresses. A list of a million addresses goes for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses.

Your supposedly legitimate business associates (or any website where you hand out your email address) may be selling you out to spammers, though they may think of the spammers as "trusted partners." Before signing up to any mailing list, make sure you know what the email privacy policy is. Opt out of allowing your email address to be shared with third parties for any reason, if possible.

It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But think before you give your email address to any website. The fewer entities that have your email address, the less spam you will receive. Using a disposable email address, keeping your own computer secured, and encouraging your friends and family to do likewise will also help.

Got any additional tips for keeping your email address safe? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 22 Mar 2019

For Fun: Buy Bob a Snickers.

Prev Article:
Which Mobile Carrier Has the Strongest Signal?

The Top Twenty
Next Article:
Choose Your Weapon in the Robocall Wars

Most recent comments on "Spammer Got Your Email Address? (here's how...)"

Posted by:

Wild Bill
22 Mar 2019

Hint: If you have to sign up for something "free" with your email address, its quite likely that those "trusted partners" are going to spam you and so will their "trusted partners". That's how "free" gets monetized. Using Blind Carbon Copy (BCC) to send mail to a number of people will help minimize address leakage, thus potentially sparing your contacts, especially if its a message likely to get forwarded.

Posted by:

22 Mar 2019

Ha ha I had to give my email to comment here -- Just joking, Bob. I know you are OK.

Excellent article. Since my email was supposedly found on the Dark Web and my life has been plagued with a ridiculous number of inbox spam, I would like to know how to get rid of this very annoying problem after the fact. My primary email has been used since I signed up for my major provider many years ago. I could switch over to my other email provider but to change my primary on websites would entail a huge amount of time. And then it may end up the same way.

I could start using my alternate email provider instead which hasn't (to date) received any spam. Any suggestions would be appreciated.

P.S. It is easy to tell if an email is from, for instance, Amazon by hovering the cursor over the sender. Usually by the address it is obvious it is spam. After all, Amazon doesn't send notices via, for instance, Germany or Japan. Although these spammers can mimic a sender address, in my experience most don't even bother.

Posted by:

Ken Heikkila
22 Mar 2019

I use "evil" Gmail and virtually never see spam and the times I go through the folder to see if I am missing anything from a legitimate source it is pretty much never anything I need to see- almost always some sort of promotion that I did sign up for.

Posted by:

22 Mar 2019

SharonH: A suggestion - Create a new Gmail account which will become your primary email. On the old account (which was used too many places to easily change) change the 'Auto forward' setting, if available, to automatically forward all incoming email to the new Gmail account. Alternatively, you can have Gmail automatically retrieve your email from the old account; that setting can be found in GMail at Email, Settings, Accounts and import, Check mail from other accounts.

In either case, you'll be using the new Gmail account but be seeing incoming mail from both new and old accounts. And Gmail will be using it's excellent spam filters on both accounts.

I'd also add a footer on the new email to tell all corespondents that you've change addresses from {old} to {new}. Eventually the old account will fall to un-use. I've had several of these from the last ~40 years of use. (Yes, I started when it was the D/ARPANET, not Internet.)

Posted by:

22 Mar 2019

I have 3 email accounts from my internet service provider. I get spam less than once a year through these. My first email account was an MSN account. Virtually ALL of my spam came through this one: Canadian drugs, sexual offers, etc. In my opinion, Microsoft's spam filters seem to be almost non-existent. I closed the MSN account.

Posted by:

22 Mar 2019

There is no way that enough information can be published on this subject, especially if the particular subject is bank fraud. That is where the big bucks are for these useless slimeballs. I'm not proud to say that I got hit, probably due to my own carelessness, but it happened. You cannot be too careful. A phone call from the fraud division of your bank at 11:00 pm will tend to make you a lot more cautious....especially when it applies to considerable money!!

What really pisses me off is when a bank or other agency takes a "so what, what can we do?" attitude when ever you report a fraud or suspicious e-mails etc. Heads up folks...don't take this casually.

Posted by:

23 Mar 2019

Thank you for Vivaldi suggestion..spam dropped a lot! I also learned not to open spam, since that DOES let the sender know you are alive and well. I also do not fill out 'reviews' on purchases. I was shocked when I Googled my name, and found my minutes as a secretary of a flying club on line!! Thanks for your help to us!!

Posted by:

24 Mar 2019

And for VERY useful tools, I believe you mentioned this in an earlier article, are the services that allow you to create a new unique e-mail address for each contact.

I use but I'm sure there are others. I have no association with them other than to make use of their service over 5 years.

They create a unique address for each sender which forwards things to my "real" address, and you can set mail filters with each virtual address, or deactivate or delete any of the generated addresses. If you reply to one of the messages, it goes through their process that replaces your "real" address with their virtual address.
I think their current price is $3 a month.

Love it!!

Posted by:

26 Mar 2019

Thanks for the help! I have to do something because it has become a real pain in the ***. So there is hope after all.

Posted by:

26 Mar 2019

First I don't answer any sender I don't recognize, trash it. Also I hover on the sender to see if it's legit. Been using a personal computer (at home)since '99'don't git much spam any more since I started deleting the spam.

Posted by:

Wild Bill
31 Dec 2019

I suspect I quadrupled my junk mail awhile back by trying to unsubscribe to a bunch of junk mail in the junk mail folder. My advice: don't even try. And, when I send or forward a message that might itself get forwarded, I send myself the original and BCC (blind carbon copy) all the other recipients. I also delete any visible addresses from anything being forwarded, all to prevent the accumulation of a bunch of addresses winding up on some spammer's list.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Spammer Got Your Email Address? (here's how...) (Posted: 22 Mar 2019)
Copyright © 2005 - Bob Rankin - All Rights Reserved