This is How Spammers Get Your Email Address

Category: Email , Spam

It can be maddening when your email inbox gets a fresh, steaming load of spam dumped on it. Equally frustrating is when spammers spoof YOUR address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get your email address can help to prevent both of these problems. Here's the scoop on how spammers get ahold of your email addresses, and steps you can take to protect your inbox…

Is Your Email Address Vulnerable to Spammers?

Spammers, scammers, and other cyber-miscreants appear to have supernatural powers that enable them to guess email addresses accurately and quickly. But in reality, the bad guys harvest email addresses by pretty mundane means. YOU may even be contributing to the problem without realizing it. Let’s dig in to this problem to see what can be done to limit the flow of digital canned lunch meat.

Using web-crawling "spider" programs (similar to the ones search engines use to index Web pages) some spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being "bitten" by an email harvesting spider, don't put your email address on public spaces on the Web. That means not posting it to online forums or personal web pages. If it's included in online directories (school, work, clubs, etc.) ask to have it removed.

Do a Google search to see where your email address is available, and work towards becoming invisible. (Tip: enter your email address in the Google search box enclosed in double quotes.) If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at schmoe dot com" instead, or create an image with the address instead.

How Do Spammers Get My Email Address?

"Dictionary attacks" are another way to collect email addresses. This method, which combines common words with popular domain names, relies on the fact that you don’t need a valid email address to generate an outgoing email. Spammers generate emails to computer-generated addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam. Delete that unwanted message, or banish it to the Trash folder.

You can make it harder for a dictionary attacker to guess your address by NOT choosing any combination of dictionary words, common first or last names, and a string of numbers. If your email address is or I can guarantee that you'll get loads of spam, no matter how careful you are. Those addresses are just easy targets, because they're so easy to guess.

Margaritaville? Huh?

My article Is There a Delete Button For the Internet? deals with the question of how to remove all traces of your identity from the online world. Spoiler: It's really hard.

And if you’re interested in the history of Spam, and how it came to be associated with unsolicited emails, see A Brief History of Spam, an American Meat Icon

With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own damn fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a game, contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address. See my related article Fight Spam With a Disposable Email Address for more tips on how to protect your inbox.

And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address book are vulnerable to spam attacks as well. See my article Here's the END of Weak Passwords for help picking a secure password.

I'm pretty sure that email "forwards" play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. For a while, I wasn't sure how this worked, because I didn't see an easy mechanism for those bloated messages to wind up in the hands of the the spammer. But then I realized that if even one of those recipients had their email hacked (or computer compromised by malware), the entire trove or addresses would be vulnerable.

This may or may not be a major source of email address harvesting, but at the very least, you must agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring millions? Really?? If you're tempted to forward something that seems dubious, check it out on Snopes before hitting the Send button. If you don't trust Snopes, use another myth-busting or fact-checking site such as TruthOrFiction.

Along those lines, I cringe whenever I get an email that includes my address, along with dozens of others, in the TO: or CC: line. It's especially irksome when they come from businesses who should know better. In addition to revealing their customer/contact lists to everyone else in the distribution list, it's really bad form. I recommend using the BCC: (blind carbon copy) option instead of putting multiple addresses in the TO: or CC: lines of your outbound emails.

Data Breaches: An Ongoing Privacy Menace

Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. In December 2016, Yahoo confessed that over one BILLION of its users’ accounts had been hacked three years prior. Target, Chase Bank, American Express, Home Depot, Apple, Sony and other large companies have reported hacks in recent years, resulting in many millions of accounts being compromised.

The Big Kahuna of Data Breaches was reported in September 2017. The Equifax hack was especially damaging, because it revealed names, addresses, Social Security Numbers, birth dates, driver’s license data, credit card numbers, and email addresses. By combining all of that data, Bad Guys can create much more sophisticated and compelling email scams. See my article Which Privacy Tools Do You Need (and which should be avoided)? for some tips on how to protect your privacy in the age of constant data breaches.

Spammers also trade in lists of email addresses. A list of a million addresses gleaned from a data breach might go for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses.

Your supposedly legitimate business associates (or any website where you hand out your email address) may be selling you out to spammers, though they may think of the spammers as "trusted partners." Before signing up to any mailing list, make sure you know what the email privacy policy is. Opt out of allowing your email address to be shared with third parties for any reason, if possible.

It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But you can reduce the attack surfaces. The fewer entities that have your email address, the less spam you will receive. Think (and read the privacy policy) before you give your email address to any website. Using a disposable email address, keeping your own computer secured, and encouraging your friends and family to do likewise will also help.

Got any additional tips for keeping your email address safe? Post your comment or question below…

how spammers get email addresses, spam protection, keeping email address safe, dictionary attacks, email harvesting

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 19 Jul 2021

For Fun: Buy Bob a Snickers.

Prev Article:
Here’s What Google Knows About You (and how you can delete it)

The Top Twenty
Next Article:
[ETERNAL VIGILANCE] Is it Safe to Click?

Most recent comments on "This is How Spammers Get Your Email Address"

Posted by:

19 Jul 2021

Bob: You are correct. I don't trust SNOPES.

Posted by:

19 Jul 2021

A few years ago I needed work on my car,so I went to a nationally recognized tire dealer for some repairs.The salesman got my personal information to get the repairs rolling as required,but at the end of the work order,he asked for my e-mail address.

I gave him a backup e-mail address I use for people I really don't know.Within a few days, I started getting a lot of spam messages on that address.I wasn't too worried,but I was annoyed.

The spam continue for many months until they petered out after a year.Be aware that giving your e-mail address to even a reputable shop can result in you getting spam messages.

Posted by:

top squirrel
19 Jul 2021

One leak point that wasn't mentioned: click bait. See an ad or an enticing-looking come-on? It usually will disappoint you and fail to deliver. But they will have your email address. And so it begins...
Every time I clicked on links offering me sensuous pictures of unclad ladies I started getting come-ons from sources that gave a woman's name, then a different woman's name as the user name, then got signed by a third woman's name. It continued as long as I opened suggestive emails, even though I never clicked on links. When I stopped clicking on click bait the spam lessened and now that I delete all unsolicited spam without opening it I get not a one from such sources or any others. If you click on any click bait it will start all over again. I haven't received ANY spam in a long time, on this or any other subject, proof you can get off their lists even though you may once be on them.
As far as giving your address to a reputable outfit goes, ask them whether they will give it out and to whom. And demand that they sign a statement to that effect. Make sure you tell them that you're using a throwaway email address only they will get and if you get any mail from that address that's not business from them, you'll never deal with them again. I've given my email to my auto mechanic. gym, car insurer and some financial institutions and none of them has ever screwed me. I haven't demanded any written pledges from these businesses because we knew each other well enough I was confident they wouldn't dare.
Far more intrusive are the robocalls warning me my auto "extended warranty" is about to expire and this is a courtesy call before they delete my account. I press 2 to talk to a rep, ask them what car this refers to, when they start to sputter tell them I have no extended warranty on any of my half-dozen licensed cars, ask them if they even know my name and by that point they've usually hung up without a word. Doesn't stop them from calling back; I just stop picking up the phone.
That's the only strategy that seems to work.
Other approaches: "Real busy now, give me your number and I'll call you back."
"Which car was this about? Year, make & model? ...Sorry, you got one wrong. Try again and give me what you think is my name and I won't hang up."
Might as well have a little fun with them. They deserve all the discomfiture you can impose.

Posted by:

Bob K
19 Jul 2021

Whenever I get a spam email I select “Filter messages like this” in gmail and then select “delete”. From then on, I will never, ever, see an email again from that spammer.

Posted by:

19 Jul 2021

@top squirrel
Yes, I get (random-dialling?) calls wanting to "offer me services" who are clearly just fishing and know nothing about me. I always try to sound like a potential customer for as long as possible — if we all waste 10 min of their time, their business model will become unsustainable...
Easy for me, I know, as a retired person, but I'd encourage everybody to waste as much of their time as possible before disappointing them. I see this as a public service...

Posted by:

Brian B
19 Jul 2021

I am never troubled by spam at all. I use the whitelist method. My email filter is set to automatically delete without trace, any email which comes from an address not in my address book. Of course I have to be careful to add any new address on first contact with a new contact. It works a treat, with just one filter.

Posted by:

Emily Booth
20 Jul 2021

I unfortunately was involved in the Equifax hack. I can tell when a new spammer gets a list w/ the affected email address because the spam will stop then start again. I use to use rules to manage spam but now I report every single piece of spam.I figure they probably have robots to block spam from the email server. I just checked a couple of email addresses and was pleasantly surprised that only 1 website came up with my email address.

Posted by:

20 Jul 2021

I did a search for my email address and found it on pinkhat(dot)ru and motogeek(dot)ru.

Should I be worried?

Posted by:

20 Jul 2021

@top squirrel @stephe
When I get a spam call or robocall I wait until I get a person on the line then I talk very softly so that they will have to turn up the volume on their end. When I'm sure that they can hear me, I put on hearing protection then give them a toot with my boat horn. This method is quite effective as I seldom get any of those calls any more. [insert cheesy grin emoji]

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- This is How Spammers Get Your Email Address (Posted: 19 Jul 2021)
Copyright © 2005 - Bob Rankin - All Rights Reserved